Marcus Updateinfo to OVAL Converter5.52026-04-14T04:45:16CVE-2004-2771SUSE Liberty Linux 7
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
ImportantCVE-2004-2771 at SUSECVE-2004-2771 at NVDSUSE bug 909208cpe:/o:suse:sll:7CVE-2005-1080SUSE Liberty Linux 7
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
ModerateCVE-2005-1080 at SUSECVE-2005-1080 at NVDSUSE bug 191845SUSE bug 607043SUSE bug 607762SUSE bug 818591cpe:/o:suse:sll:7CVE-2010-5298SUSE Liberty Linux 7
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
LowCVE-2010-5298 at SUSECVE-2010-5298 at NVDSUSE bug 873351SUSE bug 880891SUSE bug 883126SUSE bug 885777SUSE bug 915913cpe:/o:suse:sll:7CVE-2010-5312SUSE Liberty Linux 7
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.
ModerateCVE-2010-5312 at SUSECVE-2010-5312 at NVDcpe:/o:suse:sll:7CVE-2010-5313SUSE Liberty Linux 7
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.
ModerateCVE-2010-5313 at SUSECVE-2010-5313 at NVDSUSE bug 905312SUSE bug 907822cpe:/o:suse:sll:7CVE-2011-10007SUSE Liberty Linux 7 LTSS
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.
A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.
Example:
$ mkdir /tmp/poc; echo > "/tmp/poc/|id"
$ perl -MFile::Find::Rule \
-E 'File::Find::Rule->grep("foo")->in("/tmp/poc")'
uid=1000(user) gid=1000(user) groups=1000(user),100(users)
ImportantCVE-2011-10007 at SUSECVE-2011-10007 at NVDSUSE bug 1244148CVE-2012-2150SUSE Liberty Linux 7
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
ModerateCVE-2012-2150 at SUSECVE-2012-2150 at NVDSUSE bug 939367cpe:/o:suse:sll:7CVE-2012-6662SUSE Liberty Linux 7
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.
ModerateCVE-2012-6662 at SUSECVE-2012-6662 at NVDcpe:/o:suse:sll:7CVE-2013-0334SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
ModerateCVE-2013-0334 at SUSECVE-2013-0334 at NVDSUSE bug 898205SUSE bug 922719cpe:/o:suse:sll:7CVE-2013-1752SUSE Liberty Linux 7
Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions
ModerateCVE-2013-1752 at SUSECVE-2013-1752 at NVDSUSE bug 856835SUSE bug 856836SUSE bug 863741SUSE bug 885882SUSE bug 898572SUSE bug 912739cpe:/o:suse:sll:7CVE-2013-1753SUSE Liberty Linux 7
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
ModerateCVE-2013-1753 at SUSECVE-2013-1753 at NVDSUSE bug 856835cpe:/o:suse:sll:7CVE-2013-2139SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.
LowCVE-2013-2139 at SUSECVE-2013-2139 at NVDSUSE bug 828009cpe:/o:suse:sll:7CVE-2013-2929SUSE Liberty Linux 7
The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.
ModerateCVE-2013-2929 at SUSECVE-2013-2929 at NVDSUSE bug 824295SUSE bug 847652cpe:/o:suse:sll:7CVE-2013-4002SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
ModerateCVE-2013-4002 at SUSECVE-2013-4002 at NVDSUSE bug 829212SUSE bug 846177SUSE bug 846999SUSE bug 849212SUSE bug 852367SUSE bug 977650cpe:/o:suse:sll:7CVE-2013-4148SUSE Liberty Linux 7
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.
ModerateCVE-2013-4148 at SUSECVE-2013-4148 at NVDSUSE bug 864812SUSE bug 871442SUSE bug 964630cpe:/o:suse:sll:7CVE-2013-4149SUSE Liberty Linux 7
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
ModerateCVE-2013-4149 at SUSECVE-2013-4149 at NVDSUSE bug 864649SUSE bug 871442SUSE bug 964443cpe:/o:suse:sll:7CVE-2013-4150SUSE Liberty Linux 7
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.
ModerateCVE-2013-4150 at SUSECVE-2013-4150 at NVDSUSE bug 864650SUSE bug 871442cpe:/o:suse:sll:7CVE-2013-4151SUSE Liberty Linux 7
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
ModerateCVE-2013-4151 at SUSECVE-2013-4151 at NVDSUSE bug 864653SUSE bug 871442SUSE bug 964636cpe:/o:suse:sll:7CVE-2013-4286SUSE Liberty Linux 7
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
ModerateCVE-2013-4286 at SUSECVE-2013-4286 at NVDSUSE bug 865740cpe:/o:suse:sll:7CVE-2013-4312SUSE Liberty Linux 7
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
ModerateCVE-2013-4312 at SUSECVE-2013-4312 at NVDSUSE bug 1020452SUSE bug 839104SUSE bug 922947SUSE bug 968014cpe:/o:suse:sll:7CVE-2013-4322SUSE Liberty Linux 7
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
ModerateCVE-2013-4322 at SUSECVE-2013-4322 at NVDSUSE bug 865746cpe:/o:suse:sll:7CVE-2013-4352SUSE Liberty Linux 7
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
ModerateCVE-2013-4352 at SUSECVE-2013-4352 at NVDSUSE bug 887771cpe:/o:suse:sll:7CVE-2013-4527SUSE Liberty Linux 7
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
ModerateCVE-2013-4527 at SUSECVE-2013-4527 at NVDSUSE bug 864673SUSE bug 871442SUSE bug 964746cpe:/o:suse:sll:7CVE-2013-4529SUSE Liberty Linux 7
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
ModerateCVE-2013-4529 at SUSECVE-2013-4529 at NVDSUSE bug 864678SUSE bug 871442SUSE bug 964929cpe:/o:suse:sll:7CVE-2013-4535SUSE Liberty Linux 7
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
ModerateCVE-2013-4535 at SUSECVE-2013-4535 at NVDSUSE bug 864665SUSE bug 964676cpe:/o:suse:sll:7CVE-2013-4536SUSE Liberty Linux 7
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
ModerateCVE-2013-4536 at SUSECVE-2013-4536 at NVDSUSE bug 864665SUSE bug 871442SUSE bug 964676cpe:/o:suse:sll:7CVE-2013-4541SUSE Liberty Linux 7
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.
ModerateCVE-2013-4541 at SUSECVE-2013-4541 at NVDSUSE bug 864802SUSE bug 871442cpe:/o:suse:sll:7CVE-2013-4542SUSE Liberty Linux 7
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.
ModerateCVE-2013-4542 at SUSECVE-2013-4542 at NVDSUSE bug 864804SUSE bug 871442cpe:/o:suse:sll:7CVE-2013-5653SUSE Liberty Linux 7
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
ImportantCVE-2013-5653 at SUSECVE-2013-5653 at NVDSUSE bug 1001951SUSE bug 1004237SUSE bug 1007816SUSE bug 1036453cpe:/o:suse:sll:7CVE-2013-5704SUSE Liberty Linux 7
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."
LowCVE-2013-5704 at SUSECVE-2013-5704 at NVDSUSE bug 871310SUSE bug 914535SUSE bug 930944SUSE bug 938728cpe:/o:suse:sll:7CVE-2013-6370SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.
ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDSUSE bug 870147cpe:/o:suse:sll:7CVE-2013-6371SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
ModerateCVE-2013-6371 at SUSECVE-2013-6371 at NVDSUSE bug 870147cpe:/o:suse:sll:7CVE-2013-6399SUSE Liberty Linux 7
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
ModerateCVE-2013-6399 at SUSECVE-2013-6399 at NVDSUSE bug 864814SUSE bug 871442SUSE bug 964643cpe:/o:suse:sll:7CVE-2013-6435SUSE Liberty Linux 7
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
ImportantCVE-2013-6435 at SUSECVE-2013-6435 at NVDSUSE bug 1101137SUSE bug 1127299SUSE bug 906803SUSE bug 908128cpe:/o:suse:sll:7CVE-2013-7345SUSE Liberty Linux 7
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
ModerateCVE-2013-7345 at SUSECVE-2013-7345 at NVDSUSE bug 869906SUSE bug 883306SUSE bug 987530cpe:/o:suse:sll:7CVE-2013-7421SUSE Liberty Linux 7
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
LowCVE-2013-7421 at SUSECVE-2013-7421 at NVDSUSE bug 914423SUSE bug 914660cpe:/o:suse:sll:7CVE-2013-7423SUSE Liberty Linux 7
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
ModerateCVE-2013-7423 at SUSECVE-2013-7423 at NVDSUSE bug 1123874SUSE bug 915526cpe:/o:suse:sll:7CVE-2014-0075SUSE Liberty Linux 7
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
ModerateCVE-2014-0075 at SUSECVE-2014-0075 at NVDSUSE bug 887557cpe:/o:suse:sll:7CVE-2014-0096SUSE Liberty Linux 7
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ModerateCVE-2014-0096 at SUSECVE-2014-0096 at NVDSUSE bug 865746SUSE bug 880346cpe:/o:suse:sll:7CVE-2014-0099SUSE Liberty Linux 7
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
ModerateCVE-2014-0099 at SUSECVE-2014-0099 at NVDSUSE bug 865746SUSE bug 880347cpe:/o:suse:sll:7CVE-2014-0117SUSE Liberty Linux 7
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
ModerateCVE-2014-0117 at SUSECVE-2014-0117 at NVDSUSE bug 887767cpe:/o:suse:sll:7CVE-2014-0118SUSE Liberty Linux 7
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
ModerateCVE-2014-0118 at SUSECVE-2014-0118 at NVDSUSE bug 1078450SUSE bug 887769cpe:/o:suse:sll:7CVE-2014-0119SUSE Liberty Linux 7
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
LowCVE-2014-0119 at SUSECVE-2014-0119 at NVDSUSE bug 865746SUSE bug 880348cpe:/o:suse:sll:7CVE-2014-0178SUSE Liberty Linux 7
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
LowCVE-2014-0178 at SUSECVE-2014-0178 at NVDSUSE bug 872396cpe:/o:suse:sll:7CVE-2014-0179SUSE Liberty Linux 7
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.
LowCVE-2014-0179 at SUSECVE-2014-0179 at NVDSUSE bug 873705cpe:/o:suse:sll:7CVE-2014-0181SUSE Liberty Linux 7
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
ModerateCVE-2014-0181 at SUSECVE-2014-0181 at NVDSUSE bug 875051cpe:/o:suse:sll:7CVE-2014-0182SUSE Liberty Linux 7
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
ModerateCVE-2014-0182 at SUSECVE-2014-0182 at NVDSUSE bug 874788SUSE bug 964693cpe:/o:suse:sll:7CVE-2014-0186SUSE Liberty Linux 7
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.
ModerateCVE-2014-0186 at SUSECVE-2014-0186 at NVDcpe:/o:suse:sll:7CVE-2014-0191SUSE Liberty Linux 7
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.
ImportantCVE-2014-0191 at SUSECVE-2014-0191 at NVDSUSE bug 1014873SUSE bug 1123919SUSE bug 876652SUSE bug 877506SUSE bug 996079cpe:/o:suse:sll:7CVE-2014-0195SUSE Liberty Linux 7
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
ModerateCVE-2014-0195 at SUSECVE-2014-0195 at NVDSUSE bug 880891SUSE bug 885777SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-0196SUSE Liberty Linux 7
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
ModerateCVE-2014-0196 at SUSECVE-2014-0196 at NVDSUSE bug 871252SUSE bug 875690SUSE bug 877345SUSE bug 879878SUSE bug 933423cpe:/o:suse:sll:7CVE-2014-0198SUSE Liberty Linux 7
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
ModerateCVE-2014-0198 at SUSECVE-2014-0198 at NVDSUSE bug 876282SUSE bug 880891SUSE bug 885777SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-0206SUSE Liberty Linux 7
Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.
LowCVE-2014-0206 at SUSECVE-2014-0206 at NVDSUSE bug 884324cpe:/o:suse:sll:7CVE-2014-0207SUSE Liberty Linux 7
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
ModerateCVE-2014-0207 at SUSECVE-2014-0207 at NVDSUSE bug 884986SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-0209SUSE Liberty Linux 7
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
ModerateCVE-2014-0209 at SUSECVE-2014-0209 at NVDSUSE bug 857544cpe:/o:suse:sll:7CVE-2014-0210SUSE Liberty Linux 7
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
ImportantCVE-2014-0210 at SUSECVE-2014-0210 at NVDSUSE bug 857544cpe:/o:suse:sll:7CVE-2014-0211SUSE Liberty Linux 7
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
ImportantCVE-2014-0211 at SUSECVE-2014-0211 at NVDSUSE bug 857544cpe:/o:suse:sll:7CVE-2014-0221SUSE Liberty Linux 7
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
ModerateCVE-2014-0221 at SUSECVE-2014-0221 at NVDSUSE bug 880891SUSE bug 883126SUSE bug 885777SUSE bug 905106SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-0222SUSE Liberty Linux 7
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDSUSE bug 1072223SUSE bug 877642SUSE bug 950367SUSE bug 964925cpe:/o:suse:sll:7CVE-2014-0223SUSE Liberty Linux 7
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
ModerateCVE-2014-0223 at SUSECVE-2014-0223 at NVDSUSE bug 877645cpe:/o:suse:sll:7CVE-2014-0224SUSE Liberty Linux 7
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
ImportantCVE-2014-0224 at SUSECVE-2014-0224 at NVDSUSE bug 1146657SUSE bug 880891SUSE bug 881743SUSE bug 883126SUSE bug 885777SUSE bug 892403SUSE bug 901237SUSE bug 903703SUSE bug 905018SUSE bug 905106SUSE bug 914447SUSE bug 915913SUSE bug 916239cpe:/o:suse:sll:7CVE-2014-0226SUSE Liberty Linux 7
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
ModerateCVE-2014-0226 at SUSECVE-2014-0226 at NVDSUSE bug 887765cpe:/o:suse:sll:7CVE-2014-0227SUSE Liberty Linux 7
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
ModerateCVE-2014-0227 at SUSECVE-2014-0227 at NVDSUSE bug 917127SUSE bug 926762SUSE bug 988489cpe:/o:suse:sll:7CVE-2014-0231SUSE Liberty Linux 7
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
ModerateCVE-2014-0231 at SUSECVE-2014-0231 at NVDSUSE bug 887768cpe:/o:suse:sll:7CVE-2014-0237SUSE Liberty Linux 7
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
ModerateCVE-2014-0237 at SUSECVE-2014-0237 at NVDSUSE bug 880905SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-0238SUSE Liberty Linux 7
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.
ModerateCVE-2014-0238 at SUSECVE-2014-0238 at NVDSUSE bug 880904SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-0240SUSE Liberty Linux 7
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
ImportantCVE-2014-0240 at SUSECVE-2014-0240 at NVDSUSE bug 878550cpe:/o:suse:sll:7CVE-2014-0244SUSE Liberty Linux 7
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
LowCVE-2014-0244 at SUSECVE-2014-0244 at NVDSUSE bug 880962SUSE bug 883758cpe:/o:suse:sll:7CVE-2014-0384SUSE Liberty Linux 7
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
LowCVE-2014-0384 at SUSECVE-2014-0384 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-0429SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CriticalCVE-2014-0429 at SUSECVE-2014-0429 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0446SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CriticalCVE-2014-0446 at SUSECVE-2014-0446 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0451SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
CriticalCVE-2014-0451 at SUSECVE-2014-0451 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0452SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.
CriticalCVE-2014-0452 at SUSECVE-2014-0452 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0453SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
CriticalCVE-2014-0453 at SUSECVE-2014-0453 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0454SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
CriticalCVE-2014-0454 at SUSECVE-2014-0454 at NVDSUSE bug 873873SUSE bug 877429cpe:/o:suse:sll:7CVE-2014-0455SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
CriticalCVE-2014-0455 at SUSECVE-2014-0455 at NVDSUSE bug 873873SUSE bug 877429cpe:/o:suse:sll:7CVE-2014-0456SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CriticalCVE-2014-0456 at SUSECVE-2014-0456 at NVDSUSE bug 873872SUSE bug 873873cpe:/o:suse:sll:7CVE-2014-0457SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CriticalCVE-2014-0457 at SUSECVE-2014-0457 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0458SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.
CriticalCVE-2014-0458 at SUSECVE-2014-0458 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0459SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
CriticalCVE-2014-0459 at SUSECVE-2014-0459 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0460SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
CriticalCVE-2014-0460 at SUSECVE-2014-0460 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0461SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CriticalCVE-2014-0461 at SUSECVE-2014-0461 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-0475SUSE Liberty Linux 7
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
ModerateCVE-2014-0475 at SUSECVE-2014-0475 at NVDSUSE bug 887022SUSE bug 896776SUSE bug 916222cpe:/o:suse:sll:7CVE-2014-10071SUSE Liberty Linux 7
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
ModerateCVE-2014-10071 at SUSECVE-2014-10071 at NVDSUSE bug 1082977SUSE bug 1200039cpe:/o:suse:sll:7CVE-2014-10072SUSE Liberty Linux 7
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
ModerateCVE-2014-10072 at SUSECVE-2014-10072 at NVDSUSE bug 1082975SUSE bug 1200039cpe:/o:suse:sll:7CVE-2014-1492SUSE Liberty Linux 7
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
ModerateCVE-2014-1492 at SUSECVE-2014-1492 at NVDSUSE bug 869827SUSE bug 926974cpe:/o:suse:sll:7CVE-2014-1568SUSE Liberty Linux 7
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
ModerateCVE-2014-1568 at SUSECVE-2014-1568 at NVDSUSE bug 1107874SUSE bug 897890SUSE bug 898959cpe:/o:suse:sll:7CVE-2014-1574SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-1574 at SUSECVE-2014-1574 at NVDSUSE bug 900941cpe:/o:suse:sll:7CVE-2014-1576SUSE Liberty Linux 7
Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style.
ModerateCVE-2014-1576 at SUSECVE-2014-1576 at NVDSUSE bug 900941cpe:/o:suse:sll:7CVE-2014-1577SUSE Liberty Linux 7
The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value.
ModerateCVE-2014-1577 at SUSECVE-2014-1577 at NVDSUSE bug 900941cpe:/o:suse:sll:7CVE-2014-1578SUSE Liberty Linux 7
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback.
ModerateCVE-2014-1578 at SUSECVE-2014-1578 at NVDSUSE bug 900941cpe:/o:suse:sll:7CVE-2014-1581SUSE Liberty Linux 7
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout.
ModerateCVE-2014-1581 at SUSECVE-2014-1581 at NVDSUSE bug 900941cpe:/o:suse:sll:7CVE-2014-1583SUSE Liberty Linux 7
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm.
ModerateCVE-2014-1583 at SUSECVE-2014-1583 at NVDSUSE bug 900941cpe:/o:suse:sll:7CVE-2014-1587SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-1587 at SUSECVE-2014-1587 at NVDSUSE bug 908009cpe:/o:suse:sll:7CVE-2014-1590SUSE Liberty Linux 7
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.
ModerateCVE-2014-1590 at SUSECVE-2014-1590 at NVDSUSE bug 908009cpe:/o:suse:sll:7CVE-2014-1592SUSE Liberty Linux 7
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.
ModerateCVE-2014-1592 at SUSECVE-2014-1592 at NVDSUSE bug 908009cpe:/o:suse:sll:7CVE-2014-1593SUSE Liberty Linux 7
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.
ModerateCVE-2014-1593 at SUSECVE-2014-1593 at NVDSUSE bug 908009cpe:/o:suse:sll:7CVE-2014-1594SUSE Liberty Linux 7
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
ModerateCVE-2014-1594 at SUSECVE-2014-1594 at NVDSUSE bug 908009cpe:/o:suse:sll:7CVE-2014-1737SUSE Liberty Linux 7
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
ModerateCVE-2014-1737 at SUSECVE-2014-1737 at NVDSUSE bug 1115893SUSE bug 875798SUSE bug 877345cpe:/o:suse:sll:7CVE-2014-1738SUSE Liberty Linux 7
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
ModerateCVE-2014-1738 at SUSECVE-2014-1738 at NVDSUSE bug 875798SUSE bug 877345cpe:/o:suse:sll:7CVE-2014-1739SUSE Liberty Linux 7
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
ModerateCVE-2014-1739 at SUSECVE-2014-1739 at NVDSUSE bug 882804cpe:/o:suse:sll:7CVE-2014-1876SUSE Liberty Linux 7
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
ModerateCVE-2014-1876 at SUSECVE-2014-1876 at NVDSUSE bug 863305SUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-2397SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CriticalCVE-2014-2397 at SUSECVE-2014-2397 at NVDSUSE bug 873872SUSE bug 873873cpe:/o:suse:sll:7CVE-2014-2398SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
LowCVE-2014-2398 at SUSECVE-2014-2398 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-2402SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
CriticalCVE-2014-2402 at SUSECVE-2014-2402 at NVDSUSE bug 873873SUSE bug 877429cpe:/o:suse:sll:7CVE-2014-2403SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
CriticalCVE-2014-2403 at SUSECVE-2014-2403 at NVDSUSE bug 873872SUSE bug 873873cpe:/o:suse:sll:7CVE-2014-2412SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
CriticalCVE-2014-2412 at SUSECVE-2014-2412 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-2413SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
CriticalCVE-2014-2413 at SUSECVE-2014-2413 at NVDSUSE bug 873873cpe:/o:suse:sll:7CVE-2014-2414SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
CriticalCVE-2014-2414 at SUSECVE-2014-2414 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-2419SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
CriticalCVE-2014-2419 at SUSECVE-2014-2419 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-2421SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CriticalCVE-2014-2421 at SUSECVE-2014-2421 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-2423SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
CriticalCVE-2014-2423 at SUSECVE-2014-2423 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-2427SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
CriticalCVE-2014-2427 at SUSECVE-2014-2427 at NVDSUSE bug 873872SUSE bug 873873SUSE bug 877429SUSE bug 877430cpe:/o:suse:sll:7CVE-2014-2430SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
LowCVE-2014-2430 at SUSECVE-2014-2430 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-2431SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
ModerateCVE-2014-2431 at SUSECVE-2014-2431 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-2432SUSE Liberty Linux 7
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
CriticalCVE-2014-2432 at SUSECVE-2014-2432 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-2436SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
CriticalCVE-2014-2436 at SUSECVE-2014-2436 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-2438SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
LowCVE-2014-2438 at SUSECVE-2014-2438 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-2440SUSE Liberty Linux 7
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
ModerateCVE-2014-2440 at SUSECVE-2014-2440 at NVDSUSE bug 873896SUSE bug 999706cpe:/o:suse:sll:7CVE-2014-2494SUSE Liberty Linux 7
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
ModerateCVE-2014-2494 at SUSECVE-2014-2494 at NVDSUSE bug 887580SUSE bug 915914cpe:/o:suse:sll:7CVE-2014-2497SUSE Liberty Linux 7
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
ModerateCVE-2014-2497 at SUSECVE-2014-2497 at NVDSUSE bug 868624cpe:/o:suse:sll:7CVE-2014-2568SUSE Liberty Linux 7
Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.
LowCVE-2014-2568 at SUSECVE-2014-2568 at NVDSUSE bug 869564cpe:/o:suse:sll:7CVE-2014-2653SUSE Liberty Linux 7
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
ModerateCVE-2014-2653 at SUSECVE-2014-2653 at NVDSUSE bug 1074631SUSE bug 870532SUSE bug 913479SUSE bug 916239cpe:/o:suse:sll:7CVE-2014-2672SUSE Liberty Linux 7
Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.
ModerateCVE-2014-2672 at SUSECVE-2014-2672 at NVDSUSE bug 871148cpe:/o:suse:sll:7CVE-2014-2673SUSE Liberty Linux 7
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.
ModerateCVE-2014-2673 at SUSECVE-2014-2673 at NVDSUSE bug 871149cpe:/o:suse:sll:7CVE-2014-2706SUSE Liberty Linux 7
Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.
ModerateCVE-2014-2706 at SUSECVE-2014-2706 at NVDSUSE bug 1115893SUSE bug 871797cpe:/o:suse:sll:7CVE-2014-2851SUSE Liberty Linux 7
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
ModerateCVE-2014-2851 at SUSECVE-2014-2851 at NVDSUSE bug 824295SUSE bug 873374cpe:/o:suse:sll:7CVE-2014-2894SUSE Liberty Linux 7
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
ModerateCVE-2014-2894 at SUSECVE-2014-2894 at NVDSUSE bug 874749cpe:/o:suse:sll:7CVE-2014-3144SUSE Liberty Linux 7
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
ModerateCVE-2014-3144 at SUSECVE-2014-3144 at NVDSUSE bug 824295SUSE bug 877257SUSE bug 889071cpe:/o:suse:sll:7CVE-2014-3145SUSE Liberty Linux 7
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.
ModerateCVE-2014-3145 at SUSECVE-2014-3145 at NVDSUSE bug 824295SUSE bug 877257cpe:/o:suse:sll:7CVE-2014-3153SUSE Liberty Linux 7
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
ImportantCVE-2014-3153 at SUSECVE-2014-3153 at NVDSUSE bug 877775SUSE bug 880892SUSE bug 882228cpe:/o:suse:sll:7CVE-2014-3181SUSE Liberty Linux 7
Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
ModerateCVE-2014-3181 at SUSECVE-2014-3181 at NVDSUSE bug 896382cpe:/o:suse:sll:7CVE-2014-3182SUSE Liberty Linux 7
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
ModerateCVE-2014-3182 at SUSECVE-2014-3182 at NVDSUSE bug 896385cpe:/o:suse:sll:7CVE-2014-3184SUSE Liberty Linux 7
The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
ModerateCVE-2014-3184 at SUSECVE-2014-3184 at NVDSUSE bug 896390cpe:/o:suse:sll:7CVE-2014-3185SUSE Liberty Linux 7
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
ModerateCVE-2014-3185 at SUSECVE-2014-3185 at NVDSUSE bug 896391cpe:/o:suse:sll:7CVE-2014-3186SUSE Liberty Linux 7
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
ModerateCVE-2014-3186 at SUSECVE-2014-3186 at NVDSUSE bug 896392cpe:/o:suse:sll:7CVE-2014-3461SUSE Liberty Linux 7
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
ModerateCVE-2014-3461 at SUSECVE-2014-3461 at NVDSUSE bug 878541cpe:/o:suse:sll:7CVE-2014-3465SUSE Liberty Linux 7
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.
ModerateCVE-2014-3465 at SUSECVE-2014-3465 at NVDSUSE bug 880733cpe:/o:suse:sll:7CVE-2014-3466SUSE Liberty Linux 7
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
ModerateCVE-2014-3466 at SUSECVE-2014-3466 at NVDSUSE bug 880730cpe:/o:suse:sll:7CVE-2014-3467SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
ModerateCVE-2014-3467 at SUSECVE-2014-3467 at NVDSUSE bug 880737SUSE bug 880910cpe:/o:suse:sll:7CVE-2014-3468SUSE Liberty Linux 7
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
ImportantCVE-2014-3468 at SUSECVE-2014-3468 at NVDSUSE bug 880735SUSE bug 880910cpe:/o:suse:sll:7CVE-2014-3469SUSE Liberty Linux 7
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
ModerateCVE-2014-3469 at SUSECVE-2014-3469 at NVDSUSE bug 880738SUSE bug 880910cpe:/o:suse:sll:7CVE-2014-3470SUSE Liberty Linux 7
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
ModerateCVE-2014-3470 at SUSECVE-2014-3470 at NVDSUSE bug 880891SUSE bug 883126SUSE bug 885777SUSE bug 905106SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-3478SUSE Liberty Linux 7
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
ModerateCVE-2014-3478 at SUSECVE-2014-3478 at NVDSUSE bug 884987SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-3479SUSE Liberty Linux 7
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
ModerateCVE-2014-3479 at SUSECVE-2014-3479 at NVDSUSE bug 884989SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-3480SUSE Liberty Linux 7
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
ModerateCVE-2014-3480 at SUSECVE-2014-3480 at NVDSUSE bug 884990SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-3487SUSE Liberty Linux 7
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
ModerateCVE-2014-3487 at SUSECVE-2014-3487 at NVDSUSE bug 884991SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-3490SUSE Liberty Linux 7
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.
ModerateCVE-2014-3490 at SUSECVE-2014-3490 at NVDSUSE bug 1101653cpe:/o:suse:sll:7CVE-2014-3493SUSE Liberty Linux 7
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
LowCVE-2014-3493 at SUSECVE-2014-3493 at NVDSUSE bug 878642SUSE bug 880962SUSE bug 883758cpe:/o:suse:sll:7CVE-2014-3499SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
ModerateCVE-2014-3499 at SUSECVE-2014-3499 at NVDSUSE bug 885209cpe:/o:suse:sll:7CVE-2014-3513SUSE Liberty Linux 7
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDSUSE bug 901277cpe:/o:suse:sll:7CVE-2014-3515SUSE Liberty Linux 7
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
ModerateCVE-2014-3515 at SUSECVE-2014-3515 at NVDSUSE bug 884992SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-3528SUSE Liberty Linux 7
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
LowCVE-2014-3528 at SUSECVE-2014-3528 at NVDSUSE bug 889849SUSE bug 890511cpe:/o:suse:sll:7CVE-2014-3534SUSE Liberty Linux 7
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.
ImportantCVE-2014-3534 at SUSECVE-2014-3534 at NVDSUSE bug 885460cpe:/o:suse:sll:7CVE-2014-3538SUSE Liberty Linux 7
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
ModerateCVE-2014-3538 at SUSECVE-2014-3538 at NVDSUSE bug 935225SUSE bug 987530cpe:/o:suse:sll:7CVE-2014-3560SUSE Liberty Linux 7
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
ImportantCVE-2014-3560 at SUSECVE-2014-3560 at NVDSUSE bug 889429cpe:/o:suse:sll:7CVE-2014-3565SUSE Liberty Linux 7
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
ModerateCVE-2014-3565 at SUSECVE-2014-3565 at NVDSUSE bug 894361SUSE bug 969779cpe:/o:suse:sll:7CVE-2014-3566SUSE Liberty Linux 7
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CriticalCVE-2014-3566 at SUSECVE-2014-3566 at NVDSUSE bug 1011293SUSE bug 1031023SUSE bug 901223SUSE bug 901254SUSE bug 901277SUSE bug 901748SUSE bug 901757SUSE bug 901759SUSE bug 901889SUSE bug 901968SUSE bug 902229SUSE bug 902233SUSE bug 902476SUSE bug 903405SUSE bug 903684SUSE bug 904889SUSE bug 905106SUSE bug 914041SUSE bug 994144cpe:/o:suse:sll:7CVE-2014-3567SUSE Liberty Linux 7
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
ImportantCVE-2014-3567 at SUSECVE-2014-3567 at NVDSUSE bug 877506SUSE bug 901277SUSE bug 905106cpe:/o:suse:sll:7CVE-2014-3570SUSE Liberty Linux 7
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
ModerateCVE-2014-3570 at SUSECVE-2014-3570 at NVDSUSE bug 912296SUSE bug 915848SUSE bug 927623SUSE bug 937891SUSE bug 944456cpe:/o:suse:sll:7CVE-2014-3571SUSE Liberty Linux 7
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.
ModerateCVE-2014-3571 at SUSECVE-2014-3571 at NVDSUSE bug 912294SUSE bug 915848SUSE bug 927623cpe:/o:suse:sll:7CVE-2014-3572SUSE Liberty Linux 7
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
ModerateCVE-2014-3572 at SUSECVE-2014-3572 at NVDSUSE bug 912015SUSE bug 915848SUSE bug 927623SUSE bug 937891cpe:/o:suse:sll:7CVE-2014-3577SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
ModerateCVE-2014-3577 at SUSECVE-2014-3577 at NVDSUSE bug 1178171cpe:/o:suse:sll:7CVE-2014-3580SUSE Liberty Linux 7
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
ModerateCVE-2014-3580 at SUSECVE-2014-3580 at NVDSUSE bug 909935SUSE bug 910376cpe:/o:suse:sll:7CVE-2014-3581SUSE Liberty Linux 7
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
ModerateCVE-2014-3581 at SUSECVE-2014-3581 at NVDSUSE bug 899836cpe:/o:suse:sll:7CVE-2014-3587SUSE Liberty Linux 7
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
ModerateCVE-2014-3587 at SUSECVE-2014-3587 at NVDSUSE bug 987530SUSE bug 992991SUSE bug 998845cpe:/o:suse:sll:7CVE-2014-3597SUSE Liberty Linux 7
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
ModerateCVE-2014-3597 at SUSECVE-2014-3597 at NVDSUSE bug 893853SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-3609SUSE Liberty Linux 7
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
ModerateCVE-2014-3609 at SUSECVE-2014-3609 at NVDSUSE bug 893649cpe:/o:suse:sll:7CVE-2014-3611SUSE Liberty Linux 7
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
ImportantCVE-2014-3611 at SUSECVE-2014-3611 at NVDSUSE bug 899192cpe:/o:suse:sll:7CVE-2014-3613SUSE Liberty Linux 7
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
ModerateCVE-2014-3613 at SUSECVE-2014-3613 at NVDSUSE bug 894575cpe:/o:suse:sll:7CVE-2014-3615SUSE Liberty Linux 7
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
ModerateCVE-2014-3615 at SUSECVE-2014-3615 at NVDSUSE bug 895528SUSE bug 918998cpe:/o:suse:sll:7CVE-2014-3618SUSE Liberty Linux 7
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
ImportantCVE-2014-3618 at SUSECVE-2014-3618 at NVDSUSE bug 1068648SUSE bug 894999SUSE bug 898303cpe:/o:suse:sll:7CVE-2014-3631SUSE Liberty Linux 7
The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
ImportantCVE-2014-3631 at SUSECVE-2014-3631 at NVDSUSE bug 896262cpe:/o:suse:sll:7CVE-2014-3633SUSE Liberty Linux 7
The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.
ModerateCVE-2014-3633 at SUSECVE-2014-3633 at NVDSUSE bug 897783cpe:/o:suse:sll:7CVE-2014-3634SUSE Liberty Linux 7
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
ImportantCVE-2014-3634 at SUSECVE-2014-3634 at NVDSUSE bug 897262SUSE bug 899756cpe:/o:suse:sll:7CVE-2014-3640SUSE Liberty Linux 7
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
CVE-2014-3640 at SUSECVE-2014-3640 at NVDSUSE bug 897654SUSE bug 965112cpe:/o:suse:sll:7CVE-2014-3645SUSE Liberty Linux 7
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
ImportantCVE-2014-3645 at SUSECVE-2014-3645 at NVDSUSE bug 899192cpe:/o:suse:sll:7CVE-2014-3646SUSE Liberty Linux 7
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
ModerateCVE-2014-3646 at SUSECVE-2014-3646 at NVDSUSE bug 899192cpe:/o:suse:sll:7CVE-2014-3647SUSE Liberty Linux 7
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
ModerateCVE-2014-3647 at SUSECVE-2014-3647 at NVDSUSE bug 1013038SUSE bug 1134834SUSE bug 899192cpe:/o:suse:sll:7CVE-2014-3657SUSE Liberty Linux 7
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.
ModerateCVE-2014-3657 at SUSECVE-2014-3657 at NVDSUSE bug 897783SUSE bug 899484cpe:/o:suse:sll:7CVE-2014-3660SUSE Liberty Linux 7
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
ModerateCVE-2014-3660 at SUSECVE-2014-3660 at NVDSUSE bug 1123919SUSE bug 901546cpe:/o:suse:sll:7CVE-2014-3668SUSE Liberty Linux 7
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
ModerateCVE-2014-3668 at SUSECVE-2014-3668 at NVDSUSE bug 902368SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-3669SUSE Liberty Linux 7
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.
ModerateCVE-2014-3669 at SUSECVE-2014-3669 at NVDSUSE bug 902360SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-3670SUSE Liberty Linux 7
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
ModerateCVE-2014-3670 at SUSECVE-2014-3670 at NVDSUSE bug 902357SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-3673SUSE Liberty Linux 7
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
ImportantCVE-2014-3673 at SUSECVE-2014-3673 at NVDSUSE bug 1115893SUSE bug 902346SUSE bug 902349SUSE bug 904899cpe:/o:suse:sll:7CVE-2014-3686SUSE Liberty Linux 7
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDSUSE bug 1063667SUSE bug 900611SUSE bug 915323cpe:/o:suse:sll:7CVE-2014-3687SUSE Liberty Linux 7
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
ImportantCVE-2014-3687 at SUSECVE-2014-3687 at NVDSUSE bug 1115893SUSE bug 902349SUSE bug 904899SUSE bug 909208cpe:/o:suse:sll:7CVE-2014-3688SUSE Liberty Linux 7
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.
ModerateCVE-2014-3688 at SUSECVE-2014-3688 at NVDSUSE bug 902351cpe:/o:suse:sll:7CVE-2014-3690SUSE Liberty Linux 7
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
ModerateCVE-2014-3690 at SUSECVE-2014-3690 at NVDSUSE bug 902232cpe:/o:suse:sll:7CVE-2014-3694SUSE Liberty Linux 7
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
ModerateCVE-2014-3694 at SUSECVE-2014-3694 at NVDSUSE bug 902495cpe:/o:suse:sll:7CVE-2014-3695SUSE Liberty Linux 7
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
ModerateCVE-2014-3695 at SUSECVE-2014-3695 at NVDSUSE bug 902409cpe:/o:suse:sll:7CVE-2014-3696SUSE Liberty Linux 7
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
ModerateCVE-2014-3696 at SUSECVE-2014-3696 at NVDSUSE bug 902410cpe:/o:suse:sll:7CVE-2014-3698SUSE Liberty Linux 7
The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.
ModerateCVE-2014-3698 at SUSECVE-2014-3698 at NVDSUSE bug 902408cpe:/o:suse:sll:7CVE-2014-3707SUSE Liberty Linux 7
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
ModerateCVE-2014-3707 at SUSECVE-2014-3707 at NVDSUSE bug 901924SUSE bug 951391cpe:/o:suse:sll:7CVE-2014-3710SUSE Liberty Linux 7
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDSUSE bug 902367SUSE bug 910252cpe:/o:suse:sll:7CVE-2014-3917SUSE Liberty Linux 7
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
ModerateCVE-2014-3917 at SUSECVE-2014-3917 at NVDSUSE bug 880484cpe:/o:suse:sll:7CVE-2014-3940SUSE Liberty Linux 7
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
LowCVE-2014-3940 at SUSECVE-2014-3940 at NVDSUSE bug 881101cpe:/o:suse:sll:7CVE-2014-4027SUSE Liberty Linux 7
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
ModerateCVE-2014-4027 at SUSECVE-2014-4027 at NVDSUSE bug 882639cpe:/o:suse:sll:7CVE-2014-4049SUSE Liberty Linux 7
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
ModerateCVE-2014-4049 at SUSECVE-2014-4049 at NVDSUSE bug 882992SUSE bug 893853cpe:/o:suse:sll:7CVE-2014-4171SUSE Liberty Linux 7
mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.
ModerateCVE-2014-4171 at SUSECVE-2014-4171 at NVDSUSE bug 883518cpe:/o:suse:sll:7CVE-2014-4207SUSE Liberty Linux 7
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
ModerateCVE-2014-4207 at SUSECVE-2014-4207 at NVDSUSE bug 887580SUSE bug 915914cpe:/o:suse:sll:7CVE-2014-4243SUSE Liberty Linux 7
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.
ModerateCVE-2014-4243 at SUSECVE-2014-4243 at NVDSUSE bug 887580cpe:/o:suse:sll:7CVE-2014-4258SUSE Liberty Linux 7
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
ModerateCVE-2014-4258 at SUSECVE-2014-4258 at NVDSUSE bug 887580SUSE bug 915914cpe:/o:suse:sll:7CVE-2014-4260SUSE Liberty Linux 7
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
ModerateCVE-2014-4260 at SUSECVE-2014-4260 at NVDSUSE bug 887580SUSE bug 915914cpe:/o:suse:sll:7CVE-2014-4274SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.
ModerateCVE-2014-4274 at SUSECVE-2014-4274 at NVDSUSE bug 857678SUSE bug 896400SUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-4287SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.
ModerateCVE-2014-4287 at SUSECVE-2014-4287 at NVDSUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-4337SUSE Liberty Linux 7
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
ImportantCVE-2014-4337 at SUSECVE-2014-4337 at NVDSUSE bug 871327SUSE bug 883543cpe:/o:suse:sll:7CVE-2014-4338SUSE Liberty Linux 7
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
LowCVE-2014-4338 at SUSECVE-2014-4338 at NVDSUSE bug 871327SUSE bug 883536cpe:/o:suse:sll:7CVE-2014-4341SUSE Liberty Linux 7
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
ModerateCVE-2014-4341 at SUSECVE-2014-4341 at NVDSUSE bug 770172SUSE bug 886016cpe:/o:suse:sll:7CVE-2014-4342SUSE Liberty Linux 7
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
ModerateCVE-2014-4342 at SUSECVE-2014-4342 at NVDSUSE bug 770172SUSE bug 886016cpe:/o:suse:sll:7CVE-2014-4343SUSE Liberty Linux 7
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
ImportantCVE-2014-4343 at SUSECVE-2014-4343 at NVDSUSE bug 770172SUSE bug 888697cpe:/o:suse:sll:7CVE-2014-4344SUSE Liberty Linux 7
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
ImportantCVE-2014-4344 at SUSECVE-2014-4344 at NVDSUSE bug 888697cpe:/o:suse:sll:7CVE-2014-4345SUSE Liberty Linux 7
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
ModerateCVE-2014-4345 at SUSECVE-2014-4345 at NVDSUSE bug 770172SUSE bug 891082cpe:/o:suse:sll:7CVE-2014-4616SUSE Liberty Linux 7
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
ModerateCVE-2014-4616 at SUSECVE-2014-4616 at NVDSUSE bug 884075cpe:/o:suse:sll:7CVE-2014-4650SUSE Liberty Linux 7
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
ModerateCVE-2014-4650 at SUSECVE-2014-4650 at NVDSUSE bug 856835SUSE bug 856836SUSE bug 863741SUSE bug 885882SUSE bug 898572SUSE bug 912739cpe:/o:suse:sll:7CVE-2014-4652SUSE Liberty Linux 7
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
ModerateCVE-2014-4652 at SUSECVE-2014-4652 at NVDSUSE bug 883795cpe:/o:suse:sll:7CVE-2014-4653SUSE Liberty Linux 7
sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
ModerateCVE-2014-4653 at SUSECVE-2014-4653 at NVDSUSE bug 883795cpe:/o:suse:sll:7CVE-2014-4654SUSE Liberty Linux 7
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.
ModerateCVE-2014-4654 at SUSECVE-2014-4654 at NVDSUSE bug 883795cpe:/o:suse:sll:7CVE-2014-4655SUSE Liberty Linux 7
The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
ModerateCVE-2014-4655 at SUSECVE-2014-4655 at NVDSUSE bug 883795cpe:/o:suse:sll:7CVE-2014-4656SUSE Liberty Linux 7
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
ModerateCVE-2014-4656 at SUSECVE-2014-4656 at NVDSUSE bug 883795cpe:/o:suse:sll:7CVE-2014-4667SUSE Liberty Linux 7
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
ModerateCVE-2014-4667 at SUSECVE-2014-4667 at NVDSUSE bug 885422cpe:/o:suse:sll:7CVE-2014-4670SUSE Liberty Linux 7
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
ModerateCVE-2014-4670 at SUSECVE-2014-4670 at NVDSUSE bug 886059SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-4698SUSE Liberty Linux 7
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
ModerateCVE-2014-4698 at SUSECVE-2014-4698 at NVDSUSE bug 886060SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-4699SUSE Liberty Linux 7
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
ModerateCVE-2014-4699 at SUSECVE-2014-4699 at NVDSUSE bug 885725cpe:/o:suse:sll:7CVE-2014-4721SUSE Liberty Linux 7
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
ModerateCVE-2014-4721 at SUSECVE-2014-4721 at NVDSUSE bug 885961SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-4877SUSE Liberty Linux 7
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
ImportantCVE-2014-4877 at SUSECVE-2014-4877 at NVDSUSE bug 902709cpe:/o:suse:sll:7CVE-2014-4943SUSE Liberty Linux 7
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
ModerateCVE-2014-4943 at SUSECVE-2014-4943 at NVDSUSE bug 887082cpe:/o:suse:sll:7CVE-2014-4975SUSE Liberty Linux 7
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
ModerateCVE-2014-4975 at SUSECVE-2014-4975 at NVDSUSE bug 887877cpe:/o:suse:sll:7CVE-2014-5033SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
ModerateCVE-2014-5033 at SUSECVE-2014-5033 at NVDSUSE bug 836931SUSE bug 864716SUSE bug 912121cpe:/o:suse:sll:7CVE-2014-5045SUSE Liberty Linux 7
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
ModerateCVE-2014-5045 at SUSECVE-2014-5045 at NVDSUSE bug 889060cpe:/o:suse:sll:7CVE-2014-5077SUSE Liberty Linux 7
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
ModerateCVE-2014-5077 at SUSECVE-2014-5077 at NVDSUSE bug 889173cpe:/o:suse:sll:7CVE-2014-5119SUSE Liberty Linux 7
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
ImportantCVE-2014-5119 at SUSECVE-2014-5119 at NVDSUSE bug 892073SUSE bug 903057SUSE bug 916222cpe:/o:suse:sll:7CVE-2014-5120SUSE Liberty Linux 7
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
ImportantCVE-2014-5120 at SUSECVE-2014-5120 at NVDSUSE bug 1067090SUSE bug 893855cpe:/o:suse:sll:7CVE-2014-5177SUSE Liberty Linux 7
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.
LowCVE-2014-5177 at SUSECVE-2014-5177 at NVDSUSE bug 873705cpe:/o:suse:sll:7CVE-2014-5352SUSE Liberty Linux 7
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.
ModerateCVE-2014-5352 at SUSECVE-2014-5352 at NVDSUSE bug 1005509SUSE bug 770172SUSE bug 912002cpe:/o:suse:sll:7CVE-2014-5353SUSE Liberty Linux 7
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
LowCVE-2014-5353 at SUSECVE-2014-5353 at NVDSUSE bug 910457cpe:/o:suse:sll:7CVE-2014-5355SUSE Liberty Linux 7
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
ModerateCVE-2014-5355 at SUSECVE-2014-5355 at NVDSUSE bug 770172SUSE bug 918595cpe:/o:suse:sll:7CVE-2014-5471SUSE Liberty Linux 7
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
ModerateCVE-2014-5471 at SUSECVE-2014-5471 at NVDSUSE bug 892490cpe:/o:suse:sll:7CVE-2014-5472SUSE Liberty Linux 7
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
ModerateCVE-2014-5472 at SUSECVE-2014-5472 at NVDSUSE bug 892490cpe:/o:suse:sll:7CVE-2014-6040SUSE Liberty Linux 7
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
ModerateCVE-2014-6040 at SUSECVE-2014-6040 at NVDSUSE bug 894553SUSE bug 903057SUSE bug 916222cpe:/o:suse:sll:7CVE-2014-6051SUSE Liberty Linux 7
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
ImportantCVE-2014-6051 at SUSECVE-2014-6051 at NVDSUSE bug 897031SUSE bug 900896cpe:/o:suse:sll:7CVE-2014-6052SUSE Liberty Linux 7
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
ImportantCVE-2014-6052 at SUSECVE-2014-6052 at NVDSUSE bug 897031cpe:/o:suse:sll:7CVE-2014-6053SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
ImportantCVE-2014-6053 at SUSECVE-2014-6053 at NVDSUSE bug 897031cpe:/o:suse:sll:7CVE-2014-6054SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
ImportantCVE-2014-6054 at SUSECVE-2014-6054 at NVDSUSE bug 897031cpe:/o:suse:sll:7CVE-2014-6055SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
ImportantCVE-2014-6055 at SUSECVE-2014-6055 at NVDSUSE bug 897031cpe:/o:suse:sll:7CVE-2014-6269SUSE Liberty Linux 7
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
ModerateCVE-2014-6269 at SUSECVE-2014-6269 at NVDSUSE bug 895849cpe:/o:suse:sll:7CVE-2014-6271SUSE Liberty Linux 7
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
ImportantCVE-2014-6271 at SUSECVE-2014-6271 at NVDSUSE bug 1024628SUSE bug 1130324SUSE bug 870618SUSE bug 896776SUSE bug 898346SUSE bug 898604SUSE bug 898812SUSE bug 898884SUSE bug 900127SUSE bug 900454cpe:/o:suse:sll:7CVE-2014-6410SUSE Liberty Linux 7
The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.
ModerateCVE-2014-6410 at SUSECVE-2014-6410 at NVDSUSE bug 896689cpe:/o:suse:sll:7CVE-2014-6421SUSE Liberty Linux 7
Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors.
ModerateCVE-2014-6421 at SUSECVE-2014-6421 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6422SUSE Liberty Linux 7
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
ModerateCVE-2014-6422 at SUSECVE-2014-6422 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6423SUSE Liberty Linux 7
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
ModerateCVE-2014-6423 at SUSECVE-2014-6423 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6424SUSE Liberty Linux 7
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet.
ModerateCVE-2014-6424 at SUSECVE-2014-6424 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6425SUSE Liberty Linux 7
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\0' character.
ModerateCVE-2014-6425 at SUSECVE-2014-6425 at NVDcpe:/o:suse:sll:7CVE-2014-6426SUSE Liberty Linux 7
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2014-6426 at SUSECVE-2014-6426 at NVDcpe:/o:suse:sll:7CVE-2014-6427SUSE Liberty Linux 7
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position.
ModerateCVE-2014-6427 at SUSECVE-2014-6427 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6428SUSE Liberty Linux 7
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2014-6428 at SUSECVE-2014-6428 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6429SUSE Liberty Linux 7
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
ModerateCVE-2014-6429 at SUSECVE-2014-6429 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6430SUSE Liberty Linux 7
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
ModerateCVE-2014-6430 at SUSECVE-2014-6430 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6431SUSE Liberty Linux 7
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer.
ModerateCVE-2014-6431 at SUSECVE-2014-6431 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6432SUSE Liberty Linux 7
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
ModerateCVE-2014-6432 at SUSECVE-2014-6432 at NVDSUSE bug 897055cpe:/o:suse:sll:7CVE-2014-6457SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CriticalCVE-2014-6457 at SUSECVE-2014-6457 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889cpe:/o:suse:sll:7CVE-2014-6463SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.
ModerateCVE-2014-6463 at SUSECVE-2014-6463 at NVDSUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-6464SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
ModerateCVE-2014-6464 at SUSECVE-2014-6464 at NVDSUSE bug 901237SUSE bug 915912cpe:/o:suse:sll:7CVE-2014-6469SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
ModerateCVE-2014-6469 at SUSECVE-2014-6469 at NVDSUSE bug 901237SUSE bug 915912cpe:/o:suse:sll:7CVE-2014-6484SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.
ModerateCVE-2014-6484 at SUSECVE-2014-6484 at NVDSUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-6502SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.
CriticalCVE-2014-6502 at SUSECVE-2014-6502 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889cpe:/o:suse:sll:7CVE-2014-6504SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.
CriticalCVE-2014-6504 at SUSECVE-2014-6504 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246cpe:/o:suse:sll:7CVE-2014-6505SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.
ModerateCVE-2014-6505 at SUSECVE-2014-6505 at NVDSUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-6506SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CriticalCVE-2014-6506 at SUSECVE-2014-6506 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889cpe:/o:suse:sll:7CVE-2014-6507SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
ModerateCVE-2014-6507 at SUSECVE-2014-6507 at NVDSUSE bug 901237SUSE bug 915912cpe:/o:suse:sll:7CVE-2014-6511SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
CriticalCVE-2014-6511 at SUSECVE-2014-6511 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889cpe:/o:suse:sll:7CVE-2014-6512SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
CriticalCVE-2014-6512 at SUSECVE-2014-6512 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889cpe:/o:suse:sll:7CVE-2014-6517SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.
CriticalCVE-2014-6517 at SUSECVE-2014-6517 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246cpe:/o:suse:sll:7CVE-2014-6519SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.
CriticalCVE-2014-6519 at SUSECVE-2014-6519 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246cpe:/o:suse:sll:7CVE-2014-6520SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.
ModerateCVE-2014-6520 at SUSECVE-2014-6520 at NVDSUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-6530SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.
ModerateCVE-2014-6530 at SUSECVE-2014-6530 at NVDSUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-6531SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
CriticalCVE-2014-6531 at SUSECVE-2014-6531 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889cpe:/o:suse:sll:7CVE-2014-6551SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.
ModerateCVE-2014-6551 at SUSECVE-2014-6551 at NVDSUSE bug 901237SUSE bug 915913cpe:/o:suse:sll:7CVE-2014-6555SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
ModerateCVE-2014-6555 at SUSECVE-2014-6555 at NVDSUSE bug 901237SUSE bug 915912cpe:/o:suse:sll:7CVE-2014-6558SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
CriticalCVE-2014-6558 at SUSECVE-2014-6558 at NVDSUSE bug 901239SUSE bug 901242SUSE bug 901246SUSE bug 904889cpe:/o:suse:sll:7CVE-2014-6559SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
ModerateCVE-2014-6559 at SUSECVE-2014-6559 at NVDSUSE bug 901237SUSE bug 915912cpe:/o:suse:sll:7CVE-2014-6568SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
ImportantCVE-2014-6568 at SUSECVE-2014-6568 at NVDSUSE bug 914058SUSE bug 915911cpe:/o:suse:sll:7CVE-2014-6585SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.
ModerateCVE-2014-6585 at SUSECVE-2014-6585 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2014-6587SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
CriticalCVE-2014-6587 at SUSECVE-2014-6587 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2014-6591SUSE Liberty Linux 7
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
CriticalCVE-2014-6591 at SUSECVE-2014-6591 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2014-6593SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
CriticalCVE-2014-6593 at SUSECVE-2014-6593 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2014-6601SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CriticalCVE-2014-6601 at SUSECVE-2014-6601 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2014-7145SUSE Liberty Linux 7
The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.
ImportantCVE-2014-7145 at SUSECVE-2014-7145 at NVDSUSE bug 897101cpe:/o:suse:sll:7CVE-2014-7185SUSE Liberty Linux 7
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
ModerateCVE-2014-7185 at SUSECVE-2014-7185 at NVDSUSE bug 898572SUSE bug 912739SUSE bug 913479SUSE bug 955182cpe:/o:suse:sll:7CVE-2014-7300SUSE Liberty Linux 7
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.
ModerateCVE-2014-7300 at SUSECVE-2014-7300 at NVDSUSE bug 900031cpe:/o:suse:sll:7CVE-2014-7810SUSE Liberty Linux 7
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
ModerateCVE-2014-7810 at SUSECVE-2014-7810 at NVDSUSE bug 931442cpe:/o:suse:sll:7CVE-2014-7815SUSE Liberty Linux 7
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
ModerateCVE-2014-7815 at SUSECVE-2014-7815 at NVDSUSE bug 902737SUSE bug 962627cpe:/o:suse:sll:7CVE-2014-7817SUSE Liberty Linux 7
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
ModerateCVE-2014-7817 at SUSECVE-2014-7817 at NVDSUSE bug 906371cpe:/o:suse:sll:7CVE-2014-7822SUSE Liberty Linux 7
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
ModerateCVE-2014-7822 at SUSECVE-2014-7822 at NVDSUSE bug 1115893SUSE bug 915322SUSE bug 915517SUSE bug 939240cpe:/o:suse:sll:7CVE-2014-7823SUSE Liberty Linux 7
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDSUSE bug 904176cpe:/o:suse:sll:7CVE-2014-7825SUSE Liberty Linux 7
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.
ImportantCVE-2014-7825 at SUSECVE-2014-7825 at NVDSUSE bug 904012SUSE bug 904013cpe:/o:suse:sll:7CVE-2014-7826SUSE Liberty Linux 7
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
CVE-2014-7826 at SUSECVE-2014-7826 at NVDSUSE bug 904012SUSE bug 904013cpe:/o:suse:sll:7CVE-2014-7840SUSE Liberty Linux 7
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
ModerateCVE-2014-7840 at SUSECVE-2014-7840 at NVDSUSE bug 905097cpe:/o:suse:sll:7CVE-2014-7841SUSE Liberty Linux 7
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
ModerateCVE-2014-7841 at SUSECVE-2014-7841 at NVDSUSE bug 904899SUSE bug 905100cpe:/o:suse:sll:7CVE-2014-7842SUSE Liberty Linux 7
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.
ModerateCVE-2014-7842 at SUSECVE-2014-7842 at NVDSUSE bug 905312SUSE bug 907822cpe:/o:suse:sll:7CVE-2014-7844SUSE Liberty Linux 7
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
ImportantCVE-2014-7844 at SUSECVE-2014-7844 at NVDSUSE bug 909208cpe:/o:suse:sll:7CVE-2014-7970SUSE Liberty Linux 7
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call.
ModerateCVE-2014-7970 at SUSECVE-2014-7970 at NVDSUSE bug 900644cpe:/o:suse:sll:7CVE-2014-7975SUSE Liberty Linux 7
The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.
ModerateCVE-2014-7975 at SUSECVE-2014-7975 at NVDSUSE bug 900392cpe:/o:suse:sll:7CVE-2014-8080SUSE Liberty Linux 7
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
ModerateCVE-2014-8080 at SUSECVE-2014-8080 at NVDSUSE bug 902851cpe:/o:suse:sll:7CVE-2014-8086SUSE Liberty Linux 7
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
ModerateCVE-2014-8086 at SUSECVE-2014-8086 at NVDSUSE bug 900881cpe:/o:suse:sll:7CVE-2014-8090SUSE Liberty Linux 7
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
ModerateCVE-2014-8090 at SUSECVE-2014-8090 at NVDSUSE bug 905326cpe:/o:suse:sll:7CVE-2014-8091SUSE Liberty Linux 7
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.
ModerateCVE-2014-8091 at SUSECVE-2014-8091 at NVDSUSE bug 1000496SUSE bug 882226SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8092SUSE Liberty Linux 7
Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.
ModerateCVE-2014-8092 at SUSECVE-2014-8092 at NVDSUSE bug 1000496SUSE bug 1146596SUSE bug 907268SUSE bug 928520cpe:/o:suse:sll:7CVE-2014-8093SUSE Liberty Linux 7
Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.
ModerateCVE-2014-8093 at SUSECVE-2014-8093 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8094SUSE Liberty Linux 7
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.
ModerateCVE-2014-8094 at SUSECVE-2014-8094 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8095SUSE Liberty Linux 7
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.
ModerateCVE-2014-8095 at SUSECVE-2014-8095 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8096SUSE Liberty Linux 7
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.
ModerateCVE-2014-8096 at SUSECVE-2014-8096 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8097SUSE Liberty Linux 7
The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.
ModerateCVE-2014-8097 at SUSECVE-2014-8097 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8098SUSE Liberty Linux 7
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.
ModerateCVE-2014-8098 at SUSECVE-2014-8098 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8099SUSE Liberty Linux 7
The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.
ModerateCVE-2014-8099 at SUSECVE-2014-8099 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8100SUSE Liberty Linux 7
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
ModerateCVE-2014-8100 at SUSECVE-2014-8100 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8101SUSE Liberty Linux 7
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.
ModerateCVE-2014-8101 at SUSECVE-2014-8101 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8102SUSE Liberty Linux 7
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
ModerateCVE-2014-8102 at SUSECVE-2014-8102 at NVDSUSE bug 1000496SUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8103SUSE Liberty Linux 7
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
ModerateCVE-2014-8103 at SUSECVE-2014-8103 at NVDSUSE bug 907268cpe:/o:suse:sll:7CVE-2014-8105SUSE Liberty Linux 7
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
ModerateCVE-2014-8105 at SUSECVE-2014-8105 at NVDcpe:/o:suse:sll:7CVE-2014-8106SUSE Liberty Linux 7
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
ModerateCVE-2014-8106 at SUSECVE-2014-8106 at NVDSUSE bug 1023004SUSE bug 1178658SUSE bug 907805cpe:/o:suse:sll:7CVE-2014-8108SUSE Liberty Linux 7
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
ModerateCVE-2014-8108 at SUSECVE-2014-8108 at NVDSUSE bug 909935cpe:/o:suse:sll:7CVE-2014-8112SUSE Liberty Linux 7
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
LowCVE-2014-8112 at SUSECVE-2014-8112 at NVDcpe:/o:suse:sll:7CVE-2014-8116SUSE Liberty Linux 7
The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
ModerateCVE-2014-8116 at SUSECVE-2014-8116 at NVDSUSE bug 910252SUSE bug 910253SUSE bug 917152cpe:/o:suse:sll:7CVE-2014-8117SUSE Liberty Linux 7
softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.
ModerateCVE-2014-8117 at SUSECVE-2014-8117 at NVDSUSE bug 910252SUSE bug 910253SUSE bug 917152cpe:/o:suse:sll:7CVE-2014-8118SUSE Liberty Linux 7
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
CriticalCVE-2014-8118 at SUSECVE-2014-8118 at NVDSUSE bug 1101137SUSE bug 1127299SUSE bug 906803SUSE bug 908128cpe:/o:suse:sll:7CVE-2014-8119SUSE Liberty Linux 7
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
ImportantCVE-2014-8119 at SUSECVE-2014-8119 at NVDSUSE bug 925225cpe:/o:suse:sll:7CVE-2014-8121SUSE Liberty Linux 7
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.
ModerateCVE-2014-8121 at SUSECVE-2014-8121 at NVDSUSE bug 1123874SUSE bug 918187SUSE bug 945779cpe:/o:suse:sll:7CVE-2014-8127SUSE Liberty Linux 7
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
CriticalCVE-2014-8127 at SUSECVE-2014-8127 at NVDSUSE bug 1206220SUSE bug 914890SUSE bug 916925SUSE bug 942690SUSE bug 969783cpe:/o:suse:sll:7CVE-2014-8129SUSE Liberty Linux 7
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
CriticalCVE-2014-8129 at SUSECVE-2014-8129 at NVDSUSE bug 1206220SUSE bug 914890SUSE bug 916925SUSE bug 942690SUSE bug 969783cpe:/o:suse:sll:7CVE-2014-8130SUSE Liberty Linux 7
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
CriticalCVE-2014-8130 at SUSECVE-2014-8130 at NVDSUSE bug 1206220SUSE bug 914890SUSE bug 916925SUSE bug 942690SUSE bug 969783cpe:/o:suse:sll:7CVE-2014-8136SUSE Liberty Linux 7
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
LowCVE-2014-8136 at SUSECVE-2014-8136 at NVDSUSE bug 910862cpe:/o:suse:sll:7CVE-2014-8137SUSE Liberty Linux 7
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
ModerateCVE-2014-8137 at SUSECVE-2014-8137 at NVDSUSE bug 1178702SUSE bug 909474SUSE bug 909475SUSE bug 911837SUSE bug 968373SUSE bug 969776cpe:/o:suse:sll:7CVE-2014-8138SUSE Liberty Linux 7
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
ImportantCVE-2014-8138 at SUSECVE-2014-8138 at NVDSUSE bug 1178702SUSE bug 909474SUSE bug 909475SUSE bug 911837SUSE bug 969776cpe:/o:suse:sll:7CVE-2014-8139SUSE Liberty Linux 7
Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
ImportantCVE-2014-8139 at SUSECVE-2014-8139 at NVDSUSE bug 909214SUSE bug 915880cpe:/o:suse:sll:7CVE-2014-8140SUSE Liberty Linux 7
Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
ImportantCVE-2014-8140 at SUSECVE-2014-8140 at NVDSUSE bug 909214SUSE bug 914442SUSE bug 915880cpe:/o:suse:sll:7CVE-2014-8141SUSE Liberty Linux 7
Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.
ImportantCVE-2014-8141 at SUSECVE-2014-8141 at NVDSUSE bug 909214SUSE bug 915880cpe:/o:suse:sll:7CVE-2014-8142SUSE Liberty Linux 7
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.
LowCVE-2014-8142 at SUSECVE-2014-8142 at NVDSUSE bug 910659SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-8150SUSE Liberty Linux 7
CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDSUSE bug 911363SUSE bug 951391cpe:/o:suse:sll:7CVE-2014-8157SUSE Liberty Linux 7
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
ImportantCVE-2014-8157 at SUSECVE-2014-8157 at NVDSUSE bug 1178702SUSE bug 911837SUSE bug 969776cpe:/o:suse:sll:7CVE-2014-8158SUSE Liberty Linux 7
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
ImportantCVE-2014-8158 at SUSECVE-2014-8158 at NVDSUSE bug 1178702SUSE bug 911837SUSE bug 969776cpe:/o:suse:sll:7CVE-2014-8159SUSE Liberty Linux 7
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
ModerateCVE-2014-8159 at SUSECVE-2014-8159 at NVDSUSE bug 903967SUSE bug 914742SUSE bug 939241cpe:/o:suse:sll:7CVE-2014-8160SUSE Liberty Linux 7
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.
ImportantCVE-2014-8160 at SUSECVE-2014-8160 at NVDSUSE bug 857643SUSE bug 913059cpe:/o:suse:sll:7CVE-2014-8161SUSE Liberty Linux 7
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
ModerateCVE-2014-8161 at SUSECVE-2014-8161 at NVDSUSE bug 916953cpe:/o:suse:sll:7CVE-2014-8169SUSE Liberty Linux 7
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
ModerateCVE-2014-8169 at SUSECVE-2014-8169 at NVDSUSE bug 917977cpe:/o:suse:sll:7CVE-2014-8171SUSE Liberty Linux 7
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
ModerateCVE-2014-8171 at SUSECVE-2014-8171 at NVDSUSE bug 928128cpe:/o:suse:sll:7CVE-2014-8172SUSE Liberty Linux 7
The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.
ModerateCVE-2014-8172 at SUSECVE-2014-8172 at NVDSUSE bug 920632cpe:/o:suse:sll:7CVE-2014-8173SUSE Liberty Linux 7
The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.
ImportantCVE-2014-8173 at SUSECVE-2014-8173 at NVDSUSE bug 920583cpe:/o:suse:sll:7CVE-2014-8176SUSE Liberty Linux 7
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
ImportantCVE-2014-8176 at SUSECVE-2014-8176 at NVDSUSE bug 1148697SUSE bug 934494SUSE bug 934666SUSE bug 986238cpe:/o:suse:sll:7CVE-2014-8184SUSE Liberty Linux 7
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.
ImportantCVE-2014-8184 at SUSECVE-2014-8184 at NVDSUSE bug 1056088SUSE bug 1056090SUSE bug 1056093SUSE bug 1056095SUSE bug 1056105SUSE bug 1062458SUSE bug 1067336cpe:/o:suse:sll:7CVE-2014-8240SUSE Liberty Linux 7
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
ImportantCVE-2014-8240 at SUSECVE-2014-8240 at NVDSUSE bug 900896cpe:/o:suse:sll:7CVE-2014-8241SUSE Liberty Linux 7
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
CriticalCVE-2014-8241 at SUSECVE-2014-8241 at NVDSUSE bug 900898cpe:/o:suse:sll:7CVE-2014-8275SUSE Liberty Linux 7
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
ModerateCVE-2014-8275 at SUSECVE-2014-8275 at NVDSUSE bug 912018SUSE bug 915848SUSE bug 927623SUSE bug 937891cpe:/o:suse:sll:7CVE-2014-8484SUSE Liberty Linux 7
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
ModerateCVE-2014-8484 at SUSECVE-2014-8484 at NVDSUSE bug 902676SUSE bug 902677cpe:/o:suse:sll:7CVE-2014-8485SUSE Liberty Linux 7
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.
ModerateCVE-2014-8485 at SUSECVE-2014-8485 at NVDSUSE bug 902676cpe:/o:suse:sll:7CVE-2014-8500SUSE Liberty Linux 7
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
ImportantCVE-2014-8500 at SUSECVE-2014-8500 at NVDSUSE bug 908994SUSE bug 986950cpe:/o:suse:sll:7CVE-2014-8501SUSE Liberty Linux 7
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
ModerateCVE-2014-8501 at SUSECVE-2014-8501 at NVDSUSE bug 903655cpe:/o:suse:sll:7CVE-2014-8502SUSE Liberty Linux 7
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
ModerateCVE-2014-8502 at SUSECVE-2014-8502 at NVDSUSE bug 903655cpe:/o:suse:sll:7CVE-2014-8503SUSE Liberty Linux 7
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
ModerateCVE-2014-8503 at SUSECVE-2014-8503 at NVDSUSE bug 903655cpe:/o:suse:sll:7CVE-2014-8504SUSE Liberty Linux 7
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.
ModerateCVE-2014-8504 at SUSECVE-2014-8504 at NVDSUSE bug 903655cpe:/o:suse:sll:7CVE-2014-8559SUSE Liberty Linux 7
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
ModerateCVE-2014-8559 at SUSECVE-2014-8559 at NVDSUSE bug 903640SUSE bug 915517cpe:/o:suse:sll:7CVE-2014-8564SUSE Liberty Linux 7
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.
ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDSUSE bug 904603cpe:/o:suse:sll:7CVE-2014-8602SUSE Liberty Linux 7
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
ModerateCVE-2014-8602 at SUSECVE-2014-8602 at NVDSUSE bug 908990cpe:/o:suse:sll:7CVE-2014-8634SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2014-8634 at SUSECVE-2014-8634 at NVDSUSE bug 910669SUSE bug 913064SUSE bug 913096cpe:/o:suse:sll:7CVE-2014-8638SUSE Liberty Linux 7
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.
ModerateCVE-2014-8638 at SUSECVE-2014-8638 at NVDSUSE bug 910669SUSE bug 913068SUSE bug 913096cpe:/o:suse:sll:7CVE-2014-8639SUSE Liberty Linux 7
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
ModerateCVE-2014-8639 at SUSECVE-2014-8639 at NVDSUSE bug 910669SUSE bug 913066SUSE bug 913096cpe:/o:suse:sll:7CVE-2014-8641SUSE Liberty Linux 7
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.
ModerateCVE-2014-8641 at SUSECVE-2014-8641 at NVDSUSE bug 910669SUSE bug 913067SUSE bug 913096cpe:/o:suse:sll:7CVE-2014-8709SUSE Liberty Linux 7
The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.
ImportantCVE-2014-8709 at SUSECVE-2014-8709 at NVDSUSE bug 904700cpe:/o:suse:sll:7CVE-2014-8710SUSE Liberty Linux 7
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
ModerateCVE-2014-8710 at SUSECVE-2014-8710 at NVDSUSE bug 905246cpe:/o:suse:sll:7CVE-2014-8711SUSE Liberty Linux 7
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.
ModerateCVE-2014-8711 at SUSECVE-2014-8711 at NVDSUSE bug 905245cpe:/o:suse:sll:7CVE-2014-8712SUSE Liberty Linux 7
The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2014-8712 at SUSECVE-2014-8712 at NVDSUSE bug 905248cpe:/o:suse:sll:7CVE-2014-8713SUSE Liberty Linux 7
Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2014-8713 at SUSECVE-2014-8713 at NVDSUSE bug 905248cpe:/o:suse:sll:7CVE-2014-8714SUSE Liberty Linux 7
The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2014-8714 at SUSECVE-2014-8714 at NVDSUSE bug 905247cpe:/o:suse:sll:7CVE-2014-8737SUSE Liberty Linux 7
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
ModerateCVE-2014-8737 at SUSECVE-2014-8737 at NVDSUSE bug 905736SUSE bug 912408cpe:/o:suse:sll:7CVE-2014-8738SUSE Liberty Linux 7
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
ModerateCVE-2014-8738 at SUSECVE-2014-8738 at NVDSUSE bug 905735cpe:/o:suse:sll:7CVE-2014-8884SUSE Liberty Linux 7
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.
ModerateCVE-2014-8884 at SUSECVE-2014-8884 at NVDSUSE bug 904876SUSE bug 905522SUSE bug 905739SUSE bug 905744SUSE bug 905748SUSE bug 905764cpe:/o:suse:sll:7CVE-2014-8962SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
ImportantCVE-2014-8962 at SUSECVE-2014-8962 at NVDSUSE bug 906831SUSE bug 907764SUSE bug 969774cpe:/o:suse:sll:7CVE-2014-8964SUSE Liberty Linux 7
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDSUSE bug 906574SUSE bug 924960SUSE bug 933288SUSE bug 936408SUSE bug 958373cpe:/o:suse:sll:7CVE-2014-9028SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
ImportantCVE-2014-9028 at SUSECVE-2014-9028 at NVDSUSE bug 907016SUSE bug 969774cpe:/o:suse:sll:7CVE-2014-9029SUSE Liberty Linux 7
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
ImportantCVE-2014-9029 at SUSECVE-2014-9029 at NVDSUSE bug 1178702SUSE bug 906364SUSE bug 909474SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-9112SUSE Liberty Linux 7
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDSUSE bug 907456SUSE bug 913479cpe:/o:suse:sll:7CVE-2014-9130SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
ModerateCVE-2014-9130 at SUSECVE-2014-9130 at NVDSUSE bug 907809SUSE bug 911782SUSE bug 921588cpe:/o:suse:sll:7CVE-2014-9273SUSE Liberty Linux 7
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
LowCVE-2014-9273 at SUSECVE-2014-9273 at NVDSUSE bug 908614cpe:/o:suse:sll:7CVE-2014-9278SUSE Liberty Linux 7
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
LowCVE-2014-9278 at SUSECVE-2014-9278 at NVDSUSE bug 908424cpe:/o:suse:sll:7CVE-2014-9293SUSE Liberty Linux 7
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
ImportantCVE-2014-9293 at SUSECVE-2014-9293 at NVDSUSE bug 910764SUSE bug 911053SUSE bug 911792SUSE bug 959243cpe:/o:suse:sll:7CVE-2014-9294SUSE Liberty Linux 7
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
ImportantCVE-2014-9294 at SUSECVE-2014-9294 at NVDSUSE bug 910764SUSE bug 911053SUSE bug 911792SUSE bug 959243cpe:/o:suse:sll:7CVE-2014-9295SUSE Liberty Linux 7
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
ImportantCVE-2014-9295 at SUSECVE-2014-9295 at NVDSUSE bug 910764SUSE bug 911053SUSE bug 911792SUSE bug 916239SUSE bug 959243cpe:/o:suse:sll:7CVE-2014-9296SUSE Liberty Linux 7
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
ImportantCVE-2014-9296 at SUSECVE-2014-9296 at NVDSUSE bug 910764SUSE bug 911053SUSE bug 911792SUSE bug 959243SUSE bug 992991cpe:/o:suse:sll:7CVE-2014-9297SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage
ImportantCVE-2014-9297 at SUSECVE-2014-9297 at NVDSUSE bug 911792SUSE bug 948963SUSE bug 959243cpe:/o:suse:sll:7CVE-2014-9298SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage
ImportantCVE-2014-9298 at SUSECVE-2014-9298 at NVDSUSE bug 911792SUSE bug 948963SUSE bug 959243cpe:/o:suse:sll:7CVE-2014-9322SUSE Liberty Linux 7
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
ImportantCVE-2014-9322 at SUSECVE-2014-9322 at NVDSUSE bug 1115893SUSE bug 817142SUSE bug 910251cpe:/o:suse:sll:7CVE-2014-9330SUSE Liberty Linux 7
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
ModerateCVE-2014-9330 at SUSECVE-2014-9330 at NVDcpe:/o:suse:sll:7CVE-2014-9365SUSE Liberty Linux 7
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
ModerateCVE-2014-9365 at SUSECVE-2014-9365 at NVDSUSE bug 909713cpe:/o:suse:sll:7CVE-2014-9402SUSE Liberty Linux 7
The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.
ImportantCVE-2014-9402 at SUSECVE-2014-9402 at NVDSUSE bug 910599cpe:/o:suse:sll:7CVE-2014-9419SUSE Liberty Linux 7
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
LowCVE-2014-9419 at SUSECVE-2014-9419 at NVDSUSE bug 911326cpe:/o:suse:sll:7CVE-2014-9420SUSE Liberty Linux 7
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
ModerateCVE-2014-9420 at SUSECVE-2014-9420 at NVDSUSE bug 906545SUSE bug 911325cpe:/o:suse:sll:7CVE-2014-9421SUSE Liberty Linux 7
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.
ModerateCVE-2014-9421 at SUSECVE-2014-9421 at NVDSUSE bug 1005509SUSE bug 770172SUSE bug 912002cpe:/o:suse:sll:7CVE-2014-9422SUSE Liberty Linux 7
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
ModerateCVE-2014-9422 at SUSECVE-2014-9422 at NVDSUSE bug 1005509SUSE bug 770172SUSE bug 912002cpe:/o:suse:sll:7CVE-2014-9423SUSE Liberty Linux 7
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
ModerateCVE-2014-9423 at SUSECVE-2014-9423 at NVDSUSE bug 1005509SUSE bug 912002cpe:/o:suse:sll:7CVE-2014-9474SUSE Liberty Linux 7 LTSS
Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.
LowCVE-2014-9474 at SUSECVE-2014-9474 at NVDSUSE bug 911812CVE-2014-9529SUSE Liberty Linux 7
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
ModerateCVE-2014-9529 at SUSECVE-2014-9529 at NVDSUSE bug 1072204SUSE bug 1115893SUSE bug 912202cpe:/o:suse:sll:7CVE-2014-9584SUSE Liberty Linux 7
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
ModerateCVE-2014-9584 at SUSECVE-2014-9584 at NVDSUSE bug 912654cpe:/o:suse:sll:7CVE-2014-9585SUSE Liberty Linux 7
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
ImportantCVE-2014-9585 at SUSECVE-2014-9585 at NVDSUSE bug 912705cpe:/o:suse:sll:7CVE-2014-9636SUSE Liberty Linux 7
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
ImportantCVE-2014-9636 at SUSECVE-2014-9636 at NVDSUSE bug 914442cpe:/o:suse:sll:7CVE-2014-9644SUSE Liberty Linux 7
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
CVE-2014-9644 at SUSECVE-2014-9644 at NVDSUSE bug 914423cpe:/o:suse:sll:7CVE-2014-9652SUSE Liberty Linux 7
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.
ImportantCVE-2014-9652 at SUSECVE-2014-9652 at NVDSUSE bug 917150SUSE bug 917302SUSE bug 918768SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-9653SUSE Liberty Linux 7
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
ImportantCVE-2014-9653 at SUSECVE-2014-9653 at NVDSUSE bug 917152cpe:/o:suse:sll:7CVE-2014-9655SUSE Liberty Linux 7
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
ModerateCVE-2014-9655 at SUSECVE-2014-9655 at NVDSUSE bug 1206220SUSE bug 914890SUSE bug 916925SUSE bug 916927SUSE bug 969783cpe:/o:suse:sll:7CVE-2014-9657SUSE Liberty Linux 7
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
ModerateCVE-2014-9657 at SUSECVE-2014-9657 at NVDSUSE bug 916856cpe:/o:suse:sll:7CVE-2014-9658SUSE Liberty Linux 7
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
ModerateCVE-2014-9658 at SUSECVE-2014-9658 at NVDSUSE bug 916857cpe:/o:suse:sll:7CVE-2014-9660SUSE Liberty Linux 7
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
ModerateCVE-2014-9660 at SUSECVE-2014-9660 at NVDSUSE bug 916858cpe:/o:suse:sll:7CVE-2014-9661SUSE Liberty Linux 7
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
ModerateCVE-2014-9661 at SUSECVE-2014-9661 at NVDSUSE bug 916859cpe:/o:suse:sll:7CVE-2014-9663SUSE Liberty Linux 7
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
ModerateCVE-2014-9663 at SUSECVE-2014-9663 at NVDSUSE bug 916865cpe:/o:suse:sll:7CVE-2014-9664SUSE Liberty Linux 7
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.
ModerateCVE-2014-9664 at SUSECVE-2014-9664 at NVDSUSE bug 916864cpe:/o:suse:sll:7CVE-2014-9667SUSE Liberty Linux 7
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
ModerateCVE-2014-9667 at SUSECVE-2014-9667 at NVDSUSE bug 916861cpe:/o:suse:sll:7CVE-2014-9669SUSE Liberty Linux 7
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
ModerateCVE-2014-9669 at SUSECVE-2014-9669 at NVDSUSE bug 916870cpe:/o:suse:sll:7CVE-2014-9670SUSE Liberty Linux 7
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
ModerateCVE-2014-9670 at SUSECVE-2014-9670 at NVDSUSE bug 916871SUSE bug 933247cpe:/o:suse:sll:7CVE-2014-9671SUSE Liberty Linux 7
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
ModerateCVE-2014-9671 at SUSECVE-2014-9671 at NVDSUSE bug 916872SUSE bug 933247cpe:/o:suse:sll:7CVE-2014-9673SUSE Liberty Linux 7
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
ModerateCVE-2014-9673 at SUSECVE-2014-9673 at NVDSUSE bug 916874cpe:/o:suse:sll:7CVE-2014-9674SUSE Liberty Linux 7
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
ModerateCVE-2014-9674 at SUSECVE-2014-9674 at NVDSUSE bug 916879cpe:/o:suse:sll:7CVE-2014-9675SUSE Liberty Linux 7
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
ModerateCVE-2014-9675 at SUSECVE-2014-9675 at NVDSUSE bug 916881cpe:/o:suse:sll:7CVE-2014-9679SUSE Liberty Linux 7
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
ImportantCVE-2014-9679 at SUSECVE-2014-9679 at NVDSUSE bug 917799cpe:/o:suse:sll:7CVE-2014-9705SUSE Liberty Linux 7
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
ModerateCVE-2014-9705 at SUSECVE-2014-9705 at NVDSUSE bug 922451SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-9709SUSE Liberty Linux 7
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
LowCVE-2014-9709 at SUSECVE-2014-9709 at NVDSUSE bug 923945SUSE bug 923946SUSE bug 980366cpe:/o:suse:sll:7CVE-2014-9715SUSE Liberty Linux 7
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
ModerateCVE-2014-9715 at SUSECVE-2014-9715 at NVDSUSE bug 927780cpe:/o:suse:sll:7CVE-2014-9750SUSE Liberty Linux 7
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
ImportantCVE-2014-9750 at SUSECVE-2014-9750 at NVDSUSE bug 911792SUSE bug 959243cpe:/o:suse:sll:7CVE-2014-9751SUSE Liberty Linux 7
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
ImportantCVE-2014-9751 at SUSECVE-2014-9751 at NVDSUSE bug 911792SUSE bug 948963SUSE bug 959243cpe:/o:suse:sll:7CVE-2014-9761SUSE Liberty Linux 7
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CriticalCVE-2014-9761 at SUSECVE-2014-9761 at NVDSUSE bug 1123874SUSE bug 962738SUSE bug 986086cpe:/o:suse:sll:7CVE-2014-9938SUSE Liberty Linux 7
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
ModerateCVE-2014-9938 at SUSECVE-2014-9938 at NVDSUSE bug 1030059cpe:/o:suse:sll:7CVE-2015-0204SUSE Liberty Linux 7
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
CriticalCVE-2015-0204 at SUSECVE-2015-0204 at NVDSUSE bug 912014SUSE bug 920482SUSE bug 920484SUSE bug 927591SUSE bug 927623SUSE bug 936787SUSE bug 952088cpe:/o:suse:sll:7CVE-2015-0205SUSE Liberty Linux 7
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.
ModerateCVE-2015-0205 at SUSECVE-2015-0205 at NVDSUSE bug 912293SUSE bug 915848SUSE bug 927623SUSE bug 937891cpe:/o:suse:sll:7CVE-2015-0206SUSE Liberty Linux 7
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
ModerateCVE-2015-0206 at SUSECVE-2015-0206 at NVDSUSE bug 912292SUSE bug 927623SUSE bug 937891cpe:/o:suse:sll:7CVE-2015-0209SUSE Liberty Linux 7
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
CriticalCVE-2015-0209 at SUSECVE-2015-0209 at NVDSUSE bug 912014SUSE bug 919648SUSE bug 936586SUSE bug 937891cpe:/o:suse:sll:7CVE-2015-0231SUSE Liberty Linux 7
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
LowCVE-2015-0231 at SUSECVE-2015-0231 at NVDSUSE bug 910659SUSE bug 924972SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-0232SUSE Liberty Linux 7
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
ModerateCVE-2015-0232 at SUSECVE-2015-0232 at NVDSUSE bug 914690SUSE bug 980366SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-0235SUSE Liberty Linux 7
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CriticalCVE-2015-0235 at SUSECVE-2015-0235 at NVDSUSE bug 844309SUSE bug 913646SUSE bug 949238SUSE bug 954983cpe:/o:suse:sll:7CVE-2015-0236SUSE Liberty Linux 7
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
LowCVE-2015-0236 at SUSECVE-2015-0236 at NVDSUSE bug 914693cpe:/o:suse:sll:7CVE-2015-0239SUSE Liberty Linux 7
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
ModerateCVE-2015-0239 at SUSECVE-2015-0239 at NVDSUSE bug 987709SUSE bug 994618cpe:/o:suse:sll:7CVE-2015-0240SUSE Liberty Linux 7
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
CriticalCVE-2015-0240 at SUSECVE-2015-0240 at NVDSUSE bug 917376cpe:/o:suse:sll:7CVE-2015-0241SUSE Liberty Linux 7
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.
ModerateCVE-2015-0241 at SUSECVE-2015-0241 at NVDSUSE bug 916953cpe:/o:suse:sll:7CVE-2015-0243SUSE Liberty Linux 7
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
ModerateCVE-2015-0243 at SUSECVE-2015-0243 at NVDSUSE bug 916953cpe:/o:suse:sll:7CVE-2015-0244SUSE Liberty Linux 7
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
ModerateCVE-2015-0244 at SUSECVE-2015-0244 at NVDSUSE bug 916953cpe:/o:suse:sll:7CVE-2015-0248SUSE Liberty Linux 7
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
ModerateCVE-2015-0248 at SUSECVE-2015-0248 at NVDSUSE bug 923794cpe:/o:suse:sll:7CVE-2015-0251SUSE Liberty Linux 7
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
LowCVE-2015-0251 at SUSECVE-2015-0251 at NVDSUSE bug 923795cpe:/o:suse:sll:7CVE-2015-0252SUSE Liberty Linux 7
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
ModerateCVE-2015-0252 at SUSECVE-2015-0252 at NVDSUSE bug 920810cpe:/o:suse:sll:7CVE-2015-0254SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
ModerateCVE-2015-0254 at SUSECVE-2015-0254 at NVDSUSE bug 920813cpe:/o:suse:sll:7CVE-2015-0255SUSE Liberty Linux 7
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
ModerateCVE-2015-0255 at SUSECVE-2015-0255 at NVDSUSE bug 915810cpe:/o:suse:sll:7CVE-2015-0261SUSE Liberty Linux 7
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
ModerateCVE-2015-0261 at SUSECVE-2015-0261 at NVDSUSE bug 922220cpe:/o:suse:sll:7CVE-2015-0267SUSE Liberty Linux 7
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
LowCVE-2015-0267 at SUSECVE-2015-0267 at NVDcpe:/o:suse:sll:7CVE-2015-0272SUSE Liberty Linux 7
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
ModerateCVE-2015-0272 at SUSECVE-2015-0272 at NVDSUSE bug 1020452SUSE bug 944296SUSE bug 951638SUSE bug 955354cpe:/o:suse:sll:7CVE-2015-0273SUSE Liberty Linux 7
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
ImportantCVE-2015-0273 at SUSECVE-2015-0273 at NVDSUSE bug 917302SUSE bug 918768SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-0274SUSE Liberty Linux 7
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.
ImportantCVE-2015-0274 at SUSECVE-2015-0274 at NVDSUSE bug 919655cpe:/o:suse:sll:7CVE-2015-0275SUSE Liberty Linux 7
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
ModerateCVE-2015-0275 at SUSECVE-2015-0275 at NVDSUSE bug 919032cpe:/o:suse:sll:7CVE-2015-0283SUSE Liberty Linux 7
The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.
ImportantCVE-2015-0283 at SUSECVE-2015-0283 at NVDcpe:/o:suse:sll:7CVE-2015-0286SUSE Liberty Linux 7
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.
CriticalCVE-2015-0286 at SUSECVE-2015-0286 at NVDSUSE bug 912014SUSE bug 919648SUSE bug 922496SUSE bug 936586SUSE bug 937891SUSE bug 951391cpe:/o:suse:sll:7CVE-2015-0287SUSE Liberty Linux 7
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.
CriticalCVE-2015-0287 at SUSECVE-2015-0287 at NVDSUSE bug 912014SUSE bug 919648SUSE bug 922499SUSE bug 936586SUSE bug 937891SUSE bug 968888SUSE bug 991722cpe:/o:suse:sll:7CVE-2015-0288SUSE Liberty Linux 7
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
CriticalCVE-2015-0288 at SUSECVE-2015-0288 at NVDSUSE bug 912014SUSE bug 919648SUSE bug 920236SUSE bug 936586SUSE bug 937891SUSE bug 951391cpe:/o:suse:sll:7CVE-2015-0289SUSE Liberty Linux 7
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
CriticalCVE-2015-0289 at SUSECVE-2015-0289 at NVDSUSE bug 912014SUSE bug 919648SUSE bug 922500SUSE bug 936586SUSE bug 937891cpe:/o:suse:sll:7CVE-2015-0292SUSE Liberty Linux 7
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.
CriticalCVE-2015-0292 at SUSECVE-2015-0292 at NVDSUSE bug 912014SUSE bug 919648SUSE bug 922501SUSE bug 936586cpe:/o:suse:sll:7CVE-2015-0293SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
CriticalCVE-2015-0293 at SUSECVE-2015-0293 at NVDSUSE bug 912014SUSE bug 919648SUSE bug 922488SUSE bug 936586SUSE bug 968044SUSE bug 968051SUSE bug 968053SUSE bug 986238cpe:/o:suse:sll:7CVE-2015-0374SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
ImportantCVE-2015-0374 at SUSECVE-2015-0374 at NVDSUSE bug 914058SUSE bug 915911cpe:/o:suse:sll:7CVE-2015-0381SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
ImportantCVE-2015-0381 at SUSECVE-2015-0381 at NVDSUSE bug 914058SUSE bug 915911cpe:/o:suse:sll:7CVE-2015-0382SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
ImportantCVE-2015-0382 at SUSECVE-2015-0382 at NVDSUSE bug 914058SUSE bug 915911cpe:/o:suse:sll:7CVE-2015-0383SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
ModerateCVE-2015-0383 at SUSECVE-2015-0383 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2015-0391SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
ImportantCVE-2015-0391 at SUSECVE-2015-0391 at NVDSUSE bug 914058SUSE bug 915913cpe:/o:suse:sll:7CVE-2015-0395SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CriticalCVE-2015-0395 at SUSECVE-2015-0395 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2015-0407SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
CriticalCVE-2015-0407 at SUSECVE-2015-0407 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2015-0408SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
CriticalCVE-2015-0408 at SUSECVE-2015-0408 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2015-0410SUSE Liberty Linux 7
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
CriticalCVE-2015-0410 at SUSECVE-2015-0410 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2015-0411SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
ImportantCVE-2015-0411 at SUSECVE-2015-0411 at NVDSUSE bug 914058SUSE bug 915911cpe:/o:suse:sll:7CVE-2015-0412SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
CriticalCVE-2015-0412 at SUSECVE-2015-0412 at NVDSUSE bug 914041cpe:/o:suse:sll:7CVE-2015-0432SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
ImportantCVE-2015-0432 at SUSECVE-2015-0432 at NVDSUSE bug 914058SUSE bug 915911cpe:/o:suse:sll:7CVE-2015-0433SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
LowCVE-2015-0433 at SUSECVE-2015-0433 at NVDSUSE bug 927623SUSE bug 936409cpe:/o:suse:sll:7CVE-2015-0441SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
LowCVE-2015-0441 at SUSECVE-2015-0441 at NVDSUSE bug 927623SUSE bug 936409cpe:/o:suse:sll:7CVE-2015-0460SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CriticalCVE-2015-0460 at SUSECVE-2015-0460 at NVDSUSE bug 927591cpe:/o:suse:sll:7CVE-2015-0469SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CriticalCVE-2015-0469 at SUSECVE-2015-0469 at NVDSUSE bug 927591SUSE bug 932310cpe:/o:suse:sll:7CVE-2015-0470SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.
CriticalCVE-2015-0470 at SUSECVE-2015-0470 at NVDSUSE bug 927591cpe:/o:suse:sll:7CVE-2015-0477SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.
ModerateCVE-2015-0477 at SUSECVE-2015-0477 at NVDSUSE bug 927591cpe:/o:suse:sll:7CVE-2015-0478SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.
ModerateCVE-2015-0478 at SUSECVE-2015-0478 at NVDSUSE bug 927591SUSE bug 944456cpe:/o:suse:sll:7CVE-2015-0480SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
ModerateCVE-2015-0480 at SUSECVE-2015-0480 at NVDSUSE bug 927591cpe:/o:suse:sll:7CVE-2015-0488SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
ModerateCVE-2015-0488 at SUSECVE-2015-0488 at NVDSUSE bug 927591cpe:/o:suse:sll:7CVE-2015-0499SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
LowCVE-2015-0499 at SUSECVE-2015-0499 at NVDSUSE bug 927623SUSE bug 936408cpe:/o:suse:sll:7CVE-2015-0501SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
ModerateCVE-2015-0501 at SUSECVE-2015-0501 at NVDSUSE bug 927623SUSE bug 936408cpe:/o:suse:sll:7CVE-2015-0505SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
LowCVE-2015-0505 at SUSECVE-2015-0505 at NVDSUSE bug 927623SUSE bug 936408cpe:/o:suse:sll:7CVE-2015-0562SUSE Liberty Linux 7
Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
ModerateCVE-2015-0562 at SUSECVE-2015-0562 at NVDSUSE bug 912369cpe:/o:suse:sll:7CVE-2015-0563SUSE Liberty Linux 7
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-0563 at SUSECVE-2015-0563 at NVDSUSE bug 912370cpe:/o:suse:sll:7CVE-2015-0564SUSE Liberty Linux 7
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
ModerateCVE-2015-0564 at SUSECVE-2015-0564 at NVDSUSE bug 912372cpe:/o:suse:sll:7CVE-2015-0797SUSE Liberty Linux 7
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
ImportantCVE-2015-0797 at SUSECVE-2015-0797 at NVDSUSE bug 927559SUSE bug 930622cpe:/o:suse:sll:7CVE-2015-0801SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
ImportantCVE-2015-0801 at SUSECVE-2015-0801 at NVDSUSE bug 925368SUSE bug 925401cpe:/o:suse:sll:7CVE-2015-0807SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
ImportantCVE-2015-0807 at SUSECVE-2015-0807 at NVDSUSE bug 913068SUSE bug 925368SUSE bug 925398cpe:/o:suse:sll:7CVE-2015-0813SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.
ImportantCVE-2015-0813 at SUSECVE-2015-0813 at NVDSUSE bug 925368SUSE bug 925393cpe:/o:suse:sll:7CVE-2015-0815SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-0815 at SUSECVE-2015-0815 at NVDSUSE bug 925368SUSE bug 925392cpe:/o:suse:sll:7CVE-2015-0816SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
ImportantCVE-2015-0816 at SUSECVE-2015-0816 at NVDSUSE bug 925368SUSE bug 925395cpe:/o:suse:sll:7CVE-2015-0817SUSE Liberty Linux 7
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.
ImportantCVE-2015-0817 at SUSECVE-2015-0817 at NVDSUSE bug 923495SUSE bug 923534cpe:/o:suse:sll:7CVE-2015-0818SUSE Liberty Linux 7
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
ImportantCVE-2015-0818 at SUSECVE-2015-0818 at NVDSUSE bug 923495SUSE bug 923534cpe:/o:suse:sll:7CVE-2015-0822SUSE Liberty Linux 7
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
ImportantCVE-2015-0822 at SUSECVE-2015-0822 at NVDSUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515cpe:/o:suse:sll:7CVE-2015-0827SUSE Liberty Linux 7
Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.
ImportantCVE-2015-0827 at SUSECVE-2015-0827 at NVDSUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515cpe:/o:suse:sll:7CVE-2015-0831SUSE Liberty Linux 7
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.
ImportantCVE-2015-0831 at SUSECVE-2015-0831 at NVDSUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515cpe:/o:suse:sll:7CVE-2015-0836SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-0836 at SUSECVE-2015-0836 at NVDSUSE bug 910669SUSE bug 917597SUSE bug 923534SUSE bug 924515cpe:/o:suse:sll:7CVE-2015-0848SUSE Liberty Linux 7
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.
ModerateCVE-2015-0848 at SUSECVE-2015-0848 at NVDSUSE bug 933109cpe:/o:suse:sll:7CVE-2015-1158SUSE Liberty Linux 7
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
CriticalCVE-2015-1158 at SUSECVE-2015-1158 at NVDSUSE bug 924208SUSE bug 976653cpe:/o:suse:sll:7CVE-2015-1159SUSE Liberty Linux 7
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
CriticalCVE-2015-1159 at SUSECVE-2015-1159 at NVDSUSE bug 924208SUSE bug 976653cpe:/o:suse:sll:7CVE-2015-1333SUSE Liberty Linux 7
Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.
ModerateCVE-2015-1333 at SUSECVE-2015-1333 at NVDSUSE bug 1126909SUSE bug 1185451SUSE bug 938645cpe:/o:suse:sll:7CVE-2015-1345SUSE Liberty Linux 7
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
LowCVE-2015-1345 at SUSECVE-2015-1345 at NVDSUSE bug 914695cpe:/o:suse:sll:7CVE-2015-1349SUSE Liberty Linux 7
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
ModerateCVE-2015-1349 at SUSECVE-2015-1349 at NVDSUSE bug 918330cpe:/o:suse:sll:7CVE-2015-1421SUSE Liberty Linux 7
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
ModerateCVE-2015-1421 at SUSECVE-2015-1421 at NVDSUSE bug 1115893SUSE bug 915577SUSE bug 922004SUSE bug 939261cpe:/o:suse:sll:7CVE-2015-1472SUSE Liberty Linux 7
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.
ModerateCVE-2015-1472 at SUSECVE-2015-1472 at NVDSUSE bug 916222SUSE bug 920341SUSE bug 922243cpe:/o:suse:sll:7CVE-2015-1473SUSE Liberty Linux 7
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.
ModerateCVE-2015-1473 at SUSECVE-2015-1473 at NVDSUSE bug 916222SUSE bug 920341SUSE bug 922243cpe:/o:suse:sll:7CVE-2015-1547SUSE Liberty Linux 7
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
ModerateCVE-2015-1547 at SUSECVE-2015-1547 at NVDSUSE bug 1206220SUSE bug 914890SUSE bug 916925cpe:/o:suse:sll:7CVE-2015-1573SUSE Liberty Linux 7
The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.
ModerateCVE-2015-1573 at SUSECVE-2015-1573 at NVDSUSE bug 917274cpe:/o:suse:sll:7CVE-2015-1593SUSE Liberty Linux 7
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.
ModerateCVE-2015-1593 at SUSECVE-2015-1593 at NVDSUSE bug 1044934SUSE bug 917839cpe:/o:suse:sll:7CVE-2015-1779SUSE Liberty Linux 7
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
ModerateCVE-2015-1779 at SUSECVE-2015-1779 at NVDSUSE bug 924018SUSE bug 962632cpe:/o:suse:sll:7CVE-2015-1781SUSE Liberty Linux 7
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
ModerateCVE-2015-1781 at SUSECVE-2015-1781 at NVDSUSE bug 1123874SUSE bug 927080SUSE bug 979109cpe:/o:suse:sll:7CVE-2015-1782SUSE Liberty Linux 7
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDSUSE bug 921070cpe:/o:suse:sll:7CVE-2015-1789SUSE Liberty Linux 7
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
ImportantCVE-2015-1789 at SUSECVE-2015-1789 at NVDSUSE bug 934489SUSE bug 934666SUSE bug 936586SUSE bug 937891SUSE bug 938432SUSE bug 951391cpe:/o:suse:sll:7CVE-2015-1790SUSE Liberty Linux 7
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
ModerateCVE-2015-1790 at SUSECVE-2015-1790 at NVDSUSE bug 934491SUSE bug 934666SUSE bug 936586SUSE bug 938432cpe:/o:suse:sll:7CVE-2015-1791SUSE Liberty Linux 7
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
ModerateCVE-2015-1791 at SUSECVE-2015-1791 at NVDSUSE bug 933911SUSE bug 934666SUSE bug 986238SUSE bug 989464cpe:/o:suse:sll:7CVE-2015-1792SUSE Liberty Linux 7
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
ModerateCVE-2015-1792 at SUSECVE-2015-1792 at NVDSUSE bug 934493SUSE bug 934666SUSE bug 937891SUSE bug 986238cpe:/o:suse:sll:7CVE-2015-1798SUSE Liberty Linux 7
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
ImportantCVE-2015-1798 at SUSECVE-2015-1798 at NVDSUSE bug 924202SUSE bug 927497SUSE bug 928321SUSE bug 936327SUSE bug 957163cpe:/o:suse:sll:7CVE-2015-1799SUSE Liberty Linux 7
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
ImportantCVE-2015-1799 at SUSECVE-2015-1799 at NVDSUSE bug 924202SUSE bug 927497SUSE bug 928321SUSE bug 936327SUSE bug 943565SUSE bug 957163SUSE bug 959243SUSE bug 962624cpe:/o:suse:sll:7CVE-2015-1802SUSE Liberty Linux 7
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
ImportantCVE-2015-1802 at SUSECVE-2015-1802 at NVDSUSE bug 921978cpe:/o:suse:sll:7CVE-2015-1803SUSE Liberty Linux 7
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
ImportantCVE-2015-1803 at SUSECVE-2015-1803 at NVDSUSE bug 921978cpe:/o:suse:sll:7CVE-2015-1804SUSE Liberty Linux 7
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
ImportantCVE-2015-1804 at SUSECVE-2015-1804 at NVDSUSE bug 921978cpe:/o:suse:sll:7CVE-2015-1805SUSE Liberty Linux 7
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
ImportantCVE-2015-1805 at SUSECVE-2015-1805 at NVDSUSE bug 917839SUSE bug 933429SUSE bug 939270SUSE bug 964730SUSE bug 964732cpe:/o:suse:sll:7CVE-2015-1815SUSE Liberty Linux 7
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
CriticalCVE-2015-1815 at SUSECVE-2015-1815 at NVDSUSE bug 983452SUSE bug 984780cpe:/o:suse:sll:7CVE-2015-1819SUSE Liberty Linux 7
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
ModerateCVE-2015-1819 at SUSECVE-2015-1819 at NVDSUSE bug 1123919SUSE bug 928193SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-1821SUSE Liberty Linux 7
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.
ModerateCVE-2015-1821 at SUSECVE-2015-1821 at NVDSUSE bug 926323cpe:/o:suse:sll:7CVE-2015-1822SUSE Liberty Linux 7
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.
ModerateCVE-2015-1822 at SUSECVE-2015-1822 at NVDSUSE bug 926323cpe:/o:suse:sll:7CVE-2015-1827SUSE Liberty Linux 7
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
ModerateCVE-2015-1827 at SUSECVE-2015-1827 at NVDcpe:/o:suse:sll:7CVE-2015-1848SUSE Liberty Linux 7
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag.
CVE-2015-1848 at SUSECVE-2015-1848 at NVDSUSE bug 930578cpe:/o:suse:sll:7CVE-2015-1853SUSE Liberty Linux 7
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
ModerateCVE-2015-1853 at SUSECVE-2015-1853 at NVDSUSE bug 926323cpe:/o:suse:sll:7CVE-2015-1854SUSE Liberty Linux 7
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
ImportantCVE-2015-1854 at SUSECVE-2015-1854 at NVDSUSE bug 929034cpe:/o:suse:sll:7CVE-2015-1863SUSE Liberty Linux 7
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
LowCVE-2015-1863 at SUSECVE-2015-1863 at NVDSUSE bug 915323SUSE bug 927558cpe:/o:suse:sll:7CVE-2015-1867SUSE Liberty Linux 7
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
ImportantCVE-2015-1867 at SUSECVE-2015-1867 at NVDSUSE bug 927828cpe:/o:suse:sll:7CVE-2015-1869SUSE Liberty Linux 7
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
ImportantCVE-2015-1869 at SUSECVE-2015-1869 at NVDcpe:/o:suse:sll:7CVE-2015-1870SUSE Liberty Linux 7
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.
ImportantCVE-2015-1870 at SUSECVE-2015-1870 at NVDcpe:/o:suse:sll:7CVE-2015-2153SUSE Liberty Linux 7
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
ModerateCVE-2015-2153 at SUSECVE-2015-2153 at NVDSUSE bug 922221SUSE bug 922222SUSE bug 922223cpe:/o:suse:sll:7CVE-2015-2154SUSE Liberty Linux 7
The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.
ModerateCVE-2015-2154 at SUSECVE-2015-2154 at NVDSUSE bug 922222cpe:/o:suse:sll:7CVE-2015-2155SUSE Liberty Linux 7
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
ModerateCVE-2015-2155 at SUSECVE-2015-2155 at NVDSUSE bug 922220SUSE bug 922221SUSE bug 922222SUSE bug 922223cpe:/o:suse:sll:7CVE-2015-2188SUSE Liberty Linux 7
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.
ModerateCVE-2015-2188 at SUSECVE-2015-2188 at NVDSUSE bug 920696cpe:/o:suse:sll:7CVE-2015-2189SUSE Liberty Linux 7
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
ModerateCVE-2015-2189 at SUSECVE-2015-2189 at NVDSUSE bug 920697cpe:/o:suse:sll:7CVE-2015-2191SUSE Liberty Linux 7
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.
ModerateCVE-2015-2191 at SUSECVE-2015-2191 at NVDSUSE bug 920699cpe:/o:suse:sll:7CVE-2015-2301SUSE Liberty Linux 7
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.
ModerateCVE-2015-2301 at SUSECVE-2015-2301 at NVDSUSE bug 922452SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-2328SUSE Liberty Linux 7
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
ModerateCVE-2015-2328 at SUSECVE-2015-2328 at NVDSUSE bug 906574SUSE bug 957600cpe:/o:suse:sll:7CVE-2015-2348SUSE Liberty Linux 7
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
ModerateCVE-2015-2348 at SUSECVE-2015-2348 at NVDSUSE bug 924970SUSE bug 935227cpe:/o:suse:sll:7CVE-2015-2568SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
ModerateCVE-2015-2568 at SUSECVE-2015-2568 at NVDSUSE bug 927623SUSE bug 936409cpe:/o:suse:sll:7CVE-2015-2571SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
LowCVE-2015-2571 at SUSECVE-2015-2571 at NVDSUSE bug 927623SUSE bug 936408cpe:/o:suse:sll:7CVE-2015-2573SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
LowCVE-2015-2573 at SUSECVE-2015-2573 at NVDSUSE bug 927623SUSE bug 936409cpe:/o:suse:sll:7CVE-2015-2582SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
LowCVE-2015-2582 at SUSECVE-2015-2582 at NVDSUSE bug 938412cpe:/o:suse:sll:7CVE-2015-2590SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
ImportantCVE-2015-2590 at SUSECVE-2015-2590 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-2601SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.
ImportantCVE-2015-2601 at SUSECVE-2015-2601 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-2620SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.
ModerateCVE-2015-2620 at SUSECVE-2015-2620 at NVDSUSE bug 938412cpe:/o:suse:sll:7CVE-2015-2621SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.
ImportantCVE-2015-2621 at SUSECVE-2015-2621 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-2625SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.
ImportantCVE-2015-2625 at SUSECVE-2015-2625 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-2628SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
ImportantCVE-2015-2628 at SUSECVE-2015-2628 at NVDSUSE bug 937828SUSE bug 938248cpe:/o:suse:sll:7CVE-2015-2632SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ImportantCVE-2015-2632 at SUSECVE-2015-2632 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-2643SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
LowCVE-2015-2643 at SUSECVE-2015-2643 at NVDSUSE bug 938412cpe:/o:suse:sll:7CVE-2015-2648SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
LowCVE-2015-2648 at SUSECVE-2015-2648 at NVDSUSE bug 938412cpe:/o:suse:sll:7CVE-2015-2659SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security.
ImportantCVE-2015-2659 at SUSECVE-2015-2659 at NVDSUSE bug 937828SUSE bug 938248cpe:/o:suse:sll:7CVE-2015-2666SUSE Liberty Linux 7
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.
ModerateCVE-2015-2666 at SUSECVE-2015-2666 at NVDSUSE bug 922944SUSE bug 939044cpe:/o:suse:sll:7CVE-2015-2675SUSE Liberty Linux 7
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
ImportantCVE-2015-2675 at SUSECVE-2015-2675 at NVDSUSE bug 923618cpe:/o:suse:sll:7CVE-2015-2694SUSE Liberty Linux 7
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
ModerateCVE-2015-2694 at SUSECVE-2015-2694 at NVDSUSE bug 928978cpe:/o:suse:sll:7CVE-2015-2704SUSE Liberty Linux 7
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.
ModerateCVE-2015-2704 at SUSECVE-2015-2704 at NVDSUSE bug 1048025SUSE bug 916766cpe:/o:suse:sll:7CVE-2015-2708SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2015-2708 at SUSECVE-2015-2708 at NVDSUSE bug 930622cpe:/o:suse:sll:7CVE-2015-2710SUSE Liberty Linux 7
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
ModerateCVE-2015-2710 at SUSECVE-2015-2710 at NVDSUSE bug 930622cpe:/o:suse:sll:7CVE-2015-2713SUSE Liberty Linux 7
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
ModerateCVE-2015-2713 at SUSECVE-2015-2713 at NVDSUSE bug 930622cpe:/o:suse:sll:7CVE-2015-2716SUSE Liberty Linux 7
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
ModerateCVE-2015-2716 at SUSECVE-2015-2716 at NVDSUSE bug 930622SUSE bug 939077SUSE bug 980391SUSE bug 983985cpe:/o:suse:sll:7CVE-2015-2722SUSE Liberty Linux 7
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.
ImportantCVE-2015-2722 at SUSECVE-2015-2722 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2724SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-2724 at SUSECVE-2015-2724 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2725SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-2725 at SUSECVE-2015-2725 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2727SUSE Liberty Linux 7
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.
ImportantCVE-2015-2727 at SUSECVE-2015-2727 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2728SUSE Liberty Linux 7
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.
ImportantCVE-2015-2728 at SUSECVE-2015-2728 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2729SUSE Liberty Linux 7
The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
ImportantCVE-2015-2729 at SUSECVE-2015-2729 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2730SUSE Liberty Linux 7
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
ImportantCVE-2015-2730 at SUSECVE-2015-2730 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2731SUSE Liberty Linux 7
Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.
ImportantCVE-2015-2731 at SUSECVE-2015-2731 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2733SUSE Liberty Linux 7
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.
ImportantCVE-2015-2733 at SUSECVE-2015-2733 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2734SUSE Liberty Linux 7
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2734 at SUSECVE-2015-2734 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2735SUSE Liberty Linux 7
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
ImportantCVE-2015-2735 at SUSECVE-2015-2735 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2736SUSE Liberty Linux 7
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.
ImportantCVE-2015-2736 at SUSECVE-2015-2736 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2737SUSE Liberty Linux 7
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2737 at SUSECVE-2015-2737 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2738SUSE Liberty Linux 7
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2738 at SUSECVE-2015-2738 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2739SUSE Liberty Linux 7
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.
ImportantCVE-2015-2739 at SUSECVE-2015-2739 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2740SUSE Liberty Linux 7
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.
ImportantCVE-2015-2740 at SUSECVE-2015-2740 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2741SUSE Liberty Linux 7
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.
ImportantCVE-2015-2741 at SUSECVE-2015-2741 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2743SUSE Liberty Linux 7
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
ImportantCVE-2015-2743 at SUSECVE-2015-2743 at NVDSUSE bug 863095SUSE bug 935979cpe:/o:suse:sll:7CVE-2015-2775SUSE Liberty Linux 7
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
ModerateCVE-2015-2775 at SUSECVE-2015-2775 at NVDSUSE bug 925502cpe:/o:suse:sll:7CVE-2015-2783SUSE Liberty Linux 7
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
ModerateCVE-2015-2783 at SUSECVE-2015-2783 at NVDSUSE bug 928408SUSE bug 928506SUSE bug 928511SUSE bug 931418SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-2787SUSE Liberty Linux 7
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.
ImportantCVE-2015-2787 at SUSECVE-2015-2787 at NVDSUSE bug 924972SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-2806SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
CriticalCVE-2015-2806 at SUSECVE-2015-2806 at NVDSUSE bug 924828SUSE bug 929414SUSE bug 961491SUSE bug 969208cpe:/o:suse:sll:7CVE-2015-2808SUSE Liberty Linux 7
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
ImportantCVE-2015-2808 at SUSECVE-2015-2808 at NVDSUSE bug 925378SUSE bug 938248SUSE bug 938895SUSE bug 952088cpe:/o:suse:sll:7CVE-2015-2830SUSE Liberty Linux 7
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
ModerateCVE-2015-2830 at SUSECVE-2015-2830 at NVDSUSE bug 903967SUSE bug 926240cpe:/o:suse:sll:7CVE-2015-2922SUSE Liberty Linux 7
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
ModerateCVE-2015-2922 at SUSECVE-2015-2922 at NVDSUSE bug 903967SUSE bug 922583SUSE bug 926223cpe:/o:suse:sll:7CVE-2015-2924SUSE Liberty Linux 7
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
ModerateCVE-2015-2924 at SUSECVE-2015-2924 at NVDSUSE bug 926223cpe:/o:suse:sll:7CVE-2015-2925SUSE Liberty Linux 7
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
ModerateCVE-2015-2925 at SUSECVE-2015-2925 at NVDSUSE bug 926238SUSE bug 951625SUSE bug 951638SUSE bug 963994cpe:/o:suse:sll:7CVE-2015-3142SUSE Liberty Linux 7
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.
ImportantCVE-2015-3142 at SUSECVE-2015-3142 at NVDcpe:/o:suse:sll:7CVE-2015-3143SUSE Liberty Linux 7
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
ModerateCVE-2015-3143 at SUSECVE-2015-3143 at NVDSUSE bug 927556cpe:/o:suse:sll:7CVE-2015-3147SUSE Liberty Linux 7
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
ImportantCVE-2015-3147 at SUSECVE-2015-3147 at NVDcpe:/o:suse:sll:7CVE-2015-3148SUSE Liberty Linux 7
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
ModerateCVE-2015-3148 at SUSECVE-2015-3148 at NVDSUSE bug 1092962SUSE bug 927746cpe:/o:suse:sll:7CVE-2015-3149SUSE Liberty Linux 7
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
CriticalCVE-2015-3149 at SUSECVE-2015-3149 at NVDcpe:/o:suse:sll:7CVE-2015-3150SUSE Liberty Linux 7
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
ImportantCVE-2015-3150 at SUSECVE-2015-3150 at NVDcpe:/o:suse:sll:7CVE-2015-3151SUSE Liberty Linux 7
Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.
ImportantCVE-2015-3151 at SUSECVE-2015-3151 at NVDcpe:/o:suse:sll:7CVE-2015-3152SUSE Liberty Linux 7
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
ModerateCVE-2015-3152 at SUSECVE-2015-3152 at NVDSUSE bug 1037590SUSE bug 1047059SUSE bug 1088681SUSE bug 924663SUSE bug 928962SUSE bug 936407cpe:/o:suse:sll:7CVE-2015-3159SUSE Liberty Linux 7
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.
ImportantCVE-2015-3159 at SUSECVE-2015-3159 at NVDcpe:/o:suse:sll:7CVE-2015-3165SUSE Liberty Linux 7
Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
CriticalCVE-2015-3165 at SUSECVE-2015-3165 at NVDSUSE bug 931972SUSE bug 931973SUSE bug 931974SUSE bug 932040cpe:/o:suse:sll:7CVE-2015-3166SUSE Liberty Linux 7
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
CriticalCVE-2015-3166 at SUSECVE-2015-3166 at NVDSUSE bug 931972SUSE bug 931973SUSE bug 931974SUSE bug 932040cpe:/o:suse:sll:7CVE-2015-3167SUSE Liberty Linux 7
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
CriticalCVE-2015-3167 at SUSECVE-2015-3167 at NVDSUSE bug 931972SUSE bug 931973SUSE bug 931974SUSE bug 932040cpe:/o:suse:sll:7CVE-2015-3182SUSE Liberty Linux 7
epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-3182 at SUSECVE-2015-3182 at NVDSUSE bug 930503SUSE bug 930689cpe:/o:suse:sll:7CVE-2015-3183SUSE Liberty Linux 7
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
ModerateCVE-2015-3183 at SUSECVE-2015-3183 at NVDSUSE bug 938728SUSE bug 948325SUSE bug 949218cpe:/o:suse:sll:7CVE-2015-3184SUSE Liberty Linux 7
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
ModerateCVE-2015-3184 at SUSECVE-2015-3184 at NVDSUSE bug 938723SUSE bug 939514SUSE bug 939516cpe:/o:suse:sll:7CVE-2015-3185SUSE Liberty Linux 7
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
ModerateCVE-2015-3185 at SUSECVE-2015-3185 at NVDSUSE bug 938723SUSE bug 939514SUSE bug 939516cpe:/o:suse:sll:7CVE-2015-3187SUSE Liberty Linux 7
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
LowCVE-2015-3187 at SUSECVE-2015-3187 at NVDSUSE bug 939517cpe:/o:suse:sll:7CVE-2015-3194SUSE Liberty Linux 7
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
ModerateCVE-2015-3194 at SUSECVE-2015-3194 at NVDSUSE bug 957812SUSE bug 957815SUSE bug 958768SUSE bug 976341SUSE bug 990370cpe:/o:suse:sll:7CVE-2015-3195SUSE Liberty Linux 7
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
ModerateCVE-2015-3195 at SUSECVE-2015-3195 at NVDSUSE bug 923755SUSE bug 957812SUSE bug 957815SUSE bug 958768SUSE bug 963977SUSE bug 986238cpe:/o:suse:sll:7CVE-2015-3196SUSE Liberty Linux 7
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
ModerateCVE-2015-3196 at SUSECVE-2015-3196 at NVDSUSE bug 957813cpe:/o:suse:sll:7CVE-2015-3197SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
LowCVE-2015-3197 at SUSECVE-2015-3197 at NVDSUSE bug 963410SUSE bug 963415SUSE bug 968044SUSE bug 968046cpe:/o:suse:sll:7CVE-2015-3204SUSE Liberty Linux 7
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
ModerateCVE-2015-3204 at SUSECVE-2015-3204 at NVDcpe:/o:suse:sll:7CVE-2015-3212SUSE Liberty Linux 7
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
ModerateCVE-2015-3212 at SUSECVE-2015-3212 at NVDSUSE bug 936502cpe:/o:suse:sll:7CVE-2015-3213SUSE Liberty Linux 7
The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.
ImportantCVE-2015-3213 at SUSECVE-2015-3213 at NVDSUSE bug 933927cpe:/o:suse:sll:7CVE-2015-3214SUSE Liberty Linux 7
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
ModerateCVE-2015-3214 at SUSECVE-2015-3214 at NVDSUSE bug 934069SUSE bug 936025cpe:/o:suse:sll:7CVE-2015-3216SUSE Liberty Linux 7
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
ModerateCVE-2015-3216 at SUSECVE-2015-3216 at NVDSUSE bug 933898cpe:/o:suse:sll:7CVE-2015-3217SUSE Liberty Linux 7
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
ModerateCVE-2015-3217 at SUSECVE-2015-3217 at NVDSUSE bug 933878SUSE bug 958373cpe:/o:suse:sll:7CVE-2015-3223SUSE Liberty Linux 7
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
ImportantCVE-2015-3223 at SUSECVE-2015-3223 at NVDSUSE bug 958581cpe:/o:suse:sll:7CVE-2015-3225SUSE Liberty Linux 7
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
ModerateCVE-2015-3225 at SUSECVE-2015-3225 at NVDSUSE bug 934797cpe:/o:suse:sll:7CVE-2015-3238SUSE Liberty Linux 7
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDSUSE bug 1123794SUSE bug 934920cpe:/o:suse:sll:7CVE-2015-3240SUSE Liberty Linux 7
The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.
ModerateCVE-2015-3240 at SUSECVE-2015-3240 at NVDSUSE bug 943104cpe:/o:suse:sll:7CVE-2015-3245SUSE Liberty Linux 7
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
ModerateCVE-2015-3245 at SUSECVE-2015-3245 at NVDcpe:/o:suse:sll:7CVE-2015-3246SUSE Liberty Linux 7
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
ImportantCVE-2015-3246 at SUSECVE-2015-3246 at NVDSUSE bug 937533cpe:/o:suse:sll:7CVE-2015-3247SUSE Liberty Linux 7
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
ImportantCVE-2015-3247 at SUSECVE-2015-3247 at NVDSUSE bug 944460cpe:/o:suse:sll:7CVE-2015-3248SUSE Liberty Linux 7
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).
ModerateCVE-2015-3248 at SUSECVE-2015-3248 at NVDSUSE bug 935389cpe:/o:suse:sll:7CVE-2015-3256SUSE Liberty Linux 7
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
ModerateCVE-2015-3256 at SUSECVE-2015-3256 at NVDSUSE bug 943816cpe:/o:suse:sll:7CVE-2015-3258SUSE Liberty Linux 7
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
ImportantCVE-2015-3258 at SUSECVE-2015-3258 at NVDSUSE bug 921753SUSE bug 936281SUSE bug 937018cpe:/o:suse:sll:7CVE-2015-3276SUSE Liberty Linux 7
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
ImportantCVE-2015-3276 at SUSECVE-2015-3276 at NVDSUSE bug 938567cpe:/o:suse:sll:7CVE-2015-3279SUSE Liberty Linux 7
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
ImportantCVE-2015-3279 at SUSECVE-2015-3279 at NVDSUSE bug 921753SUSE bug 936281SUSE bug 937018cpe:/o:suse:sll:7CVE-2015-3281SUSE Liberty Linux 7
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
ModerateCVE-2015-3281 at SUSECVE-2015-3281 at NVDSUSE bug 937042SUSE bug 937202cpe:/o:suse:sll:7CVE-2015-3307SUSE Liberty Linux 7
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.
ImportantCVE-2015-3307 at SUSECVE-2015-3307 at NVDSUSE bug 931418cpe:/o:suse:sll:7CVE-2015-3315SUSE Liberty Linux 7
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
ImportantCVE-2015-3315 at SUSECVE-2015-3315 at NVDcpe:/o:suse:sll:7CVE-2015-3329SUSE Liberty Linux 7
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
ImportantCVE-2015-3329 at SUSECVE-2015-3329 at NVDSUSE bug 928408SUSE bug 928506SUSE bug 928511SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-3330SUSE Liberty Linux 7
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."
ModerateCVE-2015-3330 at SUSECVE-2015-3330 at NVDSUSE bug 908782SUSE bug 928408SUSE bug 928506SUSE bug 928511cpe:/o:suse:sll:7CVE-2015-3331SUSE Liberty Linux 7
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
CriticalCVE-2015-3331 at SUSECVE-2015-3331 at NVDSUSE bug 1115893SUSE bug 927257SUSE bug 931231SUSE bug 939262cpe:/o:suse:sll:7CVE-2015-3339SUSE Liberty Linux 7
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
ModerateCVE-2015-3339 at SUSECVE-2015-3339 at NVDSUSE bug 903967SUSE bug 928130SUSE bug 939263cpe:/o:suse:sll:7CVE-2015-3405SUSE Liberty Linux 7
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
ImportantCVE-2015-3405 at SUSECVE-2015-3405 at NVDSUSE bug 924202SUSE bug 928321cpe:/o:suse:sll:7CVE-2015-3411SUSE Liberty Linux 7
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.
ModerateCVE-2015-3411 at SUSECVE-2015-3411 at NVDSUSE bug 935074SUSE bug 935227SUSE bug 935229SUSE bug 935232SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-3412SUSE Liberty Linux 7
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.
ModerateCVE-2015-3412 at SUSECVE-2015-3412 at NVDSUSE bug 935227SUSE bug 935229SUSE bug 935232SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-3414SUSE Liberty Linux 7
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
ModerateCVE-2015-3414 at SUSECVE-2015-3414 at NVDSUSE bug 1085790SUSE bug 1190372SUSE bug 1193078SUSE bug 928700SUSE bug 928701SUSE bug 928702cpe:/o:suse:sll:7CVE-2015-3415SUSE Liberty Linux 7
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
ModerateCVE-2015-3415 at SUSECVE-2015-3415 at NVDSUSE bug 1190372SUSE bug 928700SUSE bug 928701SUSE bug 928702cpe:/o:suse:sll:7CVE-2015-3416SUSE Liberty Linux 7
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
ModerateCVE-2015-3416 at SUSECVE-2015-3416 at NVDSUSE bug 1190372SUSE bug 928700SUSE bug 928701SUSE bug 928702cpe:/o:suse:sll:7CVE-2015-3455SUSE Liberty Linux 7
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
ModerateCVE-2015-3455 at SUSECVE-2015-3455 at NVDSUSE bug 929493cpe:/o:suse:sll:7CVE-2015-3456SUSE Liberty Linux 7
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
ModerateCVE-2015-3456 at SUSECVE-2015-3456 at NVDSUSE bug 929339SUSE bug 932770SUSE bug 935900cpe:/o:suse:sll:7CVE-2015-3622SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
LowCVE-2015-3622 at SUSECVE-2015-3622 at NVDSUSE bug 929414cpe:/o:suse:sll:7CVE-2015-3636SUSE Liberty Linux 7
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
ModerateCVE-2015-3636 at SUSECVE-2015-3636 at NVDSUSE bug 929525SUSE bug 939277SUSE bug 994624cpe:/o:suse:sll:7CVE-2015-3810SUSE Liberty Linux 7
epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.
ModerateCVE-2015-3810 at SUSECVE-2015-3810 at NVDSUSE bug 930689cpe:/o:suse:sll:7CVE-2015-3811SUSE Liberty Linux 7
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.
ModerateCVE-2015-3811 at SUSECVE-2015-3811 at NVDSUSE bug 930689SUSE bug 930691cpe:/o:suse:sll:7CVE-2015-3812SUSE Liberty Linux 7
Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.
ModerateCVE-2015-3812 at SUSECVE-2015-3812 at NVDSUSE bug 930689SUSE bug 930691cpe:/o:suse:sll:7CVE-2015-3813SUSE Liberty Linux 7
The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.
ModerateCVE-2015-3813 at SUSECVE-2015-3813 at NVDSUSE bug 930689cpe:/o:suse:sll:7CVE-2015-4000SUSE Liberty Linux 7
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
ImportantCVE-2015-4000 at SUSECVE-2015-4000 at NVDSUSE bug 1074631SUSE bug 1211968SUSE bug 931600SUSE bug 931698SUSE bug 931723SUSE bug 931845SUSE bug 932026SUSE bug 932483SUSE bug 934789SUSE bug 935033SUSE bug 935540SUSE bug 935979SUSE bug 937202SUSE bug 937766SUSE bug 938248SUSE bug 938432SUSE bug 938895SUSE bug 938905SUSE bug 938906SUSE bug 938913SUSE bug 938945SUSE bug 943664SUSE bug 944729SUSE bug 945582SUSE bug 955589SUSE bug 980406SUSE bug 990592SUSE bug 994144cpe:/o:suse:sll:7CVE-2015-4021SUSE Liberty Linux 7
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
ModerateCVE-2015-4021 at SUSECVE-2015-4021 at NVDSUSE bug 931769SUSE bug 935074SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4022SUSE Liberty Linux 7
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.
ModerateCVE-2015-4022 at SUSECVE-2015-4022 at NVDSUSE bug 931769SUSE bug 931772SUSE bug 935275SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4024SUSE Liberty Linux 7
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
ModerateCVE-2015-4024 at SUSECVE-2015-4024 at NVDSUSE bug 931421SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4025SUSE Liberty Linux 7
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
ImportantCVE-2015-4025 at SUSECVE-2015-4025 at NVDSUSE bug 1067090cpe:/o:suse:sll:7CVE-2015-4026SUSE Liberty Linux 7
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
ModerateCVE-2015-4026 at SUSECVE-2015-4026 at NVDSUSE bug 931776SUSE bug 935227SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4142SUSE Liberty Linux 7
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
ModerateCVE-2015-4142 at SUSECVE-2015-4142 at NVDSUSE bug 915323SUSE bug 930078cpe:/o:suse:sll:7CVE-2015-4147SUSE Liberty Linux 7
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.
ModerateCVE-2015-4147 at SUSECVE-2015-4147 at NVDSUSE bug 925109SUSE bug 933227cpe:/o:suse:sll:7CVE-2015-4148SUSE Liberty Linux 7
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
LowCVE-2015-4148 at SUSECVE-2015-4148 at NVDSUSE bug 933227SUSE bug 935074SUSE bug 935226SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4170SUSE Liberty Linux 7
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
LowCVE-2015-4170 at SUSECVE-2015-4170 at NVDSUSE bug 933423cpe:/o:suse:sll:7CVE-2015-4473SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4473 at SUSECVE-2015-4473 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4475SUSE Liberty Linux 7
The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file.
ImportantCVE-2015-4475 at SUSECVE-2015-4475 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4478SUSE Liberty Linux 7
Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.
ImportantCVE-2015-4478 at SUSECVE-2015-4478 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4479SUSE Liberty Linux 7
Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.
ImportantCVE-2015-4479 at SUSECVE-2015-4479 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4480SUSE Liberty Linux 7
Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding.
ImportantCVE-2015-4480 at SUSECVE-2015-4480 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4484SUSE Liberty Linux 7
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.
ImportantCVE-2015-4484 at SUSECVE-2015-4484 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4485SUSE Liberty Linux 7
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.
ImportantCVE-2015-4485 at SUSECVE-2015-4485 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4486SUSE Liberty Linux 7
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.
ImportantCVE-2015-4486 at SUSECVE-2015-4486 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4487SUSE Liberty Linux 7
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ImportantCVE-2015-4487 at SUSECVE-2015-4487 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4488SUSE Liberty Linux 7
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.
ImportantCVE-2015-4488 at SUSECVE-2015-4488 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4489SUSE Liberty Linux 7
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
ImportantCVE-2015-4489 at SUSECVE-2015-4489 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4491SUSE Liberty Linux 7
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.
ModerateCVE-2015-4491 at SUSECVE-2015-4491 at NVDSUSE bug 940806SUSE bug 942801SUSE bug 948790cpe:/o:suse:sll:7CVE-2015-4492SUSE Liberty Linux 7
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.
ImportantCVE-2015-4492 at SUSECVE-2015-4492 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4493SUSE Liberty Linux 7
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
ImportantCVE-2015-4493 at SUSECVE-2015-4493 at NVDSUSE bug 940806cpe:/o:suse:sll:7CVE-2015-4495SUSE Liberty Linux 7
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
ImportantCVE-2015-4495 at SUSECVE-2015-4495 at NVDSUSE bug 863095SUSE bug 940806SUSE bug 940918cpe:/o:suse:sll:7CVE-2015-4497SUSE Liberty Linux 7
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.
ModerateCVE-2015-4497 at SUSECVE-2015-4497 at NVDSUSE bug 943550SUSE bug 943557SUSE bug 943608cpe:/o:suse:sll:7CVE-2015-4498SUSE Liberty Linux 7
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.
ModerateCVE-2015-4498 at SUSECVE-2015-4498 at NVDSUSE bug 943550SUSE bug 943558SUSE bug 943608cpe:/o:suse:sll:7CVE-2015-4500SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4500 at SUSECVE-2015-4500 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4509SUSE Liberty Linux 7
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.
ImportantCVE-2015-4509 at SUSECVE-2015-4509 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4510SUSE Liberty Linux 7
Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.
ModerateCVE-2015-4510 at SUSECVE-2015-4510 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4513SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2015-4513 at SUSECVE-2015-4513 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-4517SUSE Liberty Linux 7
NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-4517 at SUSECVE-2015-4517 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4519SUSE Liberty Linux 7
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.
ImportantCVE-2015-4519 at SUSECVE-2015-4519 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4520SUSE Liberty Linux 7
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.
ImportantCVE-2015-4520 at SUSECVE-2015-4520 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4521SUSE Liberty Linux 7
The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-4521 at SUSECVE-2015-4521 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4522SUSE Liberty Linux 7
The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ImportantCVE-2015-4522 at SUSECVE-2015-4522 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-4588SUSE Liberty Linux 7
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.
ModerateCVE-2015-4588 at SUSECVE-2015-4588 at NVDSUSE bug 933109cpe:/o:suse:sll:7CVE-2015-4598SUSE Liberty Linux 7
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files.
ModerateCVE-2015-4598 at SUSECVE-2015-4598 at NVDSUSE bug 935227SUSE bug 935232SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4599SUSE Liberty Linux 7
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
ModerateCVE-2015-4599 at SUSECVE-2015-4599 at NVDSUSE bug 935074SUSE bug 935226SUSE bug 935234SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4600SUSE Liberty Linux 7
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.
ModerateCVE-2015-4600 at SUSECVE-2015-4600 at NVDSUSE bug 935226SUSE bug 935234SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4601SUSE Liberty Linux 7
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.
ModerateCVE-2015-4601 at SUSECVE-2015-4601 at NVDSUSE bug 935226SUSE bug 935234SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4602SUSE Liberty Linux 7
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
ModerateCVE-2015-4602 at SUSECVE-2015-4602 at NVDSUSE bug 935074SUSE bug 935224SUSE bug 935226SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4603SUSE Liberty Linux 7
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
ModerateCVE-2015-4603 at SUSECVE-2015-4603 at NVDSUSE bug 935074SUSE bug 935226SUSE bug 935234SUSE bug 980366cpe:/o:suse:sll:7CVE-2015-4604SUSE Liberty Linux 7
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
ImportantCVE-2015-4604 at SUSECVE-2015-4604 at NVDSUSE bug 935225cpe:/o:suse:sll:7CVE-2015-4605SUSE Liberty Linux 7
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
ImportantCVE-2015-4605 at SUSECVE-2015-4605 at NVDSUSE bug 935225cpe:/o:suse:sll:7CVE-2015-4620SUSE Liberty Linux 7
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
CriticalCVE-2015-4620 at SUSECVE-2015-4620 at NVDSUSE bug 936476cpe:/o:suse:sll:7CVE-2015-4695SUSE Liberty Linux 7
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.
ModerateCVE-2015-4695 at SUSECVE-2015-4695 at NVDSUSE bug 936058cpe:/o:suse:sll:7CVE-2015-4696SUSE Liberty Linux 7
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.
ModerateCVE-2015-4696 at SUSECVE-2015-4696 at NVDSUSE bug 936062cpe:/o:suse:sll:7CVE-2015-4700SUSE Liberty Linux 7
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
ModerateCVE-2015-4700 at SUSECVE-2015-4700 at NVDSUSE bug 935705SUSE bug 939273cpe:/o:suse:sll:7CVE-2015-4731SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
ImportantCVE-2015-4731 at SUSECVE-2015-4731 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-4732SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.
ImportantCVE-2015-4732 at SUSECVE-2015-4732 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-4733SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
ImportantCVE-2015-4733 at SUSECVE-2015-4733 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-4734SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.
ModerateCVE-2015-4734 at SUSECVE-2015-4734 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4737SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.
LowCVE-2015-4737 at SUSECVE-2015-4737 at NVDSUSE bug 938412cpe:/o:suse:sll:7CVE-2015-4748SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
ImportantCVE-2015-4748 at SUSECVE-2015-4748 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-4749SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.
ImportantCVE-2015-4749 at SUSECVE-2015-4749 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-4752SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
LowCVE-2015-4752 at SUSECVE-2015-4752 at NVDSUSE bug 938412cpe:/o:suse:sll:7CVE-2015-4757SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
LowCVE-2015-4757 at SUSECVE-2015-4757 at NVDSUSE bug 938412cpe:/o:suse:sll:7CVE-2015-4760SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2015-4760 at SUSECVE-2015-4760 at NVDSUSE bug 937828SUSE bug 938248SUSE bug 938895cpe:/o:suse:sll:7CVE-2015-4792SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
ImportantCVE-2015-4792 at SUSECVE-2015-4792 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4802SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
ImportantCVE-2015-4802 at SUSECVE-2015-4802 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4803SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.
ModerateCVE-2015-4803 at SUSECVE-2015-4803 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4805SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
ModerateCVE-2015-4805 at SUSECVE-2015-4805 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4806SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ModerateCVE-2015-4806 at SUSECVE-2015-4806 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4815SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
ImportantCVE-2015-4815 at SUSECVE-2015-4815 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4816SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
ImportantCVE-2015-4816 at SUSECVE-2015-4816 at NVDSUSE bug 951391SUSE bug 958790cpe:/o:suse:sll:7CVE-2015-4819SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
ImportantCVE-2015-4819 at SUSECVE-2015-4819 at NVDSUSE bug 951391SUSE bug 958790SUSE bug 969667cpe:/o:suse:sll:7CVE-2015-4826SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
ImportantCVE-2015-4826 at SUSECVE-2015-4826 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4830SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
ImportantCVE-2015-4830 at SUSECVE-2015-4830 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4835SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.
ModerateCVE-2015-4835 at SUSECVE-2015-4835 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4836SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
ImportantCVE-2015-4836 at SUSECVE-2015-4836 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4840SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D.
ModerateCVE-2015-4840 at SUSECVE-2015-4840 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4842SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
ModerateCVE-2015-4842 at SUSECVE-2015-4842 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4843SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2015-4843 at SUSECVE-2015-4843 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4844SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ModerateCVE-2015-4844 at SUSECVE-2015-4844 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4858SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
ImportantCVE-2015-4858 at SUSECVE-2015-4858 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4860SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.
ModerateCVE-2015-4860 at SUSECVE-2015-4860 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4861SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
ImportantCVE-2015-4861 at SUSECVE-2015-4861 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4868SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
ModerateCVE-2015-4868 at SUSECVE-2015-4868 at NVDSUSE bug 951376cpe:/o:suse:sll:7CVE-2015-4870SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
ImportantCVE-2015-4870 at SUSECVE-2015-4870 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-4871SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ModerateCVE-2015-4871 at SUSECVE-2015-4871 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4872SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security.
ModerateCVE-2015-4872 at SUSECVE-2015-4872 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4879SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
ImportantCVE-2015-4879 at SUSECVE-2015-4879 at NVDSUSE bug 951391SUSE bug 958790cpe:/o:suse:sll:7CVE-2015-4881SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.
CriticalCVE-2015-4881 at SUSECVE-2015-4881 at NVDSUSE bug 951376cpe:/o:suse:sll:7CVE-2015-4882SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA.
ModerateCVE-2015-4882 at SUSECVE-2015-4882 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4883SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.
ModerateCVE-2015-4883 at SUSECVE-2015-4883 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4893SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.
ModerateCVE-2015-4893 at SUSECVE-2015-4893 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4903SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI.
ModerateCVE-2015-4903 at SUSECVE-2015-4903 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4911SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.
ModerateCVE-2015-4911 at SUSECVE-2015-4911 at NVDSUSE bug 951376SUSE bug 955131cpe:/o:suse:sll:7CVE-2015-4913SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
ImportantCVE-2015-4913 at SUSECVE-2015-4913 at NVDSUSE bug 951391SUSE bug 958789cpe:/o:suse:sll:7CVE-2015-5073SUSE Liberty Linux 7
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.
CriticalCVE-2015-5073 at SUSECVE-2015-5073 at NVDSUSE bug 936227cpe:/o:suse:sll:7CVE-2015-5154SUSE Liberty Linux 7
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
ImportantCVE-2015-5154 at SUSECVE-2015-5154 at NVDSUSE bug 938344SUSE bug 950367cpe:/o:suse:sll:7CVE-2015-5156SUSE Liberty Linux 7
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
ModerateCVE-2015-5156 at SUSECVE-2015-5156 at NVDSUSE bug 1091815SUSE bug 1123903SUSE bug 940776SUSE bug 945048SUSE bug 951638cpe:/o:suse:sll:7CVE-2015-5157SUSE Liberty Linux 7
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
ImportantCVE-2015-5157 at SUSECVE-2015-5157 at NVDSUSE bug 1072204SUSE bug 1115893SUSE bug 937969SUSE bug 937970SUSE bug 938706SUSE bug 939207cpe:/o:suse:sll:7CVE-2015-5160SUSE Liberty Linux 7
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
ModerateCVE-2015-5160 at SUSECVE-2015-5160 at NVDSUSE bug 939348cpe:/o:suse:sll:7CVE-2015-5165SUSE Liberty Linux 7
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
ModerateCVE-2015-5165 at SUSECVE-2015-5165 at NVDSUSE bug 939712SUSE bug 950367cpe:/o:suse:sll:7CVE-2015-5174SUSE Liberty Linux 7
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
ModerateCVE-2015-5174 at SUSECVE-2015-5174 at NVDSUSE bug 967967cpe:/o:suse:sll:7CVE-2015-5180SUSE Liberty Linux 7
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
ImportantCVE-2015-5180 at SUSECVE-2015-5180 at NVDSUSE bug 1123874SUSE bug 1215582SUSE bug 941234cpe:/o:suse:sll:7CVE-2015-5189SUSE Liberty Linux 7
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
ModerateCVE-2015-5189 at SUSECVE-2015-5189 at NVDcpe:/o:suse:sll:7CVE-2015-5190SUSE Liberty Linux 7
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
CriticalCVE-2015-5190 at SUSECVE-2015-5190 at NVDcpe:/o:suse:sll:7CVE-2015-5194SUSE Liberty Linux 7
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
LowCVE-2015-5194 at SUSECVE-2015-5194 at NVDSUSE bug 943216SUSE bug 943218SUSE bug 943219SUSE bug 943221SUSE bug 959243cpe:/o:suse:sll:7CVE-2015-5195SUSE Liberty Linux 7
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
LowCVE-2015-5195 at SUSECVE-2015-5195 at NVDSUSE bug 943216SUSE bug 943218SUSE bug 943219SUSE bug 943221cpe:/o:suse:sll:7CVE-2015-5196SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ImportantCVE-2015-5196 at SUSECVE-2015-5196 at NVDSUSE bug 1010964SUSE bug 943216SUSE bug 943218SUSE bug 943219SUSE bug 943221SUSE bug 951608SUSE bug 959243SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-5203SUSE Liberty Linux 7
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
ImportantCVE-2015-5203 at SUSECVE-2015-5203 at NVDSUSE bug 1178702SUSE bug 941919SUSE bug 942553cpe:/o:suse:sll:7CVE-2015-5219SUSE Liberty Linux 7
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
ImportantCVE-2015-5219 at SUSECVE-2015-5219 at NVDSUSE bug 1010964SUSE bug 943216SUSE bug 943218SUSE bug 943219SUSE bug 943221SUSE bug 959243cpe:/o:suse:sll:7CVE-2015-5221SUSE Liberty Linux 7
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
ImportantCVE-2015-5221 at SUSECVE-2015-5221 at NVDSUSE bug 1178702SUSE bug 942553cpe:/o:suse:sll:7CVE-2015-5229SUSE Liberty Linux 7
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
LowCVE-2015-5229 at SUSECVE-2015-5229 at NVDSUSE bug 943015cpe:/o:suse:sll:7CVE-2015-5252SUSE Liberty Linux 7
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
ModerateCVE-2015-5252 at SUSECVE-2015-5252 at NVDSUSE bug 958582cpe:/o:suse:sll:7CVE-2015-5260SUSE Liberty Linux 7
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.
ImportantCVE-2015-5260 at SUSECVE-2015-5260 at NVDSUSE bug 944787cpe:/o:suse:sll:7CVE-2015-5261SUSE Liberty Linux 7
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
ImportantCVE-2015-5261 at SUSECVE-2015-5261 at NVDSUSE bug 948976SUSE bug 982386cpe:/o:suse:sll:7CVE-2015-5273SUSE Liberty Linux 7
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
ModerateCVE-2015-5273 at SUSECVE-2015-5273 at NVDcpe:/o:suse:sll:7CVE-2015-5277SUSE Liberty Linux 7
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.
ImportantCVE-2015-5277 at SUSECVE-2015-5277 at NVDSUSE bug 1123874SUSE bug 945830cpe:/o:suse:sll:7CVE-2015-5281SUSE Liberty Linux 7
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.
LowCVE-2015-5281 at SUSECVE-2015-5281 at NVDcpe:/o:suse:sll:7CVE-2015-5283SUSE Liberty Linux 7
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
ModerateCVE-2015-5283 at SUSECVE-2015-5283 at NVDSUSE bug 947155cpe:/o:suse:sll:7CVE-2015-5287SUSE Liberty Linux 7
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
ModerateCVE-2015-5287 at SUSECVE-2015-5287 at NVDcpe:/o:suse:sll:7CVE-2015-5288SUSE Liberty Linux 7
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
LowCVE-2015-5288 at SUSECVE-2015-5288 at NVDSUSE bug 949669SUSE bug 949670cpe:/o:suse:sll:7CVE-2015-5289SUSE Liberty Linux 7
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
ModerateCVE-2015-5289 at SUSECVE-2015-5289 at NVDSUSE bug 949669SUSE bug 949670cpe:/o:suse:sll:7CVE-2015-5292SUSE Liberty Linux 7
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.
ModerateCVE-2015-5292 at SUSECVE-2015-5292 at NVDSUSE bug 948819cpe:/o:suse:sll:7CVE-2015-5296SUSE Liberty Linux 7
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
ModerateCVE-2015-5296 at SUSECVE-2015-5296 at NVDSUSE bug 1058622SUSE bug 958584SUSE bug 973031cpe:/o:suse:sll:7CVE-2015-5299SUSE Liberty Linux 7
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
LowCVE-2015-5299 at SUSECVE-2015-5299 at NVDSUSE bug 958583cpe:/o:suse:sll:7CVE-2015-5300SUSE Liberty Linux 7
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
ImportantCVE-2015-5300 at SUSECVE-2015-5300 at NVDSUSE bug 951629SUSE bug 959243SUSE bug 962624cpe:/o:suse:sll:7CVE-2015-5302SUSE Liberty Linux 7
libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.
ModerateCVE-2015-5302 at SUSECVE-2015-5302 at NVDcpe:/o:suse:sll:7CVE-2015-5307SUSE Liberty Linux 7
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
ModerateCVE-2015-5307 at SUSECVE-2015-5307 at NVDSUSE bug 953527SUSE bug 954018SUSE bug 954404SUSE bug 954405SUSE bug 962977cpe:/o:suse:sll:7CVE-2015-5312SUSE Liberty Linux 7
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
ImportantCVE-2015-5312 at SUSECVE-2015-5312 at NVDSUSE bug 1123919SUSE bug 957105SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-5313SUSE Liberty Linux 7
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.
LowCVE-2015-5313 at SUSECVE-2015-5313 at NVDSUSE bug 953110cpe:/o:suse:sll:7CVE-2015-5330SUSE Liberty Linux 7
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
LowCVE-2015-5330 at SUSECVE-2015-5330 at NVDSUSE bug 958581SUSE bug 958586cpe:/o:suse:sll:7CVE-2015-5345SUSE Liberty Linux 7
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
ModerateCVE-2015-5345 at SUSECVE-2015-5345 at NVDSUSE bug 967965cpe:/o:suse:sll:7CVE-2015-5346SUSE Liberty Linux 7
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.
ModerateCVE-2015-5346 at SUSECVE-2015-5346 at NVDSUSE bug 967814cpe:/o:suse:sll:7CVE-2015-5351SUSE Liberty Linux 7
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
ModerateCVE-2015-5351 at SUSECVE-2015-5351 at NVDSUSE bug 967812cpe:/o:suse:sll:7CVE-2015-5364SUSE Liberty Linux 7
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.
ModerateCVE-2015-5364 at SUSECVE-2015-5364 at NVDSUSE bug 1115893SUSE bug 781018SUSE bug 936831SUSE bug 939276SUSE bug 945112cpe:/o:suse:sll:7CVE-2015-5366SUSE Liberty Linux 7
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.
ModerateCVE-2015-5366 at SUSECVE-2015-5366 at NVDSUSE bug 781018SUSE bug 936831SUSE bug 939276SUSE bug 945112cpe:/o:suse:sll:7CVE-2015-5370SUSE Liberty Linux 7
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
ImportantCVE-2015-5370 at SUSECVE-2015-5370 at NVDSUSE bug 936862SUSE bug 975276SUSE bug 977416cpe:/o:suse:sll:7CVE-2015-5477SUSE Liberty Linux 7
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
ModerateCVE-2015-5477 at SUSECVE-2015-5477 at NVDSUSE bug 1000362SUSE bug 939567SUSE bug 980168cpe:/o:suse:sll:7CVE-2015-5600SUSE Liberty Linux 7
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.
ImportantCVE-2015-5600 at SUSECVE-2015-5600 at NVDSUSE bug 1009988SUSE bug 1074631SUSE bug 1138392SUSE bug 938746SUSE bug 943006SUSE bug 943007SUSE bug 943010SUSE bug 943504SUSE bug 945985SUSE bug 948086SUSE bug 954457SUSE bug 957883SUSE bug 996040cpe:/o:suse:sll:7CVE-2015-5621SUSE Liberty Linux 7
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
ImportantCVE-2015-5621 at SUSECVE-2015-5621 at NVDSUSE bug 1111123SUSE bug 940188SUSE bug 969779cpe:/o:suse:sll:7CVE-2015-5722SUSE Liberty Linux 7
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
ImportantCVE-2015-5722 at SUSECVE-2015-5722 at NVDSUSE bug 944066SUSE bug 944107SUSE bug 954983SUSE bug 958861cpe:/o:suse:sll:7CVE-2015-6243SUSE Liberty Linux 7
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.
ModerateCVE-2015-6243 at SUSECVE-2015-6243 at NVDSUSE bug 941500cpe:/o:suse:sll:7CVE-2015-6244SUSE Liberty Linux 7
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6244 at SUSECVE-2015-6244 at NVDSUSE bug 941500cpe:/o:suse:sll:7CVE-2015-6245SUSE Liberty Linux 7
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
ModerateCVE-2015-6245 at SUSECVE-2015-6245 at NVDSUSE bug 941500cpe:/o:suse:sll:7CVE-2015-6246SUSE Liberty Linux 7
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6246 at SUSECVE-2015-6246 at NVDSUSE bug 941500cpe:/o:suse:sll:7CVE-2015-6248SUSE Liberty Linux 7
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
ModerateCVE-2015-6248 at SUSECVE-2015-6248 at NVDSUSE bug 941500cpe:/o:suse:sll:7CVE-2015-6360SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
ImportantCVE-2015-6360 at SUSECVE-2015-6360 at NVDSUSE bug 957376cpe:/o:suse:sll:7CVE-2015-6526SUSE Liberty Linux 7
The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.
ModerateCVE-2015-6526 at SUSECVE-2015-6526 at NVDSUSE bug 942702cpe:/o:suse:sll:7CVE-2015-6563SUSE Liberty Linux 7
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
ModerateCVE-2015-6563 at SUSECVE-2015-6563 at NVDSUSE bug 1074631SUSE bug 943006SUSE bug 943007SUSE bug 943010SUSE bug 948086SUSE bug 996040cpe:/o:suse:sll:7CVE-2015-6564SUSE Liberty Linux 7
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
ModerateCVE-2015-6564 at SUSECVE-2015-6564 at NVDSUSE bug 1074631SUSE bug 1138392SUSE bug 942850SUSE bug 943006SUSE bug 943007SUSE bug 943010SUSE bug 948086SUSE bug 996040cpe:/o:suse:sll:7CVE-2015-6908SUSE Liberty Linux 7
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
ImportantCVE-2015-6908 at SUSECVE-2015-6908 at NVDSUSE bug 945582cpe:/o:suse:sll:7CVE-2015-7174SUSE Liberty Linux 7
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ImportantCVE-2015-7174 at SUSECVE-2015-7174 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-7175SUSE Liberty Linux 7
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
ImportantCVE-2015-7175 at SUSECVE-2015-7175 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-7176SUSE Liberty Linux 7
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-7176 at SUSECVE-2015-7176 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-7177SUSE Liberty Linux 7
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-7177 at SUSECVE-2015-7177 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-7180SUSE Liberty Linux 7
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ImportantCVE-2015-7180 at SUSECVE-2015-7180 at NVDSUSE bug 947003cpe:/o:suse:sll:7CVE-2015-7181SUSE Liberty Linux 7
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.
ImportantCVE-2015-7181 at SUSECVE-2015-7181 at NVDSUSE bug 952810SUSE bug 962977cpe:/o:suse:sll:7CVE-2015-7182SUSE Liberty Linux 7
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
ImportantCVE-2015-7182 at SUSECVE-2015-7182 at NVDSUSE bug 952810SUSE bug 962977cpe:/o:suse:sll:7CVE-2015-7183SUSE Liberty Linux 7
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
ImportantCVE-2015-7183 at SUSECVE-2015-7183 at NVDSUSE bug 952810SUSE bug 962977cpe:/o:suse:sll:7CVE-2015-7188SUSE Liberty Linux 7
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.
ImportantCVE-2015-7188 at SUSECVE-2015-7188 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7189SUSE Liberty Linux 7
Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code.
ImportantCVE-2015-7189 at SUSECVE-2015-7189 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7193SUSE Liberty Linux 7
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.
ImportantCVE-2015-7193 at SUSECVE-2015-7193 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7194SUSE Liberty Linux 7
Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive.
ImportantCVE-2015-7194 at SUSECVE-2015-7194 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7196SUSE Liberty Linux 7
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
ImportantCVE-2015-7196 at SUSECVE-2015-7196 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7197SUSE Liberty Linux 7
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
ImportantCVE-2015-7197 at SUSECVE-2015-7197 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7198SUSE Liberty Linux 7
Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data.
ImportantCVE-2015-7198 at SUSECVE-2015-7198 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7199SUSE Liberty Linux 7
The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document.
ImportantCVE-2015-7199 at SUSECVE-2015-7199 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7200SUSE Liberty Linux 7
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
ImportantCVE-2015-7200 at SUSECVE-2015-7200 at NVDSUSE bug 952810cpe:/o:suse:sll:7CVE-2015-7201SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2015-7201 at SUSECVE-2015-7201 at NVDSUSE bug 959277cpe:/o:suse:sll:7CVE-2015-7205SUSE Liberty Linux 7
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
CriticalCVE-2015-7205 at SUSECVE-2015-7205 at NVDSUSE bug 959277cpe:/o:suse:sll:7CVE-2015-7210SUSE Liberty Linux 7
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
ModerateCVE-2015-7210 at SUSECVE-2015-7210 at NVDSUSE bug 959277cpe:/o:suse:sll:7CVE-2015-7212SUSE Liberty Linux 7
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
ImportantCVE-2015-7212 at SUSECVE-2015-7212 at NVDSUSE bug 959277cpe:/o:suse:sll:7CVE-2015-7213SUSE Liberty Linux 7
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
ModerateCVE-2015-7213 at SUSECVE-2015-7213 at NVDSUSE bug 959277cpe:/o:suse:sll:7CVE-2015-7214SUSE Liberty Linux 7
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
ModerateCVE-2015-7214 at SUSECVE-2015-7214 at NVDSUSE bug 959277cpe:/o:suse:sll:7CVE-2015-7222SUSE Liberty Linux 7
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
ModerateCVE-2015-7222 at SUSECVE-2015-7222 at NVDSUSE bug 959277cpe:/o:suse:sll:7CVE-2015-7236SUSE Liberty Linux 7
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
ImportantCVE-2015-7236 at SUSECVE-2015-7236 at NVDSUSE bug 940191SUSE bug 946204SUSE bug 979097cpe:/o:suse:sll:7CVE-2015-7496SUSE Liberty Linux 7
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
LowCVE-2015-7496 at SUSECVE-2015-7496 at NVDSUSE bug 955552cpe:/o:suse:sll:7CVE-2015-7497SUSE Liberty Linux 7
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
ModerateCVE-2015-7497 at SUSECVE-2015-7497 at NVDSUSE bug 1123919SUSE bug 957106SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-7498SUSE Liberty Linux 7
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
ModerateCVE-2015-7498 at SUSECVE-2015-7498 at NVDSUSE bug 1123919SUSE bug 957107SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-7499SUSE Liberty Linux 7
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
ModerateCVE-2015-7499 at SUSECVE-2015-7499 at NVDSUSE bug 1123919SUSE bug 957109SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-7500SUSE Liberty Linux 7
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
ModerateCVE-2015-7500 at SUSECVE-2015-7500 at NVDSUSE bug 1123919SUSE bug 957110SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-7501SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CriticalCVE-2015-7501 at SUSECVE-2015-7501 at NVDcpe:/o:suse:sll:7CVE-2015-7529SUSE Liberty Linux 7
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
ImportantCVE-2015-7529 at SUSECVE-2015-7529 at NVDcpe:/o:suse:sll:7CVE-2015-7540SUSE Liberty Linux 7
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
ImportantCVE-2015-7540 at SUSECVE-2015-7540 at NVDSUSE bug 958580cpe:/o:suse:sll:7CVE-2015-7547SUSE Liberty Linux 7
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
ImportantCVE-2015-7547 at SUSECVE-2015-7547 at NVDSUSE bug 1077097SUSE bug 847227SUSE bug 961721SUSE bug 967023SUSE bug 967061SUSE bug 967072SUSE bug 967496SUSE bug 969216SUSE bug 969241SUSE bug 969591SUSE bug 986086cpe:/o:suse:sll:7CVE-2015-7554SUSE Liberty Linux 7
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
ImportantCVE-2015-7554 at SUSECVE-2015-7554 at NVDSUSE bug 1007276SUSE bug 1017690SUSE bug 1040322SUSE bug 960341SUSE bug 974621SUSE bug 983436cpe:/o:suse:sll:7CVE-2015-7560SUSE Liberty Linux 7
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
ModerateCVE-2015-7560 at SUSECVE-2015-7560 at NVDSUSE bug 968222cpe:/o:suse:sll:7CVE-2015-7575SUSE Liberty Linux 7
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
ModerateCVE-2015-7575 at SUSECVE-2015-7575 at NVDSUSE bug 959888SUSE bug 960402SUSE bug 960996SUSE bug 961280SUSE bug 961281SUSE bug 961282SUSE bug 961283SUSE bug 961284SUSE bug 961290SUSE bug 961357SUSE bug 962743SUSE bug 963937SUSE bug 967521SUSE bug 981087cpe:/o:suse:sll:7CVE-2015-7613SUSE Liberty Linux 7
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
ImportantCVE-2015-7613 at SUSECVE-2015-7613 at NVDSUSE bug 923755SUSE bug 948536SUSE bug 948701SUSE bug 963994cpe:/o:suse:sll:7CVE-2015-7691SUSE Liberty Linux 7
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
ImportantCVE-2015-7691 at SUSECVE-2015-7691 at NVDSUSE bug 1010964SUSE bug 911792SUSE bug 951608SUSE bug 959243SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-7692SUSE Liberty Linux 7
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
ImportantCVE-2015-7692 at SUSECVE-2015-7692 at NVDSUSE bug 1010964SUSE bug 911792SUSE bug 951608SUSE bug 959243SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-7701SUSE Liberty Linux 7
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
ImportantCVE-2015-7701 at SUSECVE-2015-7701 at NVDSUSE bug 1010964SUSE bug 951608SUSE bug 959243SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-7702SUSE Liberty Linux 7
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
ImportantCVE-2015-7702 at SUSECVE-2015-7702 at NVDSUSE bug 1010964SUSE bug 911792SUSE bug 951608SUSE bug 959243SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-7703SUSE Liberty Linux 7
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
ImportantCVE-2015-7703 at SUSECVE-2015-7703 at NVDSUSE bug 1010964SUSE bug 943216SUSE bug 943218SUSE bug 943219SUSE bug 943221SUSE bug 951608SUSE bug 959243cpe:/o:suse:sll:7CVE-2015-7704SUSE Liberty Linux 7
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
ImportantCVE-2015-7704 at SUSECVE-2015-7704 at NVDSUSE bug 1010964SUSE bug 951608SUSE bug 952611SUSE bug 959243SUSE bug 977446cpe:/o:suse:sll:7CVE-2015-7837SUSE Liberty Linux 7
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
ModerateCVE-2015-7837 at SUSECVE-2015-7837 at NVDSUSE bug 950804cpe:/o:suse:sll:7CVE-2015-7852SUSE Liberty Linux 7
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
ModerateCVE-2015-7852 at SUSECVE-2015-7852 at NVDSUSE bug 1010964SUSE bug 951608SUSE bug 959243SUSE bug 992991cpe:/o:suse:sll:7CVE-2015-7872SUSE Liberty Linux 7
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
ModerateCVE-2015-7872 at SUSECVE-2015-7872 at NVDSUSE bug 951440SUSE bug 951542SUSE bug 951638SUSE bug 958463SUSE bug 958601cpe:/o:suse:sll:7CVE-2015-7941SUSE Liberty Linux 7
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
LowCVE-2015-7941 at SUSECVE-2015-7941 at NVDSUSE bug 1123919SUSE bug 951734SUSE bug 951735SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-7942SUSE Liberty Linux 7
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
LowCVE-2015-7942 at SUSECVE-2015-7942 at NVDSUSE bug 1123919SUSE bug 951735SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-7974SUSE Liberty Linux 7
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
LowCVE-2015-7974 at SUSECVE-2015-7974 at NVDSUSE bug 959243SUSE bug 962960SUSE bug 962995cpe:/o:suse:sll:7CVE-2015-7977SUSE Liberty Linux 7
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
ModerateCVE-2015-7977 at SUSECVE-2015-7977 at NVDSUSE bug 959243SUSE bug 962970SUSE bug 962995cpe:/o:suse:sll:7CVE-2015-7978SUSE Liberty Linux 7
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
ModerateCVE-2015-7978 at SUSECVE-2015-7978 at NVDSUSE bug 959243SUSE bug 962970SUSE bug 962995SUSE bug 963000cpe:/o:suse:sll:7CVE-2015-7979SUSE Liberty Linux 7
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
ModerateCVE-2015-7979 at SUSECVE-2015-7979 at NVDSUSE bug 959243SUSE bug 962784SUSE bug 962995SUSE bug 977459SUSE bug 982065cpe:/o:suse:sll:7CVE-2015-7981SUSE Liberty Linux 7
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
ModerateCVE-2015-7981 at SUSECVE-2015-7981 at NVDSUSE bug 952051SUSE bug 960402SUSE bug 963937cpe:/o:suse:sll:7CVE-2015-8000SUSE Liberty Linux 7
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
ModerateCVE-2015-8000 at SUSECVE-2015-8000 at NVDSUSE bug 944066SUSE bug 958861cpe:/o:suse:sll:7CVE-2015-8035SUSE Liberty Linux 7
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
LowCVE-2015-8035 at SUSECVE-2015-8035 at NVDSUSE bug 1088279SUSE bug 1105166SUSE bug 954429cpe:/o:suse:sll:7CVE-2015-8104SUSE Liberty Linux 7
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
CriticalCVE-2015-8104 at SUSECVE-2015-8104 at NVDSUSE bug 1215748SUSE bug 953527SUSE bug 954018SUSE bug 954404SUSE bug 954405SUSE bug 962977cpe:/o:suse:sll:7CVE-2015-8126SUSE Liberty Linux 7
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDSUSE bug 954980SUSE bug 958198SUSE bug 960402SUSE bug 962743SUSE bug 963937SUSE bug 969333cpe:/o:suse:sll:7CVE-2015-8138SUSE Liberty Linux 7
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
ModerateCVE-2015-8138 at SUSECVE-2015-8138 at NVDSUSE bug 951608SUSE bug 959243SUSE bug 963002SUSE bug 974668SUSE bug 977446cpe:/o:suse:sll:7CVE-2015-8158SUSE Liberty Linux 7
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
LowCVE-2015-8158 at SUSECVE-2015-8158 at NVDSUSE bug 959243SUSE bug 962966cpe:/o:suse:sll:7CVE-2015-8241SUSE Liberty Linux 7
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
ModerateCVE-2015-8241 at SUSECVE-2015-8241 at NVDSUSE bug 1123919SUSE bug 956018SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-8242SUSE Liberty Linux 7
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
ModerateCVE-2015-8242 at SUSECVE-2015-8242 at NVDSUSE bug 1123919SUSE bug 956021SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-8317SUSE Liberty Linux 7
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
ModerateCVE-2015-8317 at SUSECVE-2015-8317 at NVDSUSE bug 1123919SUSE bug 956260SUSE bug 959469SUSE bug 969769cpe:/o:suse:sll:7CVE-2015-8325SUSE Liberty Linux 7
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDSUSE bug 1138392SUSE bug 975865SUSE bug 996040cpe:/o:suse:sll:7CVE-2015-8370SUSE Liberty Linux 7
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDSUSE bug 956631cpe:/o:suse:sll:7CVE-2015-8374SUSE Liberty Linux 7
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
LowCVE-2015-8374 at SUSECVE-2015-8374 at NVDSUSE bug 923755SUSE bug 956053SUSE bug 963994cpe:/o:suse:sll:7CVE-2015-8385SUSE Liberty Linux 7
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CriticalCVE-2015-8385 at SUSECVE-2015-8385 at NVDSUSE bug 957598SUSE bug 958373cpe:/o:suse:sll:7CVE-2015-8386SUSE Liberty Linux 7
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CriticalCVE-2015-8386 at SUSECVE-2015-8386 at NVDSUSE bug 957598SUSE bug 958373cpe:/o:suse:sll:7CVE-2015-8388SUSE Liberty Linux 7
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CriticalCVE-2015-8388 at SUSECVE-2015-8388 at NVDSUSE bug 936227SUSE bug 957598SUSE bug 958373cpe:/o:suse:sll:7CVE-2015-8391SUSE Liberty Linux 7
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CriticalCVE-2015-8391 at SUSECVE-2015-8391 at NVDSUSE bug 957598SUSE bug 958373cpe:/o:suse:sll:7CVE-2015-8472SUSE Liberty Linux 7
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.
ModerateCVE-2015-8472 at SUSECVE-2015-8472 at NVDSUSE bug 954980SUSE bug 958198SUSE bug 960402SUSE bug 963937cpe:/o:suse:sll:7CVE-2015-8539SUSE Liberty Linux 7
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.
ImportantCVE-2015-8539 at SUSECVE-2015-8539 at NVDSUSE bug 1115893SUSE bug 781018SUSE bug 958463SUSE bug 958601cpe:/o:suse:sll:7CVE-2015-8543SUSE Liberty Linux 7
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
ModerateCVE-2015-8543 at SUSECVE-2015-8543 at NVDSUSE bug 1020452SUSE bug 1052256SUSE bug 1115893SUSE bug 923755SUSE bug 958886SUSE bug 963994SUSE bug 969522cpe:/o:suse:sll:7CVE-2015-8629SUSE Liberty Linux 7
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
LowCVE-2015-8629 at SUSECVE-2015-8629 at NVDSUSE bug 770172SUSE bug 963968cpe:/o:suse:sll:7CVE-2015-8630SUSE Liberty Linux 7
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
LowCVE-2015-8630 at SUSECVE-2015-8630 at NVDSUSE bug 963964cpe:/o:suse:sll:7CVE-2015-8631SUSE Liberty Linux 7
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
ModerateCVE-2015-8631 at SUSECVE-2015-8631 at NVDSUSE bug 963975cpe:/o:suse:sll:7CVE-2015-8660SUSE Liberty Linux 7
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
ImportantCVE-2015-8660 at SUSECVE-2015-8660 at NVDSUSE bug 923755SUSE bug 960281SUSE bug 960329SUSE bug 963994cpe:/o:suse:sll:7CVE-2015-8665SUSE Liberty Linux 7
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
LowCVE-2015-8665 at SUSECVE-2015-8665 at NVDSUSE bug 1156749SUSE bug 1156754SUSE bug 1200195cpe:/o:suse:sll:7CVE-2015-8668SUSE Liberty Linux 7
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.
ModerateCVE-2015-8668 at SUSECVE-2015-8668 at NVDSUSE bug 1014461SUSE bug 960589cpe:/o:suse:sll:7CVE-2015-8683SUSE Liberty Linux 7
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
LowCVE-2015-8683 at SUSECVE-2015-8683 at NVDSUSE bug 1156749SUSE bug 1156754SUSE bug 1200195cpe:/o:suse:sll:7CVE-2015-8704SUSE Liberty Linux 7
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
ModerateCVE-2015-8704 at SUSECVE-2015-8704 at NVDSUSE bug 962189SUSE bug 962190SUSE bug 986950cpe:/o:suse:sll:7CVE-2015-8746SUSE Liberty Linux 7
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.
ImportantCVE-2015-8746 at SUSECVE-2015-8746 at NVDSUSE bug 960839cpe:/o:suse:sll:7CVE-2015-8767SUSE Liberty Linux 7
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
LowCVE-2015-8767 at SUSECVE-2015-8767 at NVDSUSE bug 1020452SUSE bug 1115893SUSE bug 961509cpe:/o:suse:sll:7CVE-2015-8776SUSE Liberty Linux 7
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
LowCVE-2015-8776 at SUSECVE-2015-8776 at NVDSUSE bug 1123874SUSE bug 962736SUSE bug 986086cpe:/o:suse:sll:7CVE-2015-8777SUSE Liberty Linux 7
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
LowCVE-2015-8777 at SUSECVE-2015-8777 at NVDSUSE bug 1123874SUSE bug 950944SUSE bug 962735cpe:/o:suse:sll:7CVE-2015-8778SUSE Liberty Linux 7
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
LowCVE-2015-8778 at SUSECVE-2015-8778 at NVDSUSE bug 1123874SUSE bug 962737SUSE bug 986086cpe:/o:suse:sll:7CVE-2015-8779SUSE Liberty Linux 7
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CriticalCVE-2015-8779 at SUSECVE-2015-8779 at NVDSUSE bug 1123874SUSE bug 962739SUSE bug 965453SUSE bug 986086cpe:/o:suse:sll:7CVE-2015-8781SUSE Liberty Linux 7
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
ModerateCVE-2015-8781 at SUSECVE-2015-8781 at NVDSUSE bug 964213SUSE bug 964225cpe:/o:suse:sll:7CVE-2015-8782SUSE Liberty Linux 7
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
ModerateCVE-2015-8782 at SUSECVE-2015-8782 at NVDSUSE bug 964213SUSE bug 964225cpe:/o:suse:sll:7CVE-2015-8783SUSE Liberty Linux 7
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
ModerateCVE-2015-8783 at SUSECVE-2015-8783 at NVDSUSE bug 964213SUSE bug 964225cpe:/o:suse:sll:7CVE-2015-8784SUSE Liberty Linux 7
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
ModerateCVE-2015-8784 at SUSECVE-2015-8784 at NVDSUSE bug 1206220SUSE bug 1206479SUSE bug 916925cpe:/o:suse:sll:7CVE-2015-8803SUSE Liberty Linux 7
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDSUSE bug 964845cpe:/o:suse:sll:7CVE-2015-8804SUSE Liberty Linux 7
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
ModerateCVE-2015-8804 at SUSECVE-2015-8804 at NVDSUSE bug 964847cpe:/o:suse:sll:7CVE-2015-8805SUSE Liberty Linux 7
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
ModerateCVE-2015-8805 at SUSECVE-2015-8805 at NVDSUSE bug 964849cpe:/o:suse:sll:7CVE-2015-8812SUSE Liberty Linux 7
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
ModerateCVE-2015-8812 at SUSECVE-2015-8812 at NVDSUSE bug 1020452SUSE bug 1115893SUSE bug 966437SUSE bug 966683cpe:/o:suse:sll:7CVE-2015-8830SUSE Liberty Linux 7
Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.
ImportantCVE-2015-8830 at SUSECVE-2015-8830 at NVDSUSE bug 969354SUSE bug 969355cpe:/o:suse:sll:7CVE-2015-8839SUSE Liberty Linux 7
Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.
ModerateCVE-2015-8839 at SUSECVE-2015-8839 at NVDSUSE bug 972174cpe:/o:suse:sll:7CVE-2015-8844SUSE Liberty Linux 7
The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
ModerateCVE-2015-8844 at SUSECVE-2015-8844 at NVDSUSE bug 975531SUSE bug 975533cpe:/o:suse:sll:7CVE-2015-8845SUSE Liberty Linux 7
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
ModerateCVE-2015-8845 at SUSECVE-2015-8845 at NVDSUSE bug 975531SUSE bug 975533cpe:/o:suse:sll:7CVE-2015-8868SUSE Liberty Linux 7
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
ModerateCVE-2015-8868 at SUSECVE-2015-8868 at NVDSUSE bug 976844cpe:/o:suse:sll:7CVE-2015-8869SUSE Liberty Linux 7
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
LowCVE-2015-8869 at SUSECVE-2015-8869 at NVDSUSE bug 977990cpe:/o:suse:sll:7CVE-2015-8870SUSE Liberty Linux 7
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
ModerateCVE-2015-8870 at SUSECVE-2015-8870 at NVDSUSE bug 1014461SUSE bug 1150480cpe:/o:suse:sll:7CVE-2015-8895SUSE Liberty Linux 7
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
ModerateCVE-2015-8895 at SUSECVE-2015-8895 at NVDSUSE bug 982969SUSE bug 983527cpe:/o:suse:sll:7CVE-2015-8896SUSE Liberty Linux 7
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
ModerateCVE-2015-8896 at SUSECVE-2015-8896 at NVDSUSE bug 982969SUSE bug 983533cpe:/o:suse:sll:7CVE-2015-8897SUSE Liberty Linux 7
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
LowCVE-2015-8897 at SUSECVE-2015-8897 at NVDSUSE bug 982969SUSE bug 983739SUSE bug 983746cpe:/o:suse:sll:7CVE-2015-8898SUSE Liberty Linux 7
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
ModerateCVE-2015-8898 at SUSECVE-2015-8898 at NVDSUSE bug 982969SUSE bug 983739SUSE bug 983746cpe:/o:suse:sll:7CVE-2015-8916SUSE Liberty Linux 7
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
ModerateCVE-2015-8916 at SUSECVE-2015-8916 at NVDSUSE bug 985694cpe:/o:suse:sll:7CVE-2015-8917SUSE Liberty Linux 7
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
ModerateCVE-2015-8917 at SUSECVE-2015-8917 at NVDSUSE bug 985691cpe:/o:suse:sll:7CVE-2015-8919SUSE Liberty Linux 7
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
ModerateCVE-2015-8919 at SUSECVE-2015-8919 at NVDSUSE bug 985697cpe:/o:suse:sll:7CVE-2015-8920SUSE Liberty Linux 7
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
ModerateCVE-2015-8920 at SUSECVE-2015-8920 at NVDSUSE bug 985675cpe:/o:suse:sll:7CVE-2015-8921SUSE Liberty Linux 7
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
ModerateCVE-2015-8921 at SUSECVE-2015-8921 at NVDSUSE bug 985682cpe:/o:suse:sll:7CVE-2015-8922SUSE Liberty Linux 7
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
ModerateCVE-2015-8922 at SUSECVE-2015-8922 at NVDSUSE bug 985685cpe:/o:suse:sll:7CVE-2015-8923SUSE Liberty Linux 7
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
ModerateCVE-2015-8923 at SUSECVE-2015-8923 at NVDSUSE bug 985703cpe:/o:suse:sll:7CVE-2015-8924SUSE Liberty Linux 7
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
ModerateCVE-2015-8924 at SUSECVE-2015-8924 at NVDSUSE bug 985609cpe:/o:suse:sll:7CVE-2015-8925SUSE Liberty Linux 7
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
ModerateCVE-2015-8925 at SUSECVE-2015-8925 at NVDSUSE bug 985706cpe:/o:suse:sll:7CVE-2015-8926SUSE Liberty Linux 7
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
ModerateCVE-2015-8926 at SUSECVE-2015-8926 at NVDSUSE bug 985704cpe:/o:suse:sll:7CVE-2015-8928SUSE Liberty Linux 7
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
ModerateCVE-2015-8928 at SUSECVE-2015-8928 at NVDSUSE bug 985679cpe:/o:suse:sll:7CVE-2015-8930SUSE Liberty Linux 7
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
ModerateCVE-2015-8930 at SUSECVE-2015-8930 at NVDSUSE bug 985700cpe:/o:suse:sll:7CVE-2015-8931SUSE Liberty Linux 7
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
ModerateCVE-2015-8931 at SUSECVE-2015-8931 at NVDSUSE bug 985689cpe:/o:suse:sll:7CVE-2015-8932SUSE Liberty Linux 7
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
ModerateCVE-2015-8932 at SUSECVE-2015-8932 at NVDSUSE bug 985665cpe:/o:suse:sll:7CVE-2015-8934SUSE Liberty Linux 7
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
ModerateCVE-2015-8934 at SUSECVE-2015-8934 at NVDSUSE bug 985673cpe:/o:suse:sll:7CVE-2015-8956SUSE Liberty Linux 7
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
ModerateCVE-2015-8956 at SUSECVE-2015-8956 at NVDSUSE bug 1003925cpe:/o:suse:sll:7CVE-2015-8970SUSE Liberty Linux 7
crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.
ModerateCVE-2015-8970 at SUSECVE-2015-8970 at NVDSUSE bug 1008374SUSE bug 1008850cpe:/o:suse:sll:7CVE-2015-9251SUSE Liberty Linux 7
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
ModerateCVE-2015-9251 at SUSECVE-2015-9251 at NVDSUSE bug 1099458SUSE bug 1100133SUSE bug 1111660cpe:/o:suse:sll:7CVE-2015-9262SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
ModerateCVE-2015-9262 at SUSECVE-2015-9262 at NVDSUSE bug 1103511SUSE bug 1123801SUSE bug 1159415cpe:/o:suse:sll:7CVE-2015-9289SUSE Liberty Linux 7
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.
ModerateCVE-2015-9289 at SUSECVE-2015-9289 at NVDSUSE bug 1143179cpe:/o:suse:sll:7CVE-2015-9381SUSE Liberty Linux 7 LTSS
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
ModerateCVE-2015-9381 at SUSECVE-2015-9381 at NVDSUSE bug 1149384CVE-2015-9382SUSE Liberty Linux 7 LTSS
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
ModerateCVE-2015-9382 at SUSECVE-2015-9382 at NVDSUSE bug 1149395CVE-2016-0402SUSE Liberty Linux 7
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
ImportantCVE-2016-0402 at SUSECVE-2016-0402 at NVDSUSE bug 960402SUSE bug 962743SUSE bug 963937cpe:/o:suse:sll:7CVE-2016-0448SUSE Liberty Linux 7
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
ImportantCVE-2016-0448 at SUSECVE-2016-0448 at NVDSUSE bug 960402SUSE bug 962743SUSE bug 963937cpe:/o:suse:sll:7CVE-2016-0466SUSE Liberty Linux 7
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
ImportantCVE-2016-0466 at SUSECVE-2016-0466 at NVDSUSE bug 960402SUSE bug 962743SUSE bug 963937cpe:/o:suse:sll:7CVE-2016-0475SUSE Liberty Linux 7
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
ImportantCVE-2016-0475 at SUSECVE-2016-0475 at NVDSUSE bug 962743SUSE bug 963937cpe:/o:suse:sll:7CVE-2016-0483SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.
ImportantCVE-2016-0483 at SUSECVE-2016-0483 at NVDSUSE bug 960402SUSE bug 962743SUSE bug 963937cpe:/o:suse:sll:7CVE-2016-0494SUSE Liberty Linux 7
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
ImportantCVE-2016-0494 at SUSECVE-2016-0494 at NVDSUSE bug 962743SUSE bug 963937cpe:/o:suse:sll:7CVE-2016-0505SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
ModerateCVE-2016-0505 at SUSECVE-2016-0505 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0546SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
ImportantCVE-2016-0546 at SUSECVE-2016-0546 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0596SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
ModerateCVE-2016-0596 at SUSECVE-2016-0596 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0597SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
ModerateCVE-2016-0597 at SUSECVE-2016-0597 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0598SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
ModerateCVE-2016-0598 at SUSECVE-2016-0598 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0600SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
ModerateCVE-2016-0600 at SUSECVE-2016-0600 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0606SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
ModerateCVE-2016-0606 at SUSECVE-2016-0606 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0608SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
ModerateCVE-2016-0608 at SUSECVE-2016-0608 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0609SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
ModerateCVE-2016-0609 at SUSECVE-2016-0609 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0616SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
ModerateCVE-2016-0616 at SUSECVE-2016-0616 at NVDSUSE bug 962779SUSE bug 962817SUSE bug 962930SUSE bug 962931SUSE bug 962932SUSE bug 962934SUSE bug 962935SUSE bug 962936SUSE bug 962937SUSE bug 962938SUSE bug 962939SUSE bug 962941SUSE bug 962942SUSE bug 962943SUSE bug 962944SUSE bug 962945SUSE bug 962946SUSE bug 962947SUSE bug 962948SUSE bug 962949SUSE bug 962950SUSE bug 962951SUSE bug 962952SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0634SUSE Liberty Linux 7
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
LowCVE-2016-0634 at SUSECVE-2016-0634 at NVDSUSE bug 1000396SUSE bug 1001299SUSE bug 1159416SUSE bug 1188388cpe:/o:suse:sll:7CVE-2016-0636SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
ModerateCVE-2016-0636 at SUSECVE-2016-0636 at NVDSUSE bug 972468SUSE bug 979252cpe:/o:suse:sll:7CVE-2016-0640SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
ModerateCVE-2016-0640 at SUSECVE-2016-0640 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0641SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
ModerateCVE-2016-0641 at SUSECVE-2016-0641 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0643SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
ModerateCVE-2016-0643 at SUSECVE-2016-0643 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0644SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
ModerateCVE-2016-0644 at SUSECVE-2016-0644 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0646SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
ModerateCVE-2016-0646 at SUSECVE-2016-0646 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0647SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
ModerateCVE-2016-0647 at SUSECVE-2016-0647 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0648SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
ModerateCVE-2016-0648 at SUSECVE-2016-0648 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0649SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
ModerateCVE-2016-0649 at SUSECVE-2016-0649 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0650SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
ModerateCVE-2016-0650 at SUSECVE-2016-0650 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0666SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
ModerateCVE-2016-0666 at SUSECVE-2016-0666 at NVDSUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-0686SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
ImportantCVE-2016-0686 at SUSECVE-2016-0686 at NVDSUSE bug 976340SUSE bug 979252cpe:/o:suse:sll:7CVE-2016-0687SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
ImportantCVE-2016-0687 at SUSECVE-2016-0687 at NVDSUSE bug 976340SUSE bug 979252cpe:/o:suse:sll:7CVE-2016-0695SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
ImportantCVE-2016-0695 at SUSECVE-2016-0695 at NVDSUSE bug 976340SUSE bug 979252cpe:/o:suse:sll:7CVE-2016-0702SUSE Liberty Linux 7
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
ModerateCVE-2016-0702 at SUSECVE-2016-0702 at NVDSUSE bug 1007806SUSE bug 968044SUSE bug 968050SUSE bug 971238SUSE bug 990370cpe:/o:suse:sll:7CVE-2016-0703SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
ModerateCVE-2016-0703 at SUSECVE-2016-0703 at NVDSUSE bug 968044SUSE bug 968046SUSE bug 968051SUSE bug 986238cpe:/o:suse:sll:7CVE-2016-0704SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
ModerateCVE-2016-0704 at SUSECVE-2016-0704 at NVDSUSE bug 968044SUSE bug 968053SUSE bug 986238cpe:/o:suse:sll:7CVE-2016-0705SUSE Liberty Linux 7
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
LowCVE-2016-0705 at SUSECVE-2016-0705 at NVDSUSE bug 968044SUSE bug 968047SUSE bug 971238SUSE bug 976341cpe:/o:suse:sll:7CVE-2016-0706SUSE Liberty Linux 7
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
LowCVE-2016-0706 at SUSECVE-2016-0706 at NVDSUSE bug 967815SUSE bug 971085SUSE bug 988489cpe:/o:suse:sll:7CVE-2016-0714SUSE Liberty Linux 7
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
ImportantCVE-2016-0714 at SUSECVE-2016-0714 at NVDSUSE bug 967964SUSE bug 971085cpe:/o:suse:sll:7CVE-2016-0718SUSE Liberty Linux 7
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
ModerateCVE-2016-0718 at SUSECVE-2016-0718 at NVDSUSE bug 979441SUSE bug 991809cpe:/o:suse:sll:7CVE-2016-0720SUSE Liberty Linux 7
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
ImportantCVE-2016-0720 at SUSECVE-2016-0720 at NVDcpe:/o:suse:sll:7CVE-2016-0721SUSE Liberty Linux 7
Session fixation vulnerability in pcsd in pcs before 0.9.157.
ImportantCVE-2016-0721 at SUSECVE-2016-0721 at NVDcpe:/o:suse:sll:7CVE-2016-0728SUSE Liberty Linux 7
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
ImportantCVE-2016-0728 at SUSECVE-2016-0728 at NVDSUSE bug 923755SUSE bug 962075SUSE bug 962078SUSE bug 963994cpe:/o:suse:sll:7CVE-2016-0729SUSE Liberty Linux 7
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
CriticalCVE-2016-0729 at SUSECVE-2016-0729 at NVDSUSE bug 966822cpe:/o:suse:sll:7CVE-2016-0736SUSE Liberty Linux 7
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.
LowCVE-2016-0736 at SUSECVE-2016-0736 at NVDSUSE bug 1016712SUSE bug 1033513cpe:/o:suse:sll:7CVE-2016-0741SUSE Liberty Linux 7
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
ImportantCVE-2016-0741 at SUSECVE-2016-0741 at NVDSUSE bug 1069074cpe:/o:suse:sll:7CVE-2016-0749SUSE Liberty Linux 7
The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.
ImportantCVE-2016-0749 at SUSECVE-2016-0749 at NVDSUSE bug 982385SUSE bug 982386cpe:/o:suse:sll:7CVE-2016-0758SUSE Liberty Linux 7
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
ImportantCVE-2016-0758 at SUSECVE-2016-0758 at NVDSUSE bug 1020452SUSE bug 1072204SUSE bug 1115893SUSE bug 979867SUSE bug 980856cpe:/o:suse:sll:7CVE-2016-0762SUSE Liberty Linux 7
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
LowCVE-2016-0762 at SUSECVE-2016-0762 at NVDSUSE bug 1007854cpe:/o:suse:sll:7CVE-2016-0763SUSE Liberty Linux 7
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
ModerateCVE-2016-0763 at SUSECVE-2016-0763 at NVDSUSE bug 967966SUSE bug 971085cpe:/o:suse:sll:7CVE-2016-0764SUSE Liberty Linux 7
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.
LowCVE-2016-0764 at SUSECVE-2016-0764 at NVDSUSE bug 974072cpe:/o:suse:sll:7CVE-2016-0773SUSE Liberty Linux 7
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
ModerateCVE-2016-0773 at SUSECVE-2016-0773 at NVDSUSE bug 966435SUSE bug 966436SUSE bug 978323SUSE bug 983246SUSE bug 986409cpe:/o:suse:sll:7CVE-2016-0777SUSE Liberty Linux 7
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CriticalCVE-2016-0777 at SUSECVE-2016-0777 at NVDSUSE bug 961642SUSE bug 996040cpe:/o:suse:sll:7CVE-2016-0778SUSE Liberty Linux 7
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
ImportantCVE-2016-0778 at SUSECVE-2016-0778 at NVDSUSE bug 961645SUSE bug 996040cpe:/o:suse:sll:7CVE-2016-0787SUSE Liberty Linux 7
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
ModerateCVE-2016-0787 at SUSECVE-2016-0787 at NVDSUSE bug 1149968SUSE bug 967026SUSE bug 968174SUSE bug 974691cpe:/o:suse:sll:7CVE-2016-0797SUSE Liberty Linux 7
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
ImportantCVE-2016-0797 at SUSECVE-2016-0797 at NVDSUSE bug 968044SUSE bug 968048SUSE bug 990370cpe:/o:suse:sll:7CVE-2016-0799SUSE Liberty Linux 7
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
ModerateCVE-2016-0799 at SUSECVE-2016-0799 at NVDSUSE bug 968044SUSE bug 968374SUSE bug 969517SUSE bug 989345SUSE bug 990370SUSE bug 991722cpe:/o:suse:sll:7CVE-2016-0800SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
ModerateCVE-2016-0800 at SUSECVE-2016-0800 at NVDSUSE bug 1106871SUSE bug 961377SUSE bug 968044SUSE bug 968046SUSE bug 968888SUSE bug 969591SUSE bug 979060cpe:/o:suse:sll:7CVE-2016-1000110SUSE Liberty Linux 7
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
ModerateCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDSUSE bug 988484SUSE bug 989523cpe:/o:suse:sll:7CVE-2016-1000111SUSE Liberty Linux 7
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
ModerateCVE-2016-1000111 at SUSECVE-2016-1000111 at NVDSUSE bug 989997cpe:/o:suse:sll:7CVE-2016-10002SUSE Liberty Linux 7
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
ModerateCVE-2016-10002 at SUSECVE-2016-10002 at NVDSUSE bug 1016168cpe:/o:suse:sll:7CVE-2016-10009SUSE Liberty Linux 7
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
ModerateCVE-2016-10009 at SUSECVE-2016-10009 at NVDSUSE bug 1016336SUSE bug 1016366SUSE bug 1016370SUSE bug 1026634SUSE bug 1138392SUSE bug 1213504SUSE bug 1217035cpe:/o:suse:sll:7CVE-2016-10011SUSE Liberty Linux 7
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
ModerateCVE-2016-10011 at SUSECVE-2016-10011 at NVDSUSE bug 1016336SUSE bug 1016369SUSE bug 1016370SUSE bug 1017870SUSE bug 1026634SUSE bug 1029445cpe:/o:suse:sll:7CVE-2016-10012SUSE Liberty Linux 7
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
ModerateCVE-2016-10012 at SUSECVE-2016-10012 at NVDSUSE bug 1006166SUSE bug 1016336SUSE bug 1016369SUSE bug 1016370SUSE bug 1017870SUSE bug 1026634SUSE bug 1035742SUSE bug 1073044SUSE bug 1092582SUSE bug 1138392cpe:/o:suse:sll:7CVE-2016-10088SUSE Liberty Linux 7
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
ImportantCVE-2016-10088 at SUSECVE-2016-10088 at NVDSUSE bug 1013604SUSE bug 1014271SUSE bug 1017710SUSE bug 1019079SUSE bug 1115893cpe:/o:suse:sll:7CVE-2016-10147SUSE Liberty Linux 7
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).
ModerateCVE-2016-10147 at SUSECVE-2016-10147 at NVDSUSE bug 1020381SUSE bug 1020429cpe:/o:suse:sll:7CVE-2016-10164SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
ImportantCVE-2016-10164 at SUSECVE-2016-10164 at NVDSUSE bug 1021315SUSE bug 1123144cpe:/o:suse:sll:7CVE-2016-10167SUSE Liberty Linux 7
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
LowCVE-2016-10167 at SUSECVE-2016-10167 at NVDSUSE bug 1022069SUSE bug 1022264cpe:/o:suse:sll:7CVE-2016-10168SUSE Liberty Linux 7
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
ModerateCVE-2016-10168 at SUSECVE-2016-10168 at NVDSUSE bug 1022069SUSE bug 1022265cpe:/o:suse:sll:7CVE-2016-10195SUSE Liberty Linux 7
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
LowCVE-2016-10195 at SUSECVE-2016-10195 at NVDSUSE bug 1022917SUSE bug 1035082SUSE bug 1035209SUSE bug 1075618SUSE bug 1123122cpe:/o:suse:sll:7CVE-2016-10196SUSE Liberty Linux 7
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
ModerateCVE-2016-10196 at SUSECVE-2016-10196 at NVDSUSE bug 1022918SUSE bug 1035082SUSE bug 1035209SUSE bug 1075618cpe:/o:suse:sll:7CVE-2016-10197SUSE Liberty Linux 7
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
ModerateCVE-2016-10197 at SUSECVE-2016-10197 at NVDSUSE bug 1022919SUSE bug 1035082SUSE bug 1035209SUSE bug 1075618SUSE bug 1123122cpe:/o:suse:sll:7CVE-2016-10198SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
LowCVE-2016-10198 at SUSECVE-2016-10198 at NVDSUSE bug 1023259SUSE bug 1024014cpe:/o:suse:sll:7CVE-2016-10199SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
LowCVE-2016-10199 at SUSECVE-2016-10199 at NVDSUSE bug 1023259SUSE bug 1024017cpe:/o:suse:sll:7CVE-2016-10200SUSE Liberty Linux 7
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
ModerateCVE-2016-10200 at SUSECVE-2016-10200 at NVDSUSE bug 1027179SUSE bug 1028415cpe:/o:suse:sll:7CVE-2016-10207SUSE Liberty Linux 7
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
ImportantCVE-2016-10207 at SUSECVE-2016-10207 at NVDSUSE bug 1023012cpe:/o:suse:sll:7CVE-2016-10208SUSE Liberty Linux 7
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
ModerateCVE-2016-10208 at SUSECVE-2016-10208 at NVDSUSE bug 1023377SUSE bug 1087082cpe:/o:suse:sll:7CVE-2016-10245SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.
ModerateCVE-2016-10245 at SUSECVE-2016-10245 at NVDSUSE bug 1136364cpe:/o:suse:sll:7CVE-2016-10248SUSE Liberty Linux 7
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
ModerateCVE-2016-10248 at SUSECVE-2016-10248 at NVDSUSE bug 1029705cpe:/o:suse:sll:7CVE-2016-10249SUSE Liberty Linux 7
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
ImportantCVE-2016-10249 at SUSECVE-2016-10249 at NVDSUSE bug 1029704cpe:/o:suse:sll:7CVE-2016-10251SUSE Liberty Linux 7
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
ModerateCVE-2016-10251 at SUSECVE-2016-10251 at NVDSUSE bug 1029497SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-10713SUSE Liberty Linux 7
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
ModerateCVE-2016-10713 at SUSECVE-2016-10713 at NVDSUSE bug 1080918SUSE bug 1101128cpe:/o:suse:sll:7CVE-2016-10735SUSE Liberty Linux 7
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
ModerateCVE-2016-10735 at SUSECVE-2016-10735 at NVDcpe:/o:suse:sll:7CVE-2016-10739SUSE Liberty Linux 7
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.
ModerateCVE-2016-10739 at SUSECVE-2016-10739 at NVDSUSE bug 1122729SUSE bug 1155094cpe:/o:suse:sll:7CVE-2016-10745SUSE Liberty Linux 7
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
ImportantCVE-2016-10745 at SUSECVE-2016-10745 at NVDSUSE bug 1132174cpe:/o:suse:sll:7CVE-2016-1248SUSE Liberty Linux 7
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
ModerateCVE-2016-1248 at SUSECVE-2016-1248 at NVDSUSE bug 1010685SUSE bug 1173534cpe:/o:suse:sll:7CVE-2016-1285SUSE Liberty Linux 7
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
ModerateCVE-2016-1285 at SUSECVE-2016-1285 at NVDSUSE bug 970072SUSE bug 981200cpe:/o:suse:sll:7CVE-2016-1286SUSE Liberty Linux 7
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
ModerateCVE-2016-1286 at SUSECVE-2016-1286 at NVDSUSE bug 970073SUSE bug 981200cpe:/o:suse:sll:7CVE-2016-1521SUSE Liberty Linux 7
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDSUSE bug 965803SUSE bug 965806SUSE bug 965807SUSE bug 965810cpe:/o:suse:sll:7CVE-2016-1522SUSE Liberty Linux 7
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
ModerateCVE-2016-1522 at SUSECVE-2016-1522 at NVDSUSE bug 965803SUSE bug 965806SUSE bug 965807SUSE bug 965810cpe:/o:suse:sll:7CVE-2016-1523SUSE Liberty Linux 7
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
ModerateCVE-2016-1523 at SUSECVE-2016-1523 at NVDSUSE bug 965803SUSE bug 965806SUSE bug 965807SUSE bug 965810SUSE bug 967087cpe:/o:suse:sll:7CVE-2016-1526SUSE Liberty Linux 7
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
ModerateCVE-2016-1526 at SUSECVE-2016-1526 at NVDSUSE bug 965803SUSE bug 965806SUSE bug 965807SUSE bug 965810SUSE bug 966438cpe:/o:suse:sll:7CVE-2016-1541SUSE Liberty Linux 7
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
ModerateCVE-2016-1541 at SUSECVE-2016-1541 at NVDSUSE bug 979005cpe:/o:suse:sll:7CVE-2016-1547SUSE Liberty Linux 7
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
ModerateCVE-2016-1547 at SUSECVE-2016-1547 at NVDSUSE bug 962784SUSE bug 977446SUSE bug 977459SUSE bug 982064SUSE bug 982065cpe:/o:suse:sll:7CVE-2016-1548SUSE Liberty Linux 7
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
ModerateCVE-2016-1548 at SUSECVE-2016-1548 at NVDSUSE bug 959243SUSE bug 977446SUSE bug 977461SUSE bug 982068cpe:/o:suse:sll:7CVE-2016-1550SUSE Liberty Linux 7
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
LowCVE-2016-1550 at SUSECVE-2016-1550 at NVDSUSE bug 977446SUSE bug 977464cpe:/o:suse:sll:7CVE-2016-1577SUSE Liberty Linux 7
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137.
ImportantCVE-2016-1577 at SUSECVE-2016-1577 at NVDSUSE bug 1178702SUSE bug 968373cpe:/o:suse:sll:7CVE-2016-1714SUSE Liberty Linux 7
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
ModerateCVE-2016-1714 at SUSECVE-2016-1714 at NVDSUSE bug 961691SUSE bug 961692cpe:/o:suse:sll:7CVE-2016-1762SUSE Liberty Linux 7
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ModerateCVE-2016-1762 at SUSECVE-2016-1762 at NVDSUSE bug 1123919SUSE bug 981040cpe:/o:suse:sll:7CVE-2016-1833SUSE Liberty Linux 7
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ModerateCVE-2016-1833 at SUSECVE-2016-1833 at NVDSUSE bug 1123919SUSE bug 981108cpe:/o:suse:sll:7CVE-2016-1834SUSE Liberty Linux 7
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
ModerateCVE-2016-1834 at SUSECVE-2016-1834 at NVDSUSE bug 1123919SUSE bug 981041cpe:/o:suse:sll:7CVE-2016-1835SUSE Liberty Linux 7
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
ModerateCVE-2016-1835 at SUSECVE-2016-1835 at NVDSUSE bug 1123919SUSE bug 981109cpe:/o:suse:sll:7CVE-2016-1836SUSE Liberty Linux 7
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
ModerateCVE-2016-1836 at SUSECVE-2016-1836 at NVDSUSE bug 1174862SUSE bug 981110cpe:/o:suse:sll:7CVE-2016-1837SUSE Liberty Linux 7
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
ModerateCVE-2016-1837 at SUSECVE-2016-1837 at NVDSUSE bug 1123919SUSE bug 981111cpe:/o:suse:sll:7CVE-2016-1838SUSE Liberty Linux 7
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ModerateCVE-2016-1838 at SUSECVE-2016-1838 at NVDSUSE bug 1123919SUSE bug 981112cpe:/o:suse:sll:7CVE-2016-1839SUSE Liberty Linux 7
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
ModerateCVE-2016-1839 at SUSECVE-2016-1839 at NVDSUSE bug 1039069SUSE bug 1039661SUSE bug 1069433SUSE bug 1069690SUSE bug 1123919SUSE bug 963963SUSE bug 981114cpe:/o:suse:sll:7CVE-2016-1840SUSE Liberty Linux 7
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
ModerateCVE-2016-1840 at SUSECVE-2016-1840 at NVDSUSE bug 1123919SUSE bug 981115cpe:/o:suse:sll:7CVE-2016-1867SUSE Liberty Linux 7
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
ModerateCVE-2016-1867 at SUSECVE-2016-1867 at NVDSUSE bug 1178702SUSE bug 961886cpe:/o:suse:sll:7CVE-2016-1908SUSE Liberty Linux 7
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
LowCVE-2016-1908 at SUSECVE-2016-1908 at NVDSUSE bug 1001712SUSE bug 1005738SUSE bug 1010950SUSE bug 1138392SUSE bug 962313SUSE bug 996040cpe:/o:suse:sll:7CVE-2016-1930SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CriticalCVE-2016-1930 at SUSECVE-2016-1930 at NVDSUSE bug 963520SUSE bug 963632cpe:/o:suse:sll:7CVE-2016-1935SUSE Liberty Linux 7
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
ModerateCVE-2016-1935 at SUSECVE-2016-1935 at NVDSUSE bug 963520SUSE bug 963635cpe:/o:suse:sll:7CVE-2016-1950SUSE Liberty Linux 7
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
ImportantCVE-2016-1950 at SUSECVE-2016-1950 at NVDSUSE bug 969894SUSE bug 970257SUSE bug 970377SUSE bug 970378SUSE bug 970379SUSE bug 970380SUSE bug 970381SUSE bug 970431SUSE bug 970433cpe:/o:suse:sll:7CVE-2016-1952SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2016-1952 at SUSECVE-2016-1952 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1954SUSE Liberty Linux 7
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
ImportantCVE-2016-1954 at SUSECVE-2016-1954 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1957SUSE Liberty Linux 7
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
ModerateCVE-2016-1957 at SUSECVE-2016-1957 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1958SUSE Liberty Linux 7
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
ModerateCVE-2016-1958 at SUSECVE-2016-1958 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1960SUSE Liberty Linux 7
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
ImportantCVE-2016-1960 at SUSECVE-2016-1960 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1961SUSE Liberty Linux 7
Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574.
ImportantCVE-2016-1961 at SUSECVE-2016-1961 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1962SUSE Liberty Linux 7
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
CriticalCVE-2016-1962 at SUSECVE-2016-1962 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1964SUSE Liberty Linux 7
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
ImportantCVE-2016-1964 at SUSECVE-2016-1964 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1965SUSE Liberty Linux 7
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
ModerateCVE-2016-1965 at SUSECVE-2016-1965 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1966SUSE Liberty Linux 7
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
ImportantCVE-2016-1966 at SUSECVE-2016-1966 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1973SUSE Liberty Linux 7
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
ImportantCVE-2016-1973 at SUSECVE-2016-1973 at NVDSUSE bug 969894SUSE bug 970257SUSE bug 970377SUSE bug 970378SUSE bug 970379SUSE bug 970380SUSE bug 970381SUSE bug 970431SUSE bug 970433cpe:/o:suse:sll:7CVE-2016-1974SUSE Liberty Linux 7
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
ImportantCVE-2016-1974 at SUSECVE-2016-1974 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1977SUSE Liberty Linux 7
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
ImportantCVE-2016-1977 at SUSECVE-2016-1977 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1978SUSE Liberty Linux 7
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
ImportantCVE-2016-1978 at SUSECVE-2016-1978 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1979SUSE Liberty Linux 7
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
ImportantCVE-2016-1979 at SUSECVE-2016-1979 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-1981SUSE Liberty Linux 7
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
LowCVE-2016-1981 at SUSECVE-2016-1981 at NVDSUSE bug 963782SUSE bug 963783cpe:/o:suse:sll:7CVE-2016-2047SUSE Liberty Linux 7
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
ModerateCVE-2016-2047 at SUSECVE-2016-2047 at NVDSUSE bug 963806SUSE bug 976341SUSE bug 980904cpe:/o:suse:sll:7CVE-2016-2053SUSE Liberty Linux 7
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.
ModerateCVE-2016-2053 at SUSECVE-2016-2053 at NVDSUSE bug 1020452SUSE bug 963762SUSE bug 979074cpe:/o:suse:sll:7CVE-2016-2069SUSE Liberty Linux 7
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
LowCVE-2016-2069 at SUSECVE-2016-2069 at NVDSUSE bug 1020452SUSE bug 1115893SUSE bug 870618SUSE bug 963767cpe:/o:suse:sll:7CVE-2016-2089SUSE Liberty Linux 7
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
ModerateCVE-2016-2089 at SUSECVE-2016-2089 at NVDSUSE bug 1178702SUSE bug 963983cpe:/o:suse:sll:7CVE-2016-2105SUSE Liberty Linux 7
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
LowCVE-2016-2105 at SUSECVE-2016-2105 at NVDSUSE bug 977584SUSE bug 977614SUSE bug 978492SUSE bug 989902SUSE bug 990369SUSE bug 990370cpe:/o:suse:sll:7CVE-2016-2106SUSE Liberty Linux 7
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
LowCVE-2016-2106 at SUSECVE-2016-2106 at NVDSUSE bug 977584SUSE bug 977615SUSE bug 978492SUSE bug 979279SUSE bug 990369cpe:/o:suse:sll:7CVE-2016-2107SUSE Liberty Linux 7
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
ImportantCVE-2016-2107 at SUSECVE-2016-2107 at NVDSUSE bug 976942SUSE bug 977584SUSE bug 977616SUSE bug 978492SUSE bug 990369SUSE bug 990370cpe:/o:suse:sll:7CVE-2016-2108SUSE Liberty Linux 7
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
ImportantCVE-2016-2108 at SUSECVE-2016-2108 at NVDSUSE bug 1001502SUSE bug 1004499SUSE bug 1005878SUSE bug 1148697SUSE bug 977584SUSE bug 977617SUSE bug 978492SUSE bug 989345SUSE bug 996067cpe:/o:suse:sll:7CVE-2016-2109SUSE Liberty Linux 7
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
ModerateCVE-2016-2109 at SUSECVE-2016-2109 at NVDSUSE bug 1015243SUSE bug 976942SUSE bug 977584SUSE bug 978492SUSE bug 990369cpe:/o:suse:sll:7CVE-2016-2110SUSE Liberty Linux 7
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.
ModerateCVE-2016-2110 at SUSECVE-2016-2110 at NVDSUSE bug 1009711SUSE bug 973031SUSE bug 973033SUSE bug 973036SUSE bug 975276SUSE bug 977416cpe:/o:suse:sll:7CVE-2016-2111SUSE Liberty Linux 7
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
ModerateCVE-2016-2111 at SUSECVE-2016-2111 at NVDSUSE bug 973032SUSE bug 975276SUSE bug 977416cpe:/o:suse:sll:7CVE-2016-2112SUSE Liberty Linux 7
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
ModerateCVE-2016-2112 at SUSECVE-2016-2112 at NVDSUSE bug 973031SUSE bug 973033SUSE bug 975276SUSE bug 977416cpe:/o:suse:sll:7CVE-2016-2113SUSE Liberty Linux 7
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
ModerateCVE-2016-2113 at SUSECVE-2016-2113 at NVDSUSE bug 973031SUSE bug 973033SUSE bug 973034SUSE bug 975276SUSE bug 977416cpe:/o:suse:sll:7CVE-2016-2114SUSE Liberty Linux 7
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.
ModerateCVE-2016-2114 at SUSECVE-2016-2114 at NVDSUSE bug 973035cpe:/o:suse:sll:7CVE-2016-2115SUSE Liberty Linux 7
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
ModerateCVE-2016-2115 at SUSECVE-2016-2115 at NVDSUSE bug 973036SUSE bug 975276SUSE bug 977416cpe:/o:suse:sll:7CVE-2016-2116SUSE Liberty Linux 7
Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file.
ModerateCVE-2016-2116 at SUSECVE-2016-2116 at NVDSUSE bug 1178702SUSE bug 968373cpe:/o:suse:sll:7CVE-2016-2117SUSE Liberty Linux 7
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
ModerateCVE-2016-2117 at SUSECVE-2016-2117 at NVDSUSE bug 1027179SUSE bug 968697cpe:/o:suse:sll:7CVE-2016-2118SUSE Liberty Linux 7
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
ModerateCVE-2016-2118 at SUSECVE-2016-2118 at NVDSUSE bug 971965SUSE bug 975276SUSE bug 977416cpe:/o:suse:sll:7CVE-2016-2119SUSE Liberty Linux 7
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
ModerateCVE-2016-2119 at SUSECVE-2016-2119 at NVDSUSE bug 986869cpe:/o:suse:sll:7CVE-2016-2124SUSE Liberty Linux 7
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
ModerateCVE-2016-2124 at SUSECVE-2016-2124 at NVDSUSE bug 1014440cpe:/o:suse:sll:7CVE-2016-2125SUSE Liberty Linux 7
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
LowCVE-2016-2125 at SUSECVE-2016-2125 at NVDSUSE bug 1014441cpe:/o:suse:sll:7CVE-2016-2126SUSE Liberty Linux 7
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
LowCVE-2016-2126 at SUSECVE-2016-2126 at NVDSUSE bug 1014442cpe:/o:suse:sll:7CVE-2016-2143SUSE Liberty Linux 7
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
ImportantCVE-2016-2143 at SUSECVE-2016-2143 at NVDSUSE bug 1115893SUSE bug 970504SUSE bug 993872cpe:/o:suse:sll:7CVE-2016-2150SUSE Liberty Linux 7
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
ImportantCVE-2016-2150 at SUSECVE-2016-2150 at NVDSUSE bug 982385SUSE bug 982386cpe:/o:suse:sll:7CVE-2016-2161SUSE Liberty Linux 7
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
ModerateCVE-2016-2161 at SUSECVE-2016-2161 at NVDSUSE bug 1016714SUSE bug 1033513cpe:/o:suse:sll:7CVE-2016-2177SUSE Liberty Linux 7
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
ImportantCVE-2016-2177 at SUSECVE-2016-2177 at NVDSUSE bug 982575SUSE bug 999075SUSE bug 999665cpe:/o:suse:sll:7CVE-2016-2178SUSE Liberty Linux 7
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
ModerateCVE-2016-2178 at SUSECVE-2016-2178 at NVDSUSE bug 1004104SUSE bug 983249SUSE bug 983519SUSE bug 999665cpe:/o:suse:sll:7CVE-2016-2179SUSE Liberty Linux 7
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
ModerateCVE-2016-2179 at SUSECVE-2016-2179 at NVDSUSE bug 1004104SUSE bug 994844SUSE bug 999665cpe:/o:suse:sll:7CVE-2016-2180SUSE Liberty Linux 7
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
LowCVE-2016-2180 at SUSECVE-2016-2180 at NVDSUSE bug 1003811SUSE bug 990419SUSE bug 999665cpe:/o:suse:sll:7CVE-2016-2181SUSE Liberty Linux 7
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
ModerateCVE-2016-2181 at SUSECVE-2016-2181 at NVDSUSE bug 1004104SUSE bug 994749SUSE bug 994844SUSE bug 999665cpe:/o:suse:sll:7CVE-2016-2182SUSE Liberty Linux 7
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
ModerateCVE-2016-2182 at SUSECVE-2016-2182 at NVDSUSE bug 1004104SUSE bug 993819SUSE bug 994844SUSE bug 995959SUSE bug 999665cpe:/o:suse:sll:7CVE-2016-2183SUSE Liberty Linux 7
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
ModerateCVE-2016-2183 at SUSECVE-2016-2183 at NVDSUSE bug 1001912SUSE bug 1024218SUSE bug 1027038SUSE bug 1034689SUSE bug 1056614SUSE bug 1171693SUSE bug 994844SUSE bug 995359cpe:/o:suse:sll:7CVE-2016-2315SUSE Liberty Linux 7
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
ModerateCVE-2016-2315 at SUSECVE-2016-2315 at NVDSUSE bug 971328cpe:/o:suse:sll:7CVE-2016-2324SUSE Liberty Linux 7
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
ModerateCVE-2016-2324 at SUSECVE-2016-2324 at NVDSUSE bug 971328cpe:/o:suse:sll:7CVE-2016-2384SUSE Liberty Linux 7
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
ModerateCVE-2016-2384 at SUSECVE-2016-2384 at NVDSUSE bug 1020452SUSE bug 966693SUSE bug 967773cpe:/o:suse:sll:7CVE-2016-2518SUSE Liberty Linux 7
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
LowCVE-2016-2518 at SUSECVE-2016-2518 at NVDSUSE bug 977446SUSE bug 977457cpe:/o:suse:sll:7CVE-2016-2569SUSE Liberty Linux 7
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
ImportantCVE-2016-2569 at SUSECVE-2016-2569 at NVDSUSE bug 968392SUSE bug 968393cpe:/o:suse:sll:7CVE-2016-2570SUSE Liberty Linux 7
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
ImportantCVE-2016-2570 at SUSECVE-2016-2570 at NVDSUSE bug 968392SUSE bug 968393cpe:/o:suse:sll:7CVE-2016-2571SUSE Liberty Linux 7
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
ImportantCVE-2016-2571 at SUSECVE-2016-2571 at NVDSUSE bug 968394SUSE bug 968395cpe:/o:suse:sll:7CVE-2016-2572SUSE Liberty Linux 7
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
ImportantCVE-2016-2572 at SUSECVE-2016-2572 at NVDSUSE bug 968394SUSE bug 968395cpe:/o:suse:sll:7CVE-2016-2774SUSE Liberty Linux 7
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
ModerateCVE-2016-2774 at SUSECVE-2016-2774 at NVDSUSE bug 969820cpe:/o:suse:sll:7CVE-2016-2776SUSE Liberty Linux 7
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
ImportantCVE-2016-2776 at SUSECVE-2016-2776 at NVDSUSE bug 1000362SUSE bug 1001595SUSE bug 1001597SUSE bug 1007829cpe:/o:suse:sll:7CVE-2016-2790SUSE Liberty Linux 7
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
ImportantCVE-2016-2790 at SUSECVE-2016-2790 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2791SUSE Liberty Linux 7
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2791 at SUSECVE-2016-2791 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2792SUSE Liberty Linux 7
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.
ImportantCVE-2016-2792 at SUSECVE-2016-2792 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2793SUSE Liberty Linux 7
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2793 at SUSECVE-2016-2793 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2794SUSE Liberty Linux 7
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CriticalCVE-2016-2794 at SUSECVE-2016-2794 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2795SUSE Liberty Linux 7
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
ImportantCVE-2016-2795 at SUSECVE-2016-2795 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2796SUSE Liberty Linux 7
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2796 at SUSECVE-2016-2796 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2797SUSE Liberty Linux 7
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.
ImportantCVE-2016-2797 at SUSECVE-2016-2797 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2798SUSE Liberty Linux 7
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2798 at SUSECVE-2016-2798 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2799SUSE Liberty Linux 7
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
CriticalCVE-2016-2799 at SUSECVE-2016-2799 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2800SUSE Liberty Linux 7
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.
ImportantCVE-2016-2800 at SUSECVE-2016-2800 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2801SUSE Liberty Linux 7
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
ImportantCVE-2016-2801 at SUSECVE-2016-2801 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2802SUSE Liberty Linux 7
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
ImportantCVE-2016-2802 at SUSECVE-2016-2802 at NVDSUSE bug 969894cpe:/o:suse:sll:7CVE-2016-2805SUSE Liberty Linux 7
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2016-2805 at SUSECVE-2016-2805 at NVDSUSE bug 977333SUSE bug 977374cpe:/o:suse:sll:7CVE-2016-2806SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2016-2806 at SUSECVE-2016-2806 at NVDSUSE bug 977375cpe:/o:suse:sll:7CVE-2016-2807SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2016-2807 at SUSECVE-2016-2807 at NVDSUSE bug 977333SUSE bug 977376cpe:/o:suse:sll:7CVE-2016-2808SUSE Liberty Linux 7
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
ModerateCVE-2016-2808 at SUSECVE-2016-2808 at NVDSUSE bug 977333SUSE bug 977386cpe:/o:suse:sll:7CVE-2016-2814SUSE Liberty Linux 7
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
ModerateCVE-2016-2814 at SUSECVE-2016-2814 at NVDSUSE bug 977333SUSE bug 977381cpe:/o:suse:sll:7CVE-2016-2818SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ModerateCVE-2016-2818 at SUSECVE-2016-2818 at NVDSUSE bug 983549SUSE bug 983638cpe:/o:suse:sll:7CVE-2016-2819SUSE Liberty Linux 7
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
ModerateCVE-2016-2819 at SUSECVE-2016-2819 at NVDSUSE bug 983549SUSE bug 983655cpe:/o:suse:sll:7CVE-2016-2821SUSE Liberty Linux 7
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
ModerateCVE-2016-2821 at SUSECVE-2016-2821 at NVDSUSE bug 983549SUSE bug 983653cpe:/o:suse:sll:7CVE-2016-2822SUSE Liberty Linux 7
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
ModerateCVE-2016-2822 at SUSECVE-2016-2822 at NVDSUSE bug 983549SUSE bug 983652cpe:/o:suse:sll:7CVE-2016-2828SUSE Liberty Linux 7
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
ModerateCVE-2016-2828 at SUSECVE-2016-2828 at NVDSUSE bug 983549SUSE bug 983646cpe:/o:suse:sll:7CVE-2016-2830SUSE Liberty Linux 7
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.
ModerateCVE-2016-2830 at SUSECVE-2016-2830 at NVDSUSE bug 983922SUSE bug 991809cpe:/o:suse:sll:7CVE-2016-2831SUSE Liberty Linux 7
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
ModerateCVE-2016-2831 at SUSECVE-2016-2831 at NVDSUSE bug 983549SUSE bug 983632SUSE bug 983643cpe:/o:suse:sll:7CVE-2016-2834SUSE Liberty Linux 7
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
ModerateCVE-2016-2834 at SUSECVE-2016-2834 at NVDSUSE bug 983549SUSE bug 983639cpe:/o:suse:sll:7CVE-2016-2836SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.
ModerateCVE-2016-2836 at SUSECVE-2016-2836 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-2837SUSE Liberty Linux 7
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
ModerateCVE-2016-2837 at SUSECVE-2016-2837 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-2838SUSE Liberty Linux 7
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
ModerateCVE-2016-2838 at SUSECVE-2016-2838 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-2842SUSE Liberty Linux 7
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
CriticalCVE-2016-2842 at SUSECVE-2016-2842 at NVDSUSE bug 969517cpe:/o:suse:sll:7CVE-2016-2847SUSE Liberty Linux 7
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
ModerateCVE-2016-2847 at SUSECVE-2016-2847 at NVDSUSE bug 1020452SUSE bug 970948SUSE bug 974646cpe:/o:suse:sll:7CVE-2016-2857SUSE Liberty Linux 7
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
LowCVE-2016-2857 at SUSECVE-2016-2857 at NVDSUSE bug 970037cpe:/o:suse:sll:7CVE-2016-3068SUSE Liberty Linux 7
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
ModerateCVE-2016-3068 at SUSECVE-2016-3068 at NVDSUSE bug 973175SUSE bug 973177cpe:/o:suse:sll:7CVE-2016-3069SUSE Liberty Linux 7
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
ModerateCVE-2016-3069 at SUSECVE-2016-3069 at NVDSUSE bug 973175SUSE bug 973176cpe:/o:suse:sll:7CVE-2016-3070SUSE Liberty Linux 7
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
LowCVE-2016-3070 at SUSECVE-2016-3070 at NVDSUSE bug 979215cpe:/o:suse:sll:7CVE-2016-3075SUSE Liberty Linux 7
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
LowCVE-2016-3075 at SUSECVE-2016-3075 at NVDSUSE bug 1123874SUSE bug 973164cpe:/o:suse:sll:7CVE-2016-3092SUSE Liberty Linux 7
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
ImportantCVE-2016-3092 at SUSECVE-2016-3092 at NVDSUSE bug 1068865SUSE bug 986359SUSE bug 988489cpe:/o:suse:sll:7CVE-2016-3099SUSE Liberty Linux 7
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
ModerateCVE-2016-3099 at SUSECVE-2016-3099 at NVDSUSE bug 973996cpe:/o:suse:sll:7CVE-2016-3115SUSE Liberty Linux 7
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
ModerateCVE-2016-3115 at SUSECVE-2016-3115 at NVDSUSE bug 1005738SUSE bug 1010950SUSE bug 1059233SUSE bug 1138392SUSE bug 970632SUSE bug 992296SUSE bug 992991SUSE bug 996040cpe:/o:suse:sll:7CVE-2016-3119SUSE Liberty Linux 7
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
ModerateCVE-2016-3119 at SUSECVE-2016-3119 at NVDSUSE bug 971942cpe:/o:suse:sll:7CVE-2016-3120SUSE Liberty Linux 7
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
LowCVE-2016-3120 at SUSECVE-2016-3120 at NVDSUSE bug 991088cpe:/o:suse:sll:7CVE-2016-3134SUSE Liberty Linux 7
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
ModerateCVE-2016-3134 at SUSECVE-2016-3134 at NVDSUSE bug 1020452SUSE bug 1052256SUSE bug 1115893SUSE bug 971126SUSE bug 971793SUSE bug 986362SUSE bug 986365SUSE bug 986377cpe:/o:suse:sll:7CVE-2016-3156SUSE Liberty Linux 7
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
LowCVE-2016-3156 at SUSECVE-2016-3156 at NVDSUSE bug 1020452SUSE bug 971360cpe:/o:suse:sll:7CVE-2016-3186SUSE Liberty Linux 7
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
ModerateCVE-2016-3186 at SUSECVE-2016-3186 at NVDSUSE bug 973340SUSE bug 983268cpe:/o:suse:sll:7CVE-2016-3191SUSE Liberty Linux 7
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
LowCVE-2016-3191 at SUSECVE-2016-3191 at NVDSUSE bug 971741cpe:/o:suse:sll:7CVE-2016-3425SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.
ImportantCVE-2016-3425 at SUSECVE-2016-3425 at NVDSUSE bug 976340SUSE bug 979252cpe:/o:suse:sll:7CVE-2016-3426SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
ImportantCVE-2016-3426 at SUSECVE-2016-3426 at NVDSUSE bug 976340SUSE bug 979252cpe:/o:suse:sll:7CVE-2016-3427SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
ImportantCVE-2016-3427 at SUSECVE-2016-3427 at NVDSUSE bug 1011805SUSE bug 976340SUSE bug 979252cpe:/o:suse:sll:7CVE-2016-3452SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
ModerateCVE-2016-3452 at SUSECVE-2016-3452 at NVDSUSE bug 989910cpe:/o:suse:sll:7CVE-2016-3458SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.
LowCVE-2016-3458 at SUSECVE-2016-3458 at NVDSUSE bug 989732cpe:/o:suse:sll:7CVE-2016-3477SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
ModerateCVE-2016-3477 at SUSECVE-2016-3477 at NVDSUSE bug 989913SUSE bug 991616cpe:/o:suse:sll:7CVE-2016-3492SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
ModerateCVE-2016-3492 at SUSECVE-2016-3492 at NVDSUSE bug 1005555SUSE bug 1008318cpe:/o:suse:sll:7CVE-2016-3500SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
ModerateCVE-2016-3500 at SUSECVE-2016-3500 at NVDSUSE bug 989730cpe:/o:suse:sll:7CVE-2016-3508SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.
ModerateCVE-2016-3508 at SUSECVE-2016-3508 at NVDSUSE bug 989731cpe:/o:suse:sll:7CVE-2016-3521SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
ImportantCVE-2016-3521 at SUSECVE-2016-3521 at NVDSUSE bug 989919SUSE bug 991616cpe:/o:suse:sll:7CVE-2016-3550SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.
LowCVE-2016-3550 at SUSECVE-2016-3550 at NVDSUSE bug 989733cpe:/o:suse:sll:7CVE-2016-3587SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
ImportantCVE-2016-3587 at SUSECVE-2016-3587 at NVDSUSE bug 989721SUSE bug 998845cpe:/o:suse:sll:7CVE-2016-3598SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
ImportantCVE-2016-3598 at SUSECVE-2016-3598 at NVDSUSE bug 1009280SUSE bug 989723cpe:/o:suse:sll:7CVE-2016-3606SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
ImportantCVE-2016-3606 at SUSECVE-2016-3606 at NVDSUSE bug 989722cpe:/o:suse:sll:7CVE-2016-3610SUSE Liberty Linux 7
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.
ImportantCVE-2016-3610 at SUSECVE-2016-3610 at NVDSUSE bug 989725cpe:/o:suse:sll:7CVE-2016-3615SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
ModerateCVE-2016-3615 at SUSECVE-2016-3615 at NVDSUSE bug 989922SUSE bug 991616cpe:/o:suse:sll:7CVE-2016-3616SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
ModerateCVE-2016-3616 at SUSECVE-2016-3616 at NVDSUSE bug 1160884cpe:/o:suse:sll:7CVE-2016-3627SUSE Liberty Linux 7
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
ModerateCVE-2016-3627 at SUSECVE-2016-3627 at NVDSUSE bug 1026099SUSE bug 1026101SUSE bug 1123919SUSE bug 972335SUSE bug 975947cpe:/o:suse:sll:7CVE-2016-3632SUSE Liberty Linux 7
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
LowCVE-2016-3632 at SUSECVE-2016-3632 at NVDSUSE bug 1007276SUSE bug 974621SUSE bug 983436cpe:/o:suse:sll:7CVE-2016-3672SUSE Liberty Linux 7
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
LowCVE-2016-3672 at SUSECVE-2016-3672 at NVDSUSE bug 974308cpe:/o:suse:sll:7CVE-2016-3698SUSE Liberty Linux 7
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
ModerateCVE-2016-3698 at SUSECVE-2016-3698 at NVDSUSE bug 979645cpe:/o:suse:sll:7CVE-2016-3699SUSE Liberty Linux 7
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
ImportantCVE-2016-3699 at SUSECVE-2016-3699 at NVDSUSE bug 1001153cpe:/o:suse:sll:7CVE-2016-3705SUSE Liberty Linux 7
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
ImportantCVE-2016-3705 at SUSECVE-2016-3705 at NVDSUSE bug 1017497SUSE bug 1123919SUSE bug 975947cpe:/o:suse:sll:7CVE-2016-3710SUSE Liberty Linux 7
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
ModerateCVE-2016-3710 at SUSECVE-2016-3710 at NVDSUSE bug 978158SUSE bug 978164SUSE bug 978167cpe:/o:suse:sll:7CVE-2016-3712SUSE Liberty Linux 7
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
LowCVE-2016-3712 at SUSECVE-2016-3712 at NVDSUSE bug 978160SUSE bug 978164SUSE bug 978167cpe:/o:suse:sll:7CVE-2016-3714SUSE Liberty Linux 7
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
ImportantCVE-2016-3714 at SUSECVE-2016-3714 at NVDSUSE bug 1000484SUSE bug 1057163SUSE bug 1105592SUSE bug 978061SUSE bug 980401SUSE bug 982178cpe:/o:suse:sll:7CVE-2016-3715SUSE Liberty Linux 7
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
ModerateCVE-2016-3715 at SUSECVE-2016-3715 at NVDSUSE bug 1000484SUSE bug 1057163SUSE bug 1105592SUSE bug 978061cpe:/o:suse:sll:7CVE-2016-3716SUSE Liberty Linux 7
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
ModerateCVE-2016-3716 at SUSECVE-2016-3716 at NVDSUSE bug 1000484SUSE bug 1057163SUSE bug 1105592SUSE bug 978061cpe:/o:suse:sll:7CVE-2016-3717SUSE Liberty Linux 7
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
ModerateCVE-2016-3717 at SUSECVE-2016-3717 at NVDSUSE bug 1000484SUSE bug 1057163SUSE bug 1105592SUSE bug 978061cpe:/o:suse:sll:7CVE-2016-3718SUSE Liberty Linux 7
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
ModerateCVE-2016-3718 at SUSECVE-2016-3718 at NVDSUSE bug 1000484SUSE bug 1057163SUSE bug 1105592SUSE bug 978061cpe:/o:suse:sll:7CVE-2016-3841SUSE Liberty Linux 7
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
ModerateCVE-2016-3841 at SUSECVE-2016-3841 at NVDSUSE bug 1052256SUSE bug 1115893SUSE bug 992566SUSE bug 992569cpe:/o:suse:sll:7CVE-2016-3945SUSE Liberty Linux 7
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
LowCVE-2016-3945 at SUSECVE-2016-3945 at NVDSUSE bug 974614cpe:/o:suse:sll:7CVE-2016-3948SUSE Liberty Linux 7
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
ImportantCVE-2016-3948 at SUSECVE-2016-3948 at NVDSUSE bug 973783cpe:/o:suse:sll:7CVE-2016-3990SUSE Liberty Linux 7
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
LowCVE-2016-3990 at SUSECVE-2016-3990 at NVDSUSE bug 975069cpe:/o:suse:sll:7CVE-2016-3991SUSE Liberty Linux 7
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
LowCVE-2016-3991 at SUSECVE-2016-3991 at NVDSUSE bug 975070cpe:/o:suse:sll:7CVE-2016-4020SUSE Liberty Linux 7
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
LowCVE-2016-4020 at SUSECVE-2016-4020 at NVDSUSE bug 975700SUSE bug 975907cpe:/o:suse:sll:7CVE-2016-4051SUSE Liberty Linux 7
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
ImportantCVE-2016-4051 at SUSECVE-2016-4051 at NVDSUSE bug 976553cpe:/o:suse:sll:7CVE-2016-4052SUSE Liberty Linux 7
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
ImportantCVE-2016-4052 at SUSECVE-2016-4052 at NVDSUSE bug 976556cpe:/o:suse:sll:7CVE-2016-4053SUSE Liberty Linux 7
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
ImportantCVE-2016-4053 at SUSECVE-2016-4053 at NVDSUSE bug 976556cpe:/o:suse:sll:7CVE-2016-4054SUSE Liberty Linux 7
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
ImportantCVE-2016-4054 at SUSECVE-2016-4054 at NVDSUSE bug 976556cpe:/o:suse:sll:7CVE-2016-4300SUSE Liberty Linux 7
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
ModerateCVE-2016-4300 at SUSECVE-2016-4300 at NVDSUSE bug 985832cpe:/o:suse:sll:7CVE-2016-4302SUSE Liberty Linux 7
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
ModerateCVE-2016-4302 at SUSECVE-2016-4302 at NVDSUSE bug 985835cpe:/o:suse:sll:7CVE-2016-4444SUSE Liberty Linux 7
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
ModerateCVE-2016-4444 at SUSECVE-2016-4444 at NVDSUSE bug 983452SUSE bug 984780cpe:/o:suse:sll:7CVE-2016-4446SUSE Liberty Linux 7
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
ModerateCVE-2016-4446 at SUSECVE-2016-4446 at NVDSUSE bug 984780cpe:/o:suse:sll:7CVE-2016-4447SUSE Liberty Linux 7
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
ModerateCVE-2016-4447 at SUSECVE-2016-4447 at NVDSUSE bug 1123919SUSE bug 981548cpe:/o:suse:sll:7CVE-2016-4448SUSE Liberty Linux 7
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
ModerateCVE-2016-4448 at SUSECVE-2016-4448 at NVDSUSE bug 1010299SUSE bug 1123919SUSE bug 981549cpe:/o:suse:sll:7CVE-2016-4449SUSE Liberty Linux 7
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
ModerateCVE-2016-4449 at SUSECVE-2016-4449 at NVDSUSE bug 1123919SUSE bug 981550cpe:/o:suse:sll:7CVE-2016-4463SUSE Liberty Linux 7
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
ModerateCVE-2016-4463 at SUSECVE-2016-4463 at NVDSUSE bug 985860cpe:/o:suse:sll:7CVE-2016-4470SUSE Liberty Linux 7
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
ModerateCVE-2016-4470 at SUSECVE-2016-4470 at NVDSUSE bug 1020452SUSE bug 984755SUSE bug 984764SUSE bug 991651cpe:/o:suse:sll:7CVE-2016-4553SUSE Liberty Linux 7
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
ModerateCVE-2016-4553 at SUSECVE-2016-4553 at NVDSUSE bug 979009SUSE bug 990451cpe:/o:suse:sll:7CVE-2016-4554SUSE Liberty Linux 7
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
ModerateCVE-2016-4554 at SUSECVE-2016-4554 at NVDSUSE bug 979010SUSE bug 990451cpe:/o:suse:sll:7CVE-2016-4555SUSE Liberty Linux 7
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
ModerateCVE-2016-4555 at SUSECVE-2016-4555 at NVDSUSE bug 979008SUSE bug 979011cpe:/o:suse:sll:7CVE-2016-4556SUSE Liberty Linux 7
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
ModerateCVE-2016-4556 at SUSECVE-2016-4556 at NVDSUSE bug 979008SUSE bug 979011cpe:/o:suse:sll:7CVE-2016-4565SUSE Liberty Linux 7
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
ModerateCVE-2016-4565 at SUSECVE-2016-4565 at NVDSUSE bug 1020452SUSE bug 979548SUSE bug 980363SUSE bug 980883cpe:/o:suse:sll:7CVE-2016-4569SUSE Liberty Linux 7
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
LowCVE-2016-4569 at SUSECVE-2016-4569 at NVDSUSE bug 1020452SUSE bug 979213SUSE bug 979879cpe:/o:suse:sll:7CVE-2016-4578SUSE Liberty Linux 7
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
LowCVE-2016-4578 at SUSECVE-2016-4578 at NVDSUSE bug 1020452SUSE bug 1052256SUSE bug 979879cpe:/o:suse:sll:7CVE-2016-4581SUSE Liberty Linux 7
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
ModerateCVE-2016-4581 at SUSECVE-2016-4581 at NVDSUSE bug 979913cpe:/o:suse:sll:7CVE-2016-4658SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
ModerateCVE-2016-4658 at SUSECVE-2016-4658 at NVDSUSE bug 1005544SUSE bug 1014873SUSE bug 1069433SUSE bug 1078813SUSE bug 1123919cpe:/o:suse:sll:7CVE-2016-4794SUSE Liberty Linux 7
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.
ModerateCVE-2016-4794 at SUSECVE-2016-4794 at NVDSUSE bug 980265SUSE bug 981517cpe:/o:suse:sll:7CVE-2016-4809SUSE Liberty Linux 7
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
LowCVE-2016-4809 at SUSECVE-2016-4809 at NVDSUSE bug 984990cpe:/o:suse:sll:7CVE-2016-4913SUSE Liberty Linux 7
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
ModerateCVE-2016-4913 at SUSECVE-2016-4913 at NVDSUSE bug 1115893SUSE bug 870618SUSE bug 980725SUSE bug 985132cpe:/o:suse:sll:7CVE-2016-4971SUSE Liberty Linux 7
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
ModerateCVE-2016-4971 at SUSECVE-2016-4971 at NVDSUSE bug 1023231SUSE bug 984060cpe:/o:suse:sll:7CVE-2016-4989SUSE Liberty Linux 7
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.
ModerateCVE-2016-4989 at SUSECVE-2016-4989 at NVDSUSE bug 984780cpe:/o:suse:sll:7CVE-2016-4992SUSE Liberty Linux 7
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
ImportantCVE-2016-4992 at SUSECVE-2016-4992 at NVDSUSE bug 991201SUSE bug 997256cpe:/o:suse:sll:7CVE-2016-4994SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
ModerateCVE-2016-4994 at SUSECVE-2016-4994 at NVDSUSE bug 986021cpe:/o:suse:sll:7CVE-2016-4997SUSE Liberty Linux 7
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
ImportantCVE-2016-4997 at SUSECVE-2016-4997 at NVDSUSE bug 1020452SUSE bug 986362SUSE bug 986365SUSE bug 986377SUSE bug 991651cpe:/o:suse:sll:7CVE-2016-5003SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.
CriticalCVE-2016-5003 at SUSECVE-2016-5003 at NVDcpe:/o:suse:sll:7CVE-2016-5008SUSE Liberty Linux 7
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
ModerateCVE-2016-5008 at SUSECVE-2016-5008 at NVDSUSE bug 987527cpe:/o:suse:sll:7CVE-2016-5011SUSE Liberty Linux 7
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.
LowCVE-2016-5011 at SUSECVE-2016-5011 at NVDSUSE bug 988361cpe:/o:suse:sll:7CVE-2016-5018SUSE Liberty Linux 7
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
LowCVE-2016-5018 at SUSECVE-2016-5018 at NVDSUSE bug 1007855cpe:/o:suse:sll:7CVE-2016-5118SUSE Liberty Linux 7
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
ModerateCVE-2016-5118 at SUSECVE-2016-5118 at NVDSUSE bug 1000484SUSE bug 982178cpe:/o:suse:sll:7CVE-2016-5126SUSE Liberty Linux 7
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
LowCVE-2016-5126 at SUSECVE-2016-5126 at NVDSUSE bug 982285SUSE bug 982286cpe:/o:suse:sll:7CVE-2016-5131SUSE Liberty Linux 7
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
ModerateCVE-2016-5131 at SUSECVE-2016-5131 at NVDSUSE bug 1014873SUSE bug 1069433SUSE bug 1078813SUSE bug 1123919SUSE bug 989901cpe:/o:suse:sll:7CVE-2016-5139SUSE Liberty Linux 7
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
CriticalCVE-2016-5139 at SUSECVE-2016-5139 at NVDSUSE bug 992305SUSE bug 992311SUSE bug 992325cpe:/o:suse:sll:7CVE-2016-5158SUSE Liberty Linux 7
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
ImportantCVE-2016-5158 at SUSECVE-2016-5158 at NVDSUSE bug 996648cpe:/o:suse:sll:7CVE-2016-5159SUSE Liberty Linux 7
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
ImportantCVE-2016-5159 at SUSECVE-2016-5159 at NVDSUSE bug 996648cpe:/o:suse:sll:7CVE-2016-5195SUSE Liberty Linux 7
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
ImportantCVE-2016-5195 at SUSECVE-2016-5195 at NVDSUSE bug 1004418SUSE bug 1004419SUSE bug 1004436SUSE bug 1006323SUSE bug 1006695SUSE bug 1007291SUSE bug 1008110SUSE bug 1030118SUSE bug 1046453SUSE bug 1069496SUSE bug 1149725SUSE bug 870618SUSE bug 986445SUSE bug 998689cpe:/o:suse:sll:7CVE-2016-5239SUSE Liberty Linux 7
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
ModerateCVE-2016-5239 at SUSECVE-2016-5239 at NVDSUSE bug 982969SUSE bug 983539cpe:/o:suse:sll:7CVE-2016-5240SUSE Liberty Linux 7
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
ModerateCVE-2016-5240 at SUSECVE-2016-5240 at NVDSUSE bug 983309cpe:/o:suse:sll:7CVE-2016-5250SUSE Liberty Linux 7
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
ModerateCVE-2016-5250 at SUSECVE-2016-5250 at NVDSUSE bug 991809SUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5252SUSE Liberty Linux 7
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
ModerateCVE-2016-5252 at SUSECVE-2016-5252 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5254SUSE Liberty Linux 7
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.
ModerateCVE-2016-5254 at SUSECVE-2016-5254 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5257SUSE Liberty Linux 7
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
ImportantCVE-2016-5257 at SUSECVE-2016-5257 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5258SUSE Liberty Linux 7
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.
ModerateCVE-2016-5258 at SUSECVE-2016-5258 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5259SUSE Liberty Linux 7
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
ModerateCVE-2016-5259 at SUSECVE-2016-5259 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5261SUSE Liberty Linux 7
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
ModerateCVE-2016-5261 at SUSECVE-2016-5261 at NVDSUSE bug 991809SUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5262SUSE Liberty Linux 7
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
ModerateCVE-2016-5262 at SUSECVE-2016-5262 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5263SUSE Liberty Linux 7
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
ModerateCVE-2016-5263 at SUSECVE-2016-5263 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5264SUSE Liberty Linux 7
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
ModerateCVE-2016-5264 at SUSECVE-2016-5264 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5265SUSE Liberty Linux 7
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.
ModerateCVE-2016-5265 at SUSECVE-2016-5265 at NVDSUSE bug 991809cpe:/o:suse:sll:7CVE-2016-5270SUSE Liberty Linux 7
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
ImportantCVE-2016-5270 at SUSECVE-2016-5270 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5272SUSE Liberty Linux 7
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
ImportantCVE-2016-5272 at SUSECVE-2016-5272 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5274SUSE Liberty Linux 7
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
ImportantCVE-2016-5274 at SUSECVE-2016-5274 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5276SUSE Liberty Linux 7
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
ImportantCVE-2016-5276 at SUSECVE-2016-5276 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5277SUSE Liberty Linux 7
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
ImportantCVE-2016-5277 at SUSECVE-2016-5277 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5278SUSE Liberty Linux 7
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
ImportantCVE-2016-5278 at SUSECVE-2016-5278 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5280SUSE Liberty Linux 7
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
ImportantCVE-2016-5280 at SUSECVE-2016-5280 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5281SUSE Liberty Linux 7
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
ImportantCVE-2016-5281 at SUSECVE-2016-5281 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5284SUSE Liberty Linux 7
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
ImportantCVE-2016-5284 at SUSECVE-2016-5284 at NVDSUSE bug 999701cpe:/o:suse:sll:7CVE-2016-5285SUSE Liberty Linux 7
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
ModerateCVE-2016-5285 at SUSECVE-2016-5285 at NVDSUSE bug 1010517cpe:/o:suse:sll:7CVE-2016-5290SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
ImportantCVE-2016-5290 at SUSECVE-2016-5290 at NVDSUSE bug 1009026SUSE bug 1010427cpe:/o:suse:sll:7CVE-2016-5291SUSE Liberty Linux 7
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
ModerateCVE-2016-5291 at SUSECVE-2016-5291 at NVDSUSE bug 1009026SUSE bug 1010410cpe:/o:suse:sll:7CVE-2016-5296SUSE Liberty Linux 7
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
ImportantCVE-2016-5296 at SUSECVE-2016-5296 at NVDSUSE bug 1009026SUSE bug 1010395cpe:/o:suse:sll:7CVE-2016-5297SUSE Liberty Linux 7
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
ModerateCVE-2016-5297 at SUSECVE-2016-5297 at NVDSUSE bug 1009026SUSE bug 1010401cpe:/o:suse:sll:7CVE-2016-5320SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
ModerateCVE-2016-5320 at SUSECVE-2016-5320 at NVDSUSE bug 1007284SUSE bug 974621SUSE bug 984808SUSE bug 987351cpe:/o:suse:sll:7CVE-2016-5361SUSE Liberty Linux 7
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.
ModerateCVE-2016-5361 at SUSECVE-2016-5361 at NVDSUSE bug 984628SUSE bug 984630SUSE bug 985012SUSE bug 985016SUSE bug 985017cpe:/o:suse:sll:7CVE-2016-5384SUSE Liberty Linux 7
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
LowCVE-2016-5384 at SUSECVE-2016-5384 at NVDSUSE bug 1123116SUSE bug 992534cpe:/o:suse:sll:7CVE-2016-5385SUSE Liberty Linux 7
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
ModerateCVE-2016-5385 at SUSECVE-2016-5385 at NVDSUSE bug 988484SUSE bug 988486SUSE bug 988487SUSE bug 988488SUSE bug 988489SUSE bug 988491SUSE bug 988492SUSE bug 989125SUSE bug 989174cpe:/o:suse:sll:7CVE-2016-5386SUSE Liberty Linux 7
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
ModerateCVE-2016-5386 at SUSECVE-2016-5386 at NVDSUSE bug 988484SUSE bug 988486SUSE bug 988487SUSE bug 988488SUSE bug 988489SUSE bug 988491SUSE bug 988492SUSE bug 989125SUSE bug 989174cpe:/o:suse:sll:7CVE-2016-5387SUSE Liberty Linux 7
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
ModerateCVE-2016-5387 at SUSECVE-2016-5387 at NVDSUSE bug 988484SUSE bug 988486SUSE bug 988487SUSE bug 988488SUSE bug 988489SUSE bug 988491SUSE bug 988492SUSE bug 989125SUSE bug 989174SUSE bug 989684cpe:/o:suse:sll:7CVE-2016-5388SUSE Liberty Linux 7
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
ModerateCVE-2016-5388 at SUSECVE-2016-5388 at NVDSUSE bug 988484SUSE bug 988486SUSE bug 988487SUSE bug 988488SUSE bug 988489SUSE bug 988491SUSE bug 988492SUSE bug 989125SUSE bug 989174cpe:/o:suse:sll:7CVE-2016-5399SUSE Liberty Linux 7
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
ModerateCVE-2016-5399 at SUSECVE-2016-5399 at NVDSUSE bug 991430cpe:/o:suse:sll:7CVE-2016-5403SUSE Liberty Linux 7
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
LowCVE-2016-5403 at SUSECVE-2016-5403 at NVDSUSE bug 990923SUSE bug 991080cpe:/o:suse:sll:7CVE-2016-5404SUSE Liberty Linux 7
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
ModerateCVE-2016-5404 at SUSECVE-2016-5404 at NVDcpe:/o:suse:sll:7CVE-2016-5405SUSE Liberty Linux 7
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
LowCVE-2016-5405 at SUSECVE-2016-5405 at NVDSUSE bug 1007004SUSE bug 1076530cpe:/o:suse:sll:7CVE-2016-5410SUSE Liberty Linux 7
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
LowCVE-2016-5410 at SUSECVE-2016-5410 at NVDSUSE bug 992772cpe:/o:suse:sll:7CVE-2016-5412SUSE Liberty Linux 7
arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.
ModerateCVE-2016-5412 at SUSECVE-2016-5412 at NVDSUSE bug 1013013SUSE bug 991065cpe:/o:suse:sll:7CVE-2016-5416SUSE Liberty Linux 7
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.
ModerateCVE-2016-5416 at SUSECVE-2016-5416 at NVDSUSE bug 991201cpe:/o:suse:sll:7CVE-2016-5418SUSE Liberty Linux 7
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
ModerateCVE-2016-5418 at SUSECVE-2016-5418 at NVDSUSE bug 998677cpe:/o:suse:sll:7CVE-2016-5419SUSE Liberty Linux 7
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
ModerateCVE-2016-5419 at SUSECVE-2016-5419 at NVDSUSE bug 1033413SUSE bug 1033442SUSE bug 991389cpe:/o:suse:sll:7CVE-2016-5420SUSE Liberty Linux 7
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
ModerateCVE-2016-5420 at SUSECVE-2016-5420 at NVDSUSE bug 991390SUSE bug 997420cpe:/o:suse:sll:7CVE-2016-5423SUSE Liberty Linux 7
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
ModerateCVE-2016-5423 at SUSECVE-2016-5423 at NVDSUSE bug 1041981SUSE bug 1042497SUSE bug 1052683SUSE bug 993454cpe:/o:suse:sll:7CVE-2016-5424SUSE Liberty Linux 7
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
ModerateCVE-2016-5424 at SUSECVE-2016-5424 at NVDSUSE bug 1041981SUSE bug 1042497SUSE bug 1052683SUSE bug 993453cpe:/o:suse:sll:7CVE-2016-5425SUSE Liberty Linux 7
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
ImportantCVE-2016-5425 at SUSECVE-2016-5425 at NVDSUSE bug 1003877SUSE bug 1172405cpe:/o:suse:sll:7CVE-2016-5440SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
ModerateCVE-2016-5440 at SUSECVE-2016-5440 at NVDSUSE bug 989926SUSE bug 991616cpe:/o:suse:sll:7CVE-2016-5444SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
ModerateCVE-2016-5444 at SUSECVE-2016-5444 at NVDSUSE bug 989930cpe:/o:suse:sll:7CVE-2016-5542SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.
ModerateCVE-2016-5542 at SUSECVE-2016-5542 at NVDSUSE bug 1005522SUSE bug 1009280cpe:/o:suse:sll:7CVE-2016-5546SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).
ImportantCVE-2016-5546 at SUSECVE-2016-5546 at NVDSUSE bug 1020905cpe:/o:suse:sll:7CVE-2016-5547SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).
ModerateCVE-2016-5547 at SUSECVE-2016-5547 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2016-5548SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).
ImportantCVE-2016-5548 at SUSECVE-2016-5548 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2016-5552SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).
ModerateCVE-2016-5552 at SUSECVE-2016-5552 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2016-5554SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.
ModerateCVE-2016-5554 at SUSECVE-2016-5554 at NVDSUSE bug 1005523SUSE bug 1009280cpe:/o:suse:sll:7CVE-2016-5573SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.
ImportantCVE-2016-5573 at SUSECVE-2016-5573 at NVDSUSE bug 1005526SUSE bug 1009280cpe:/o:suse:sll:7CVE-2016-5582SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.
ImportantCVE-2016-5582 at SUSECVE-2016-5582 at NVDSUSE bug 1005527cpe:/o:suse:sll:7CVE-2016-5597SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
ModerateCVE-2016-5597 at SUSECVE-2016-5597 at NVDSUSE bug 1005528SUSE bug 1009280cpe:/o:suse:sll:7CVE-2016-5612SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
ModerateCVE-2016-5612 at SUSECVE-2016-5612 at NVDSUSE bug 1005561cpe:/o:suse:sll:7CVE-2016-5624SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
ModerateCVE-2016-5624 at SUSECVE-2016-5624 at NVDSUSE bug 1005564SUSE bug 1008318cpe:/o:suse:sll:7CVE-2016-5626SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
ModerateCVE-2016-5626 at SUSECVE-2016-5626 at NVDSUSE bug 1005566SUSE bug 1008318cpe:/o:suse:sll:7CVE-2016-5629SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
ModerateCVE-2016-5629 at SUSECVE-2016-5629 at NVDSUSE bug 1005569SUSE bug 1008318cpe:/o:suse:sll:7CVE-2016-5636SUSE Liberty Linux 7
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
ModerateCVE-2016-5636 at SUSECVE-2016-5636 at NVDSUSE bug 1065451SUSE bug 1106262SUSE bug 985177cpe:/o:suse:sll:7CVE-2016-5652SUSE Liberty Linux 7
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.
ModerateCVE-2016-5652 at SUSECVE-2016-5652 at NVDSUSE bug 1007280cpe:/o:suse:sll:7CVE-2016-5766SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
ModerateCVE-2016-5766 at SUSECVE-2016-5766 at NVDSUSE bug 986386cpe:/o:suse:sll:7CVE-2016-5767SUSE Liberty Linux 7
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.
ModerateCVE-2016-5767 at SUSECVE-2016-5767 at NVDSUSE bug 986393cpe:/o:suse:sll:7CVE-2016-5768SUSE Liberty Linux 7
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
LowCVE-2016-5768 at SUSECVE-2016-5768 at NVDSUSE bug 986246cpe:/o:suse:sll:7CVE-2016-5824SUSE Liberty Linux 7
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
ModerateCVE-2016-5824 at SUSECVE-2016-5824 at NVDSUSE bug 1015964SUSE bug 1122983SUSE bug 986631SUSE bug 986639SUSE bug 986642SUSE bug 986658cpe:/o:suse:sll:7CVE-2016-5828SUSE Liberty Linux 7
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
ModerateCVE-2016-5828 at SUSECVE-2016-5828 at NVDSUSE bug 986569SUSE bug 991065cpe:/o:suse:sll:7CVE-2016-5829SUSE Liberty Linux 7
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
ModerateCVE-2016-5829 at SUSECVE-2016-5829 at NVDSUSE bug 1053919SUSE bug 1054127SUSE bug 1115893SUSE bug 986572SUSE bug 986573SUSE bug 991651cpe:/o:suse:sll:7CVE-2016-5844SUSE Liberty Linux 7
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
ModerateCVE-2016-5844 at SUSECVE-2016-5844 at NVDSUSE bug 986566cpe:/o:suse:sll:7CVE-2016-6136SUSE Liberty Linux 7
Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.
ModerateCVE-2016-6136 at SUSECVE-2016-6136 at NVDSUSE bug 988153cpe:/o:suse:sll:7CVE-2016-6198SUSE Liberty Linux 7
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.
ModerateCVE-2016-6198 at SUSECVE-2016-6198 at NVDSUSE bug 988708cpe:/o:suse:sll:7CVE-2016-6210SUSE Liberty Linux 7
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
ModerateCVE-2016-6210 at SUSECVE-2016-6210 at NVDSUSE bug 1001712SUSE bug 1010950SUSE bug 1105010SUSE bug 1138392SUSE bug 989363cpe:/o:suse:sll:7CVE-2016-6213SUSE Liberty Linux 7
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
LowCVE-2016-6213 at SUSECVE-2016-6213 at NVDSUSE bug 988964cpe:/o:suse:sll:7CVE-2016-6250SUSE Liberty Linux 7
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
LowCVE-2016-6250 at SUSECVE-2016-6250 at NVDSUSE bug 989980cpe:/o:suse:sll:7CVE-2016-6302SUSE Liberty Linux 7
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
ModerateCVE-2016-6302 at SUSECVE-2016-6302 at NVDSUSE bug 1004104SUSE bug 994844SUSE bug 995324SUSE bug 999665cpe:/o:suse:sll:7CVE-2016-6304SUSE Liberty Linux 7
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
ModerateCVE-2016-6304 at SUSECVE-2016-6304 at NVDSUSE bug 1001706SUSE bug 1003811SUSE bug 1004104SUSE bug 1005579SUSE bug 1021375SUSE bug 999665SUSE bug 999666cpe:/o:suse:sll:7CVE-2016-6306SUSE Liberty Linux 7
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
LowCVE-2016-6306 at SUSECVE-2016-6306 at NVDSUSE bug 1004104SUSE bug 999665SUSE bug 999668cpe:/o:suse:sll:7CVE-2016-6313SUSE Liberty Linux 7
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
ModerateCVE-2016-6313 at SUSECVE-2016-6313 at NVDSUSE bug 1123792SUSE bug 994157cpe:/o:suse:sll:7CVE-2016-6325SUSE Liberty Linux 7
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
ImportantCVE-2016-6325 at SUSECVE-2016-6325 at NVDcpe:/o:suse:sll:7CVE-2016-6327SUSE Liberty Linux 7
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.
ModerateCVE-2016-6327 at SUSECVE-2016-6327 at NVDSUSE bug 994748cpe:/o:suse:sll:7CVE-2016-6480SUSE Liberty Linux 7
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
ModerateCVE-2016-6480 at SUSECVE-2016-6480 at NVDSUSE bug 1004418SUSE bug 991608SUSE bug 991667SUSE bug 992568cpe:/o:suse:sll:7CVE-2016-6489SUSE Liberty Linux 7
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
ModerateCVE-2016-6489 at SUSECVE-2016-6489 at NVDSUSE bug 991464cpe:/o:suse:sll:7CVE-2016-6515SUSE Liberty Linux 7
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
ModerateCVE-2016-6515 at SUSECVE-2016-6515 at NVDSUSE bug 1010950SUSE bug 1115893SUSE bug 992533cpe:/o:suse:sll:7CVE-2016-6662SUSE Liberty Linux 7
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
ImportantCVE-2016-6662 at SUSECVE-2016-6662 at NVDSUSE bug 1001367SUSE bug 1005580SUSE bug 1020873SUSE bug 1020884SUSE bug 1021755SUSE bug 998309cpe:/o:suse:sll:7CVE-2016-6663SUSE Liberty Linux 7
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
ModerateCVE-2016-6663 at SUSECVE-2016-6663 at NVDSUSE bug 1001367SUSE bug 1008253SUSE bug 1008318SUSE bug 1021755SUSE bug 998309cpe:/o:suse:sll:7CVE-2016-6664SUSE Liberty Linux 7
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
ImportantCVE-2016-6664 at SUSECVE-2016-6664 at NVDSUSE bug 1008253SUSE bug 1020868SUSE bug 1020873SUSE bug 998309cpe:/o:suse:sll:7CVE-2016-6794SUSE Liberty Linux 7
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
LowCVE-2016-6794 at SUSECVE-2016-6794 at NVDSUSE bug 1007857cpe:/o:suse:sll:7CVE-2016-6796SUSE Liberty Linux 7
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
LowCVE-2016-6796 at SUSECVE-2016-6796 at NVDSUSE bug 1007858cpe:/o:suse:sll:7CVE-2016-6797SUSE Liberty Linux 7
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
LowCVE-2016-6797 at SUSECVE-2016-6797 at NVDSUSE bug 1007853cpe:/o:suse:sll:7CVE-2016-6814SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
CriticalCVE-2016-6814 at SUSECVE-2016-6814 at NVDcpe:/o:suse:sll:7CVE-2016-6816SUSE Liberty Linux 7
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
ModerateCVE-2016-6816 at SUSECVE-2016-6816 at NVDSUSE bug 1011812cpe:/o:suse:sll:7CVE-2016-6828SUSE Liberty Linux 7
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
ModerateCVE-2016-6828 at SUSECVE-2016-6828 at NVDSUSE bug 1052256SUSE bug 994296cpe:/o:suse:sll:7CVE-2016-6893SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
LowCVE-2016-6893 at SUSECVE-2016-6893 at NVDSUSE bug 995352SUSE bug 997205cpe:/o:suse:sll:7CVE-2016-7030SUSE Liberty Linux 7
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
ImportantCVE-2016-7030 at SUSECVE-2016-7030 at NVDSUSE bug 1015556cpe:/o:suse:sll:7CVE-2016-7032SUSE Liberty Linux 7
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
ModerateCVE-2016-7032 at SUSECVE-2016-7032 at NVDSUSE bug 1007501SUSE bug 1007766SUSE bug 1011975SUSE bug 1011976cpe:/o:suse:sll:7CVE-2016-7035SUSE Liberty Linux 7
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.
ModerateCVE-2016-7035 at SUSECVE-2016-7035 at NVDSUSE bug 1007433cpe:/o:suse:sll:7CVE-2016-7039SUSE Liberty Linux 7
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
ImportantCVE-2016-7039 at SUSECVE-2016-7039 at NVDSUSE bug 1001486SUSE bug 1001487SUSE bug 1003964cpe:/o:suse:sll:7CVE-2016-7042SUSE Liberty Linux 7
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.
ModerateCVE-2016-7042 at SUSECVE-2016-7042 at NVDSUSE bug 1004517cpe:/o:suse:sll:7CVE-2016-7050SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
CriticalCVE-2016-7050 at SUSECVE-2016-7050 at NVDcpe:/o:suse:sll:7CVE-2016-7076SUSE Liberty Linux 7
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
ModerateCVE-2016-7076 at SUSECVE-2016-7076 at NVDSUSE bug 1007501SUSE bug 1011975SUSE bug 1011976cpe:/o:suse:sll:7CVE-2016-7091SUSE Liberty Linux 7
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
ModerateCVE-2016-7091 at SUSECVE-2016-7091 at NVDSUSE bug 995726cpe:/o:suse:sll:7CVE-2016-7097SUSE Liberty Linux 7
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
LowCVE-2016-7097 at SUSECVE-2016-7097 at NVDSUSE bug 1021258SUSE bug 1052256SUSE bug 870618SUSE bug 995968cpe:/o:suse:sll:7CVE-2016-7117SUSE Liberty Linux 7
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
ModerateCVE-2016-7117 at SUSECVE-2016-7117 at NVDSUSE bug 1003077SUSE bug 1003253SUSE bug 1057478SUSE bug 1071943cpe:/o:suse:sll:7CVE-2016-7141SUSE Liberty Linux 7
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
LowCVE-2016-7141 at SUSECVE-2016-7141 at NVDSUSE bug 991390SUSE bug 997420cpe:/o:suse:sll:7CVE-2016-7163SUSE Liberty Linux 7
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
CriticalCVE-2016-7163 at SUSECVE-2016-7163 at NVDSUSE bug 1007739SUSE bug 1007744SUSE bug 997857cpe:/o:suse:sll:7CVE-2016-7166SUSE Liberty Linux 7
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
ModerateCVE-2016-7166 at SUSECVE-2016-7166 at NVDSUSE bug 998115cpe:/o:suse:sll:7CVE-2016-7167SUSE Liberty Linux 7
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
ModerateCVE-2016-7167 at SUSECVE-2016-7167 at NVDSUSE bug 998760cpe:/o:suse:sll:7CVE-2016-7426SUSE Liberty Linux 7
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
LowCVE-2016-7426 at SUSECVE-2016-7426 at NVDSUSE bug 1011406SUSE bug 1011421SUSE bug 1012330cpe:/o:suse:sll:7CVE-2016-7429SUSE Liberty Linux 7
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
LowCVE-2016-7429 at SUSECVE-2016-7429 at NVDSUSE bug 1011404SUSE bug 1011421SUSE bug 1012330cpe:/o:suse:sll:7CVE-2016-7433SUSE Liberty Linux 7
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
LowCVE-2016-7433 at SUSECVE-2016-7433 at NVDSUSE bug 1011411SUSE bug 1011421SUSE bug 1012330cpe:/o:suse:sll:7CVE-2016-7444SUSE Liberty Linux 7
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
LowCVE-2016-7444 at SUSECVE-2016-7444 at NVDSUSE bug 999646cpe:/o:suse:sll:7CVE-2016-7543SUSE Liberty Linux 7
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
ModerateCVE-2016-7543 at SUSECVE-2016-7543 at NVDSUSE bug 1001299SUSE bug 1159416cpe:/o:suse:sll:7CVE-2016-7545SUSE Liberty Linux 7
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDSUSE bug 1000998SUSE bug 968375SUSE bug 968674cpe:/o:suse:sll:7CVE-2016-7795SUSE Liberty Linux 7
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
ModerateCVE-2016-7795 at SUSECVE-2016-7795 at NVDSUSE bug 1001765cpe:/o:suse:sll:7CVE-2016-7797SUSE Liberty Linux 7
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
ModerateCVE-2016-7797 at SUSECVE-2016-7797 at NVDSUSE bug 1002767cpe:/o:suse:sll:7CVE-2016-7910SUSE Liberty Linux 7
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.
ImportantCVE-2016-7910 at SUSECVE-2016-7910 at NVDSUSE bug 1010716SUSE bug 1115893SUSE bug 1196722cpe:/o:suse:sll:7CVE-2016-7913SUSE Liberty Linux 7
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.
ImportantCVE-2016-7913 at SUSECVE-2016-7913 at NVDSUSE bug 1010478cpe:/o:suse:sll:7CVE-2016-7922SUSE Liberty Linux 7
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
ModerateCVE-2016-7922 at SUSECVE-2016-7922 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7923SUSE Liberty Linux 7
The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
ModerateCVE-2016-7923 at SUSECVE-2016-7923 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7924SUSE Liberty Linux 7
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
ModerateCVE-2016-7924 at SUSECVE-2016-7924 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7925SUSE Liberty Linux 7
The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
ModerateCVE-2016-7925 at SUSECVE-2016-7925 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7926SUSE Liberty Linux 7
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
ModerateCVE-2016-7926 at SUSECVE-2016-7926 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7927SUSE Liberty Linux 7
The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
ModerateCVE-2016-7927 at SUSECVE-2016-7927 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7928SUSE Liberty Linux 7
The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
ModerateCVE-2016-7928 at SUSECVE-2016-7928 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7929SUSE Liberty Linux 7
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
ModerateCVE-2016-7929 at SUSECVE-2016-7929 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7930SUSE Liberty Linux 7
The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
ModerateCVE-2016-7930 at SUSECVE-2016-7930 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7931SUSE Liberty Linux 7
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
ModerateCVE-2016-7931 at SUSECVE-2016-7931 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7932SUSE Liberty Linux 7
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
ModerateCVE-2016-7932 at SUSECVE-2016-7932 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7933SUSE Liberty Linux 7
The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
ModerateCVE-2016-7933 at SUSECVE-2016-7933 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7934SUSE Liberty Linux 7
The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
ModerateCVE-2016-7934 at SUSECVE-2016-7934 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7935SUSE Liberty Linux 7
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
ModerateCVE-2016-7935 at SUSECVE-2016-7935 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7936SUSE Liberty Linux 7
The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
ModerateCVE-2016-7936 at SUSECVE-2016-7936 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7937SUSE Liberty Linux 7
The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
ModerateCVE-2016-7937 at SUSECVE-2016-7937 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7938SUSE Liberty Linux 7
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
ModerateCVE-2016-7938 at SUSECVE-2016-7938 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7939SUSE Liberty Linux 7
The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
ModerateCVE-2016-7939 at SUSECVE-2016-7939 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7940SUSE Liberty Linux 7
The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
ModerateCVE-2016-7940 at SUSECVE-2016-7940 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7973SUSE Liberty Linux 7
The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
ModerateCVE-2016-7973 at SUSECVE-2016-7973 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7974SUSE Liberty Linux 7
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
ModerateCVE-2016-7974 at SUSECVE-2016-7974 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7975SUSE Liberty Linux 7
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
ModerateCVE-2016-7975 at SUSECVE-2016-7975 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7977SUSE Liberty Linux 7
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
ImportantCVE-2016-7977 at SUSECVE-2016-7977 at NVDSUSE bug 1001951SUSE bug 1004237SUSE bug 1095610cpe:/o:suse:sll:7CVE-2016-7978SUSE Liberty Linux 7
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
ImportantCVE-2016-7978 at SUSECVE-2016-7978 at NVDSUSE bug 1001951SUSE bug 1004237cpe:/o:suse:sll:7CVE-2016-7979SUSE Liberty Linux 7
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
ImportantCVE-2016-7979 at SUSECVE-2016-7979 at NVDSUSE bug 1001951SUSE bug 1004237cpe:/o:suse:sll:7CVE-2016-7983SUSE Liberty Linux 7
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
ModerateCVE-2016-7983 at SUSECVE-2016-7983 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7984SUSE Liberty Linux 7
The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
ModerateCVE-2016-7984 at SUSECVE-2016-7984 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7985SUSE Liberty Linux 7
The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
ModerateCVE-2016-7985 at SUSECVE-2016-7985 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7986SUSE Liberty Linux 7
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
ModerateCVE-2016-7986 at SUSECVE-2016-7986 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7992SUSE Liberty Linux 7
The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().
ModerateCVE-2016-7992 at SUSECVE-2016-7992 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-7993SUSE Liberty Linux 7
A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
ModerateCVE-2016-7993 at SUSECVE-2016-7993 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-8283SUSE Liberty Linux 7
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
ModerateCVE-2016-8283 at SUSECVE-2016-8283 at NVDSUSE bug 1005582SUSE bug 1008318cpe:/o:suse:sll:7CVE-2016-8399SUSE Liberty Linux 7
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
ModerateCVE-2016-8399 at SUSECVE-2016-8399 at NVDSUSE bug 1014746SUSE bug 1115893cpe:/o:suse:sll:7CVE-2016-8574SUSE Liberty Linux 7
The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
ModerateCVE-2016-8574 at SUSECVE-2016-8574 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-8575SUSE Liberty Linux 7
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.
ModerateCVE-2016-8575 at SUSECVE-2016-8575 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2016-8602SUSE Liberty Linux 7
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
ModerateCVE-2016-8602 at SUSECVE-2016-8602 at NVDSUSE bug 1001951SUSE bug 1004237SUSE bug 1036453cpe:/o:suse:sll:7CVE-2016-8610SUSE Liberty Linux 7
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
ImportantCVE-2016-8610 at SUSECVE-2016-8610 at NVDSUSE bug 1005878SUSE bug 1005879SUSE bug 1110018SUSE bug 1120592SUSE bug 1126909SUSE bug 1148697SUSE bug 982575cpe:/o:suse:sll:7CVE-2016-8630SUSE Liberty Linux 7
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.
ModerateCVE-2016-8630 at SUSECVE-2016-8630 at NVDSUSE bug 1009222cpe:/o:suse:sll:7CVE-2016-8633SUSE Liberty Linux 7
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
ModerateCVE-2016-8633 at SUSECVE-2016-8633 at NVDSUSE bug 1008833cpe:/o:suse:sll:7CVE-2016-8635SUSE Liberty Linux 7
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
ModerateCVE-2016-8635 at SUSECVE-2016-8635 at NVDSUSE bug 1015422SUSE bug 1015547cpe:/o:suse:sll:7CVE-2016-8638SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
CriticalCVE-2016-8638 at SUSECVE-2016-8638 at NVDcpe:/o:suse:sll:7CVE-2016-8645SUSE Liberty Linux 7
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
LowCVE-2016-8645 at SUSECVE-2016-8645 at NVDSUSE bug 1009969cpe:/o:suse:sll:7CVE-2016-8646SUSE Liberty Linux 7
The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.
ModerateCVE-2016-8646 at SUSECVE-2016-8646 at NVDSUSE bug 1010150cpe:/o:suse:sll:7CVE-2016-8650SUSE Liberty Linux 7
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
ImportantCVE-2016-8650 at SUSECVE-2016-8650 at NVDSUSE bug 1011820cpe:/o:suse:sll:7CVE-2016-8654SUSE Liberty Linux 7
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
ImportantCVE-2016-8654 at SUSECVE-2016-8654 at NVDSUSE bug 1012530SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-8655SUSE Liberty Linux 7
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
ModerateCVE-2016-8655 at SUSECVE-2016-8655 at NVDSUSE bug 1012754SUSE bug 1012759SUSE bug 1013822SUSE bug 1052365cpe:/o:suse:sll:7CVE-2016-8690SUSE Liberty Linux 7
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
ModerateCVE-2016-8690 at SUSECVE-2016-8690 at NVDSUSE bug 1005084SUSE bug 1007009SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-8691SUSE Liberty Linux 7
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
ModerateCVE-2016-8691 at SUSECVE-2016-8691 at NVDSUSE bug 1005090SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-8692SUSE Liberty Linux 7
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
ModerateCVE-2016-8692 at SUSECVE-2016-8692 at NVDSUSE bug 1005090SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-8693SUSE Liberty Linux 7
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
ModerateCVE-2016-8693 at SUSECVE-2016-8693 at NVDSUSE bug 1005242SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-8704SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
ModerateCVE-2016-8704 at SUSECVE-2016-8704 at NVDSUSE bug 1007719SUSE bug 1007866SUSE bug 1007871cpe:/o:suse:sll:7CVE-2016-8705SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
CriticalCVE-2016-8705 at SUSECVE-2016-8705 at NVDSUSE bug 1007866SUSE bug 1007870SUSE bug 1056865cpe:/o:suse:sll:7CVE-2016-8706SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
ModerateCVE-2016-8706 at SUSECVE-2016-8706 at NVDSUSE bug 1007866SUSE bug 1007869cpe:/o:suse:sll:7CVE-2016-8743SUSE Liberty Linux 7
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
ModerateCVE-2016-8743 at SUSECVE-2016-8743 at NVDSUSE bug 1016715SUSE bug 1033513SUSE bug 1086774SUSE bug 1104826SUSE bug 930944cpe:/o:suse:sll:7CVE-2016-8745SUSE Liberty Linux 7
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.
ModerateCVE-2016-8745 at SUSECVE-2016-8745 at NVDSUSE bug 1015119cpe:/o:suse:sll:7CVE-2016-8864SUSE Liberty Linux 7
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
ImportantCVE-2016-8864 at SUSECVE-2016-8864 at NVDSUSE bug 1007829SUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1020526SUSE bug 1024130SUSE bug 1033466cpe:/o:suse:sll:7CVE-2016-8883SUSE Liberty Linux 7
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
ModerateCVE-2016-8883 at SUSECVE-2016-8883 at NVDSUSE bug 1006598SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-8884SUSE Liberty Linux 7
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
LowCVE-2016-8884 at SUSECVE-2016-8884 at NVDSUSE bug 1005084SUSE bug 1007009SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-8885SUSE Liberty Linux 7
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.
LowCVE-2016-8885 at SUSECVE-2016-8885 at NVDSUSE bug 1005084SUSE bug 1007009SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9064SUSE Liberty Linux 7
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.
ModerateCVE-2016-9064 at SUSECVE-2016-9064 at NVDSUSE bug 1009026SUSE bug 1010402cpe:/o:suse:sll:7CVE-2016-9066SUSE Liberty Linux 7
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
ModerateCVE-2016-9066 at SUSECVE-2016-9066 at NVDSUSE bug 1009026SUSE bug 1010404cpe:/o:suse:sll:7CVE-2016-9079SUSE Liberty Linux 7
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
ModerateCVE-2016-9079 at SUSECVE-2016-9079 at NVDSUSE bug 1012964cpe:/o:suse:sll:7CVE-2016-9083SUSE Liberty Linux 7
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."
LowCVE-2016-9083 at SUSECVE-2016-9083 at NVDSUSE bug 1007197cpe:/o:suse:sll:7CVE-2016-9084SUSE Liberty Linux 7
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.
LowCVE-2016-9084 at SUSECVE-2016-9084 at NVDSUSE bug 1007197cpe:/o:suse:sll:7CVE-2016-9131SUSE Liberty Linux 7
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
ImportantCVE-2016-9131 at SUSECVE-2016-9131 at NVDSUSE bug 1018699SUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1033466cpe:/o:suse:sll:7CVE-2016-9147SUSE Liberty Linux 7
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
ImportantCVE-2016-9147 at SUSECVE-2016-9147 at NVDSUSE bug 1018699SUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1033466SUSE bug 1081545SUSE bug 1115893cpe:/o:suse:sll:7CVE-2016-9262SUSE Liberty Linux 7
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities.
ImportantCVE-2016-9262 at SUSECVE-2016-9262 at NVDSUSE bug 1009994SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9310SUSE Liberty Linux 7
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
ModerateCVE-2016-9310 at SUSECVE-2016-9310 at NVDSUSE bug 1011377SUSE bug 1011421SUSE bug 1012330cpe:/o:suse:sll:7CVE-2016-9311SUSE Liberty Linux 7
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
ModerateCVE-2016-9311 at SUSECVE-2016-9311 at NVDSUSE bug 1011377SUSE bug 1011421SUSE bug 1012330cpe:/o:suse:sll:7CVE-2016-9387SUSE Liberty Linux 7
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
LowCVE-2016-9387 at SUSECVE-2016-9387 at NVDSUSE bug 1010960cpe:/o:suse:sll:7CVE-2016-9388SUSE Liberty Linux 7
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
ModerateCVE-2016-9388 at SUSECVE-2016-9388 at NVDSUSE bug 1010975SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9389SUSE Liberty Linux 7
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
ModerateCVE-2016-9389 at SUSECVE-2016-9389 at NVDSUSE bug 1010968SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9390SUSE Liberty Linux 7
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
ModerateCVE-2016-9390 at SUSECVE-2016-9390 at NVDSUSE bug 1010774SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9391SUSE Liberty Linux 7
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
ModerateCVE-2016-9391 at SUSECVE-2016-9391 at NVDSUSE bug 1010782SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9392SUSE Liberty Linux 7
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
ModerateCVE-2016-9392 at SUSECVE-2016-9392 at NVDSUSE bug 1010757SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9393SUSE Liberty Linux 7
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
ModerateCVE-2016-9393 at SUSECVE-2016-9393 at NVDSUSE bug 1010757SUSE bug 1010766SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9394SUSE Liberty Linux 7
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
ModerateCVE-2016-9394 at SUSECVE-2016-9394 at NVDSUSE bug 1010756SUSE bug 1010757SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9396SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
LowCVE-2016-9396 at SUSECVE-2016-9396 at NVDSUSE bug 1010783SUSE bug 1021871SUSE bug 1082397SUSE bug 1154883SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9401SUSE Liberty Linux 7
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDSUSE bug 1010845SUSE bug 1044328SUSE bug 1123788SUSE bug 1159416cpe:/o:suse:sll:7CVE-2016-9444SUSE Liberty Linux 7
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
ImportantCVE-2016-9444 at SUSECVE-2016-9444 at NVDSUSE bug 1018699SUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1033466cpe:/o:suse:sll:7CVE-2016-9445SUSE Liberty Linux 7
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
ModerateCVE-2016-9445 at SUSECVE-2016-9445 at NVDSUSE bug 1010829cpe:/o:suse:sll:7CVE-2016-9446SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
ModerateCVE-2016-9446 at SUSECVE-2016-9446 at NVDSUSE bug 1010829cpe:/o:suse:sll:7CVE-2016-9447SUSE Liberty Linux 7
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
ImportantCVE-2016-9447 at SUSECVE-2016-9447 at NVDSUSE bug 1010514cpe:/o:suse:sll:7CVE-2016-9533SUSE Liberty Linux 7
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
ModerateCVE-2016-9533 at SUSECVE-2016-9533 at NVDSUSE bug 1011849SUSE bug 1013308cpe:/o:suse:sll:7CVE-2016-9534SUSE Liberty Linux 7
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
ModerateCVE-2016-9534 at SUSECVE-2016-9534 at NVDSUSE bug 1011847SUSE bug 1013308cpe:/o:suse:sll:7CVE-2016-9535SUSE Liberty Linux 7
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
ModerateCVE-2016-9535 at SUSECVE-2016-9535 at NVDSUSE bug 1011846SUSE bug 1013308cpe:/o:suse:sll:7CVE-2016-9536SUSE Liberty Linux 7
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
ModerateCVE-2016-9536 at SUSECVE-2016-9536 at NVDSUSE bug 1011845cpe:/o:suse:sll:7CVE-2016-9537SUSE Liberty Linux 7
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
CriticalCVE-2016-9537 at SUSECVE-2016-9537 at NVDSUSE bug 1011842cpe:/o:suse:sll:7CVE-2016-9540SUSE Liberty Linux 7
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
ModerateCVE-2016-9540 at SUSECVE-2016-9540 at NVDSUSE bug 1011839SUSE bug 1013308cpe:/o:suse:sll:7CVE-2016-9555SUSE Liberty Linux 7
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
ModerateCVE-2016-9555 at SUSECVE-2016-9555 at NVDSUSE bug 1011685SUSE bug 1012183SUSE bug 1115893cpe:/o:suse:sll:7CVE-2016-9560SUSE Liberty Linux 7
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
ImportantCVE-2016-9560 at SUSECVE-2016-9560 at NVDSUSE bug 1011830SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9573SUSE Liberty Linux 7
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
ModerateCVE-2016-9573 at SUSECVE-2016-9573 at NVDSUSE bug 1007739SUSE bug 1007744SUSE bug 1014543SUSE bug 1015662cpe:/o:suse:sll:7CVE-2016-9575SUSE Liberty Linux 7
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.
ModerateCVE-2016-9575 at SUSECVE-2016-9575 at NVDSUSE bug 1015564cpe:/o:suse:sll:7CVE-2016-9576SUSE Liberty Linux 7
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
ImportantCVE-2016-9576 at SUSECVE-2016-9576 at NVDSUSE bug 1013604SUSE bug 1014271SUSE bug 1017710SUSE bug 1019079SUSE bug 1019668SUSE bug 1115893cpe:/o:suse:sll:7CVE-2016-9577SUSE Liberty Linux 7
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
ImportantCVE-2016-9577 at SUSECVE-2016-9577 at NVDSUSE bug 1023078cpe:/o:suse:sll:7CVE-2016-9578SUSE Liberty Linux 7
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
ImportantCVE-2016-9578 at SUSECVE-2016-9578 at NVDSUSE bug 1023078SUSE bug 1023079cpe:/o:suse:sll:7CVE-2016-9583SUSE Liberty Linux 7
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
ModerateCVE-2016-9583 at SUSECVE-2016-9583 at NVDSUSE bug 1015400SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9588SUSE Liberty Linux 7
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
ModerateCVE-2016-9588 at SUSECVE-2016-9588 at NVDSUSE bug 1015703SUSE bug 1017512cpe:/o:suse:sll:7CVE-2016-9591SUSE Liberty Linux 7
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
ModerateCVE-2016-9591 at SUSECVE-2016-9591 at NVDSUSE bug 1015993SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9600SUSE Liberty Linux 7
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
ModerateCVE-2016-9600 at SUSECVE-2016-9600 at NVDSUSE bug 1018088SUSE bug 1178702cpe:/o:suse:sll:7CVE-2016-9603SUSE Liberty Linux 7
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
LowCVE-2016-9603 at SUSECVE-2016-9603 at NVDSUSE bug 1028655SUSE bug 1028656SUSE bug 1178658cpe:/o:suse:sll:7CVE-2016-9604SUSE Liberty Linux 7
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.
ModerateCVE-2016-9604 at SUSECVE-2016-9604 at NVDSUSE bug 1035576cpe:/o:suse:sll:7CVE-2016-9634SUSE Liberty Linux 7
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
ModerateCVE-2016-9634 at SUSECVE-2016-9634 at NVDSUSE bug 1012102SUSE bug 1012103SUSE bug 1012104cpe:/o:suse:sll:7CVE-2016-9635SUSE Liberty Linux 7
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
ModerateCVE-2016-9635 at SUSECVE-2016-9635 at NVDSUSE bug 1012102SUSE bug 1012103SUSE bug 1012104SUSE bug 1013653cpe:/o:suse:sll:7CVE-2016-9636SUSE Liberty Linux 7
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
ModerateCVE-2016-9636 at SUSECVE-2016-9636 at NVDSUSE bug 1012102SUSE bug 1012103SUSE bug 1012104cpe:/o:suse:sll:7CVE-2016-9675SUSE Liberty Linux 7
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
ImportantCVE-2016-9675 at SUSECVE-2016-9675 at NVDSUSE bug 1012822cpe:/o:suse:sll:7CVE-2016-9685SUSE Liberty Linux 7
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.
LowCVE-2016-9685 at SUSECVE-2016-9685 at NVDSUSE bug 1012832cpe:/o:suse:sll:7CVE-2016-9793SUSE Liberty Linux 7
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
ModerateCVE-2016-9793 at SUSECVE-2016-9793 at NVDSUSE bug 1013531SUSE bug 1013542SUSE bug 1115893cpe:/o:suse:sll:7CVE-2016-9806SUSE Liberty Linux 7
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
ImportantCVE-2016-9806 at SUSECVE-2016-9806 at NVDSUSE bug 1013540SUSE bug 1017589cpe:/o:suse:sll:7CVE-2016-9807SUSE Liberty Linux 7
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
ImportantCVE-2016-9807 at SUSECVE-2016-9807 at NVDSUSE bug 1013655cpe:/o:suse:sll:7CVE-2016-9808SUSE Liberty Linux 7
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
ImportantCVE-2016-9808 at SUSECVE-2016-9808 at NVDSUSE bug 1012102SUSE bug 1012103SUSE bug 1012104SUSE bug 1013653cpe:/o:suse:sll:7CVE-2016-9809SUSE Liberty Linux 7
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
ModerateCVE-2016-9809 at SUSECVE-2016-9809 at NVDSUSE bug 1013659cpe:/o:suse:sll:7CVE-2016-9810SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
ModerateCVE-2016-9810 at SUSECVE-2016-9810 at NVDSUSE bug 1013663cpe:/o:suse:sll:7CVE-2016-9811SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
ModerateCVE-2016-9811 at SUSECVE-2016-9811 at NVDSUSE bug 1013669cpe:/o:suse:sll:7CVE-2016-9812SUSE Liberty Linux 7
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
ModerateCVE-2016-9812 at SUSECVE-2016-9812 at NVDSUSE bug 1013678cpe:/o:suse:sll:7CVE-2016-9813SUSE Liberty Linux 7
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
ImportantCVE-2016-9813 at SUSECVE-2016-9813 at NVDSUSE bug 1013680cpe:/o:suse:sll:7CVE-2016-9840SUSE Liberty Linux 7 LTSS
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CriticalCVE-2016-9840 at SUSECVE-2016-9840 at NVDSUSE bug 1003579SUSE bug 1022633SUSE bug 1023215SUSE bug 1038505SUSE bug 1062104SUSE bug 1120866SUSE bug 1123150SUSE bug 1127473SUSE bug 1184301CVE-2016-9893SUSE Liberty Linux 7
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
ModerateCVE-2016-9893 at SUSECVE-2016-9893 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9895SUSE Liberty Linux 7
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
ModerateCVE-2016-9895 at SUSECVE-2016-9895 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9897SUSE Liberty Linux 7
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
ModerateCVE-2016-9897 at SUSECVE-2016-9897 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9898SUSE Liberty Linux 7
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
ModerateCVE-2016-9898 at SUSECVE-2016-9898 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9899SUSE Liberty Linux 7
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
ModerateCVE-2016-9899 at SUSECVE-2016-9899 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9900SUSE Liberty Linux 7
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
ModerateCVE-2016-9900 at SUSECVE-2016-9900 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9901SUSE Liberty Linux 7
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
ModerateCVE-2016-9901 at SUSECVE-2016-9901 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9902SUSE Liberty Linux 7
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
ModerateCVE-2016-9902 at SUSECVE-2016-9902 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9904SUSE Liberty Linux 7
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
ModerateCVE-2016-9904 at SUSECVE-2016-9904 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2016-9905SUSE Liberty Linux 7
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
ModerateCVE-2016-9905 at SUSECVE-2016-9905 at NVDSUSE bug 1015422SUSE bug 1015527SUSE bug 1015528SUSE bug 1015529SUSE bug 1015530SUSE bug 1015531SUSE bug 1015533SUSE bug 1015534SUSE bug 1015535SUSE bug 1015536SUSE bug 1015537SUSE bug 1015538SUSE bug 1015540SUSE bug 1015541SUSE bug 1015542cpe:/o:suse:sll:7CVE-2017-0393SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808.
ImportantCVE-2017-0393 at SUSECVE-2017-0393 at NVDcpe:/o:suse:sll:7CVE-2017-0553SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.
ImportantCVE-2017-0553 at SUSECVE-2017-0553 at NVDcpe:/o:suse:sll:7CVE-2017-0861SUSE Liberty Linux 7
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
ModerateCVE-2017-0861 at SUSECVE-2017-0861 at NVDSUSE bug 1088260SUSE bug 1088268SUSE bug 1091815SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-0898SUSE Liberty Linux 7
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
ModerateCVE-2017-0898 at SUSECVE-2017-0898 at NVDSUSE bug 1058755cpe:/o:suse:sll:7CVE-2017-0899SUSE Liberty Linux 7
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
ImportantCVE-2017-0899 at SUSECVE-2017-0899 at NVDSUSE bug 1056286cpe:/o:suse:sll:7CVE-2017-0900SUSE Liberty Linux 7
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
ImportantCVE-2017-0900 at SUSECVE-2017-0900 at NVDSUSE bug 1056286cpe:/o:suse:sll:7CVE-2017-0901SUSE Liberty Linux 7
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
ImportantCVE-2017-0901 at SUSECVE-2017-0901 at NVDSUSE bug 1056286cpe:/o:suse:sll:7CVE-2017-0902SUSE Liberty Linux 7
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
ImportantCVE-2017-0902 at SUSECVE-2017-0902 at NVDSUSE bug 1056286cpe:/o:suse:sll:7CVE-2017-0903SUSE Liberty Linux 7
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.
ModerateCVE-2017-0903 at SUSECVE-2017-0903 at NVDSUSE bug 1062452cpe:/o:suse:sll:7CVE-2017-1000050SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
ModerateCVE-2017-1000050 at SUSECVE-2017-1000050 at NVDSUSE bug 1047958SUSE bug 1078851SUSE bug 1178702cpe:/o:suse:sll:7CVE-2017-1000061SUSE Liberty Linux 7
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
ModerateCVE-2017-1000061 at SUSECVE-2017-1000061 at NVDSUSE bug 1010675SUSE bug 1082267SUSE bug 1118959cpe:/o:suse:sll:7CVE-2017-1000083SUSE Liberty Linux 7
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
ModerateCVE-2017-1000083 at SUSECVE-2017-1000083 at NVDSUSE bug 1046856cpe:/o:suse:sll:7CVE-2017-1000111SUSE Liberty Linux 7
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
ImportantCVE-2017-1000111 at SUSECVE-2017-1000111 at NVDSUSE bug 1052365SUSE bug 1052367cpe:/o:suse:sll:7CVE-2017-1000112SUSE Liberty Linux 7
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
ImportantCVE-2017-1000112 at SUSECVE-2017-1000112 at NVDSUSE bug 1052311SUSE bug 1052365SUSE bug 1052368SUSE bug 1072117SUSE bug 1072162SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-1000115SUSE Liberty Linux 7
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
ModerateCVE-2017-1000115 at SUSECVE-2017-1000115 at NVDSUSE bug 1053344cpe:/o:suse:sll:7CVE-2017-1000116SUSE Liberty Linux 7
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
ImportantCVE-2017-1000116 at SUSECVE-2017-1000116 at NVDSUSE bug 1052481SUSE bug 1052696SUSE bug 1052932SUSE bug 1053364SUSE bug 1054653SUSE bug 1066430SUSE bug 1071709cpe:/o:suse:sll:7CVE-2017-1000117SUSE Liberty Linux 7
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
ImportantCVE-2017-1000117 at SUSECVE-2017-1000117 at NVDSUSE bug 1052481SUSE bug 1052696SUSE bug 1052932SUSE bug 1053364SUSE bug 1053600SUSE bug 1053919SUSE bug 1054653SUSE bug 1058214SUSE bug 1066430SUSE bug 1071709cpe:/o:suse:sll:7CVE-2017-1000250SUSE Liberty Linux 7
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
LowCVE-2017-1000250 at SUSECVE-2017-1000250 at NVDSUSE bug 1057342cpe:/o:suse:sll:7CVE-2017-1000251SUSE Liberty Linux 7
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
ModerateCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDSUSE bug 1057389SUSE bug 1057950SUSE bug 1070535SUSE bug 1072117SUSE bug 1072162SUSE bug 1120758cpe:/o:suse:sll:7CVE-2017-1000252SUSE Liberty Linux 7
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
ModerateCVE-2017-1000252 at SUSECVE-2017-1000252 at NVDSUSE bug 1058038cpe:/o:suse:sll:7CVE-2017-1000257SUSE Liberty Linux 7
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
ModerateCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDSUSE bug 1063824cpe:/o:suse:sll:7CVE-2017-1000364SUSE Liberty Linux 7
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
ImportantCVE-2017-1000364 at SUSECVE-2017-1000364 at NVDSUSE bug 1039346SUSE bug 1039348SUSE bug 1042200SUSE bug 1044985SUSE bug 1071943SUSE bug 1075506SUSE bug 1077345SUSE bug 1115893SUSE bug 1149726cpe:/o:suse:sll:7CVE-2017-1000366SUSE Liberty Linux 7
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
ImportantCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDSUSE bug 1037551SUSE bug 1039357SUSE bug 1063847SUSE bug 1071319SUSE bug 1123874cpe:/o:suse:sll:7CVE-2017-1000367SUSE Liberty Linux 7
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
ImportantCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDSUSE bug 1007501SUSE bug 1039361SUSE bug 1042146SUSE bug 1077345cpe:/o:suse:sll:7CVE-2017-1000368SUSE Liberty Linux 7
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
ImportantCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDSUSE bug 1039361SUSE bug 1042146SUSE bug 1045986cpe:/o:suse:sll:7CVE-2017-1000380SUSE Liberty Linux 7
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
LowCVE-2017-1000380 at SUSECVE-2017-1000380 at NVDSUSE bug 1044125cpe:/o:suse:sll:7CVE-2017-1000407SUSE Liberty Linux 7
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
ModerateCVE-2017-1000407 at SUSECVE-2017-1000407 at NVDSUSE bug 1071021cpe:/o:suse:sll:7CVE-2017-1000410SUSE Liberty Linux 7
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).
LowCVE-2017-1000410 at SUSECVE-2017-1000410 at NVDSUSE bug 1070535cpe:/o:suse:sll:7CVE-2017-1000476SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
ImportantCVE-2017-1000476 at SUSECVE-2017-1000476 at NVDSUSE bug 1074610cpe:/o:suse:sll:7CVE-2017-10053SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10053 at SUSECVE-2017-10053 at NVDSUSE bug 1049305cpe:/o:suse:sll:7CVE-2017-10067SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
ModerateCVE-2017-10067 at SUSECVE-2017-10067 at NVDSUSE bug 1049306cpe:/o:suse:sll:7CVE-2017-10074SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2017-10074 at SUSECVE-2017-10074 at NVDSUSE bug 1049307SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10078SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
ImportantCVE-2017-10078 at SUSECVE-2017-10078 at NVDSUSE bug 1049308SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10081SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
ModerateCVE-2017-10081 at SUSECVE-2017-10081 at NVDSUSE bug 1049309SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10087SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10087 at SUSECVE-2017-10087 at NVDSUSE bug 1049311SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10089SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10089 at SUSECVE-2017-10089 at NVDSUSE bug 1049312SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10090SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10090 at SUSECVE-2017-10090 at NVDSUSE bug 1049313SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10096SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10096 at SUSECVE-2017-10096 at NVDSUSE bug 1049314SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10101SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10101 at SUSECVE-2017-10101 at NVDSUSE bug 1049315SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10102SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
ModerateCVE-2017-10102 at SUSECVE-2017-10102 at NVDSUSE bug 1049316SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10107SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
CriticalCVE-2017-10107 at SUSECVE-2017-10107 at NVDSUSE bug 1049318SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10108SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10108 at SUSECVE-2017-10108 at NVDSUSE bug 1049319SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10109SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10109 at SUSECVE-2017-10109 at NVDSUSE bug 1049320SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10110SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10110 at SUSECVE-2017-10110 at NVDSUSE bug 1049321SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10111SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10111 at SUSECVE-2017-10111 at NVDSUSE bug 1049322SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10115SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
ImportantCVE-2017-10115 at SUSECVE-2017-10115 at NVDSUSE bug 1020905SUSE bug 1049324SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10116SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2017-10116 at SUSECVE-2017-10116 at NVDSUSE bug 1049325SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10135SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2017-10135 at SUSECVE-2017-10135 at NVDSUSE bug 1049328SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10193SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
LowCVE-2017-10193 at SUSECVE-2017-10193 at NVDSUSE bug 1049330SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10198SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2017-10198 at SUSECVE-2017-10198 at NVDSUSE bug 1049331SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10243SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
ModerateCVE-2017-10243 at SUSECVE-2017-10243 at NVDSUSE bug 1049332SUSE bug 1049333cpe:/o:suse:sll:7CVE-2017-10268SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2017-10268 at SUSECVE-2017-10268 at NVDSUSE bug 1064101SUSE bug 1064119SUSE bug 1076505SUSE bug 1076506cpe:/o:suse:sll:7CVE-2017-10274SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).
ModerateCVE-2017-10274 at SUSECVE-2017-10274 at NVDSUSE bug 1064071cpe:/o:suse:sll:7CVE-2017-10281SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10281 at SUSECVE-2017-10281 at NVDSUSE bug 1064072SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10285SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2017-10285 at SUSECVE-2017-10285 at NVDSUSE bug 1064073SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10295SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
ModerateCVE-2017-10295 at SUSECVE-2017-10295 at NVDSUSE bug 1064075SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10345SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
LowCVE-2017-10345 at SUSECVE-2017-10345 at NVDSUSE bug 1064077SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10346SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-10346 at SUSECVE-2017-10346 at NVDSUSE bug 1064078SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10347SUSE Liberty Linux 7
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10347 at SUSECVE-2017-10347 at NVDSUSE bug 1064079SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10348SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10348 at SUSECVE-2017-10348 at NVDSUSE bug 1064080SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10349SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10349 at SUSECVE-2017-10349 at NVDSUSE bug 1064081SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10350SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10350 at SUSECVE-2017-10350 at NVDSUSE bug 1064082SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10355SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10355 at SUSECVE-2017-10355 at NVDSUSE bug 1064083SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10356SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2017-10356 at SUSECVE-2017-10356 at NVDSUSE bug 1064084SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10357SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2017-10357 at SUSECVE-2017-10357 at NVDSUSE bug 1064085SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10378SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2017-10378 at SUSECVE-2017-10378 at NVDSUSE bug 1064115SUSE bug 1064119SUSE bug 1076505SUSE bug 1076506cpe:/o:suse:sll:7CVE-2017-10379SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2017-10379 at SUSECVE-2017-10379 at NVDSUSE bug 1064116SUSE bug 1064119SUSE bug 1076506cpe:/o:suse:sll:7CVE-2017-10384SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2017-10384 at SUSECVE-2017-10384 at NVDSUSE bug 1064117SUSE bug 1064119SUSE bug 1076506cpe:/o:suse:sll:7CVE-2017-10388SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
ModerateCVE-2017-10388 at SUSECVE-2017-10388 at NVDSUSE bug 1064086SUSE bug 1070162cpe:/o:suse:sll:7CVE-2017-10661SUSE Liberty Linux 7
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
ImportantCVE-2017-10661 at SUSECVE-2017-10661 at NVDSUSE bug 1053152SUSE bug 1053153SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-10664SUSE Liberty Linux 7
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
ModerateCVE-2017-10664 at SUSECVE-2017-10664 at NVDSUSE bug 1046636SUSE bug 1046637SUSE bug 1178658cpe:/o:suse:sll:7CVE-2017-10784SUSE Liberty Linux 7
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
ModerateCVE-2017-10784 at SUSECVE-2017-10784 at NVDSUSE bug 1058754cpe:/o:suse:sll:7CVE-2017-10978SUSE Liberty Linux 7
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
ModerateCVE-2017-10978 at SUSECVE-2017-10978 at NVDSUSE bug 1049086cpe:/o:suse:sll:7CVE-2017-10983SUSE Liberty Linux 7
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
ModerateCVE-2017-10983 at SUSECVE-2017-10983 at NVDSUSE bug 1049086cpe:/o:suse:sll:7CVE-2017-10984SUSE Liberty Linux 7
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
ModerateCVE-2017-10984 at SUSECVE-2017-10984 at NVDSUSE bug 1049086cpe:/o:suse:sll:7CVE-2017-10985SUSE Liberty Linux 7
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
ModerateCVE-2017-10985 at SUSECVE-2017-10985 at NVDSUSE bug 1049086cpe:/o:suse:sll:7CVE-2017-10986SUSE Liberty Linux 7
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
ModerateCVE-2017-10986 at SUSECVE-2017-10986 at NVDSUSE bug 1049086cpe:/o:suse:sll:7CVE-2017-10987SUSE Liberty Linux 7
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
ModerateCVE-2017-10987 at SUSECVE-2017-10987 at NVDSUSE bug 1049086cpe:/o:suse:sll:7CVE-2017-11166SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.
ModerateCVE-2017-11166 at SUSECVE-2017-11166 at NVDSUSE bug 1048110cpe:/o:suse:sll:7CVE-2017-11176SUSE Liberty Linux 7
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
ImportantCVE-2017-11176 at SUSECVE-2017-11176 at NVDSUSE bug 1048275SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-11368SUSE Liberty Linux 7
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
ModerateCVE-2017-11368 at SUSECVE-2017-11368 at NVDSUSE bug 1049819cpe:/o:suse:sll:7CVE-2017-11600SUSE Liberty Linux 7
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.
ImportantCVE-2017-11600 at SUSECVE-2017-11600 at NVDSUSE bug 1050231SUSE bug 1096564SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-11671SUSE Liberty Linux 7
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
ModerateCVE-2017-11671 at SUSECVE-2017-11671 at NVDSUSE bug 1050947cpe:/o:suse:sll:7CVE-2017-12132SUSE Liberty Linux 7
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
ModerateCVE-2017-12132 at SUSECVE-2017-12132 at NVDSUSE bug 1051791SUSE bug 1123874cpe:/o:suse:sll:7CVE-2017-12150SUSE Liberty Linux 7
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
ImportantCVE-2017-12150 at SUSECVE-2017-12150 at NVDSUSE bug 1058622cpe:/o:suse:sll:7CVE-2017-12151SUSE Liberty Linux 7
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
ImportantCVE-2017-12151 at SUSECVE-2017-12151 at NVDSUSE bug 1058565cpe:/o:suse:sll:7CVE-2017-12154SUSE Liberty Linux 7
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
ModerateCVE-2017-12154 at SUSECVE-2017-12154 at NVDSUSE bug 1058038SUSE bug 1058507cpe:/o:suse:sll:7CVE-2017-12163SUSE Liberty Linux 7
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
ModerateCVE-2017-12163 at SUSECVE-2017-12163 at NVDSUSE bug 1058410SUSE bug 1058624cpe:/o:suse:sll:7CVE-2017-12172SUSE Liberty Linux 7
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.
ImportantCVE-2017-12172 at SUSECVE-2017-12172 at NVDSUSE bug 1062538SUSE bug 1062722SUSE bug 1185814cpe:/o:suse:sll:7CVE-2017-12173SUSE Liberty Linux 7
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.
LowCVE-2017-12173 at SUSECVE-2017-12173 at NVDSUSE bug 1061832cpe:/o:suse:sll:7CVE-2017-12188SUSE Liberty Linux 7
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."
ModerateCVE-2017-12188 at SUSECVE-2017-12188 at NVDSUSE bug 1062604SUSE bug 1096566cpe:/o:suse:sll:7CVE-2017-12190SUSE Liberty Linux 7
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
ModerateCVE-2017-12190 at SUSECVE-2017-12190 at NVDSUSE bug 1062568SUSE bug 1091815cpe:/o:suse:sll:7CVE-2017-12192SUSE Liberty Linux 7
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.
ModerateCVE-2017-12192 at SUSECVE-2017-12192 at NVDSUSE bug 1062840cpe:/o:suse:sll:7CVE-2017-12193SUSE Liberty Linux 7
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.
ModerateCVE-2017-12193 at SUSECVE-2017-12193 at NVDSUSE bug 1066192cpe:/o:suse:sll:7CVE-2017-12613SUSE Liberty Linux 7
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
LowCVE-2017-12613 at SUSECVE-2017-12613 at NVDSUSE bug 1064982SUSE bug 1190072cpe:/o:suse:sll:7CVE-2017-12615SUSE Liberty Linux 7
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
ModerateCVE-2017-12615 at SUSECVE-2017-12615 at NVDSUSE bug 1059554SUSE bug 1180947cpe:/o:suse:sll:7CVE-2017-12617SUSE Liberty Linux 7
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
ModerateCVE-2017-12617 at SUSECVE-2017-12617 at NVDSUSE bug 1059554SUSE bug 1062607SUSE bug 1180947SUSE bug 1189861cpe:/o:suse:sll:7CVE-2017-12652SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
LowCVE-2017-12652 at SUSECVE-2017-12652 at NVDSUSE bug 1141493cpe:/o:suse:sll:7CVE-2017-12805SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.
LowCVE-2017-12805 at SUSECVE-2017-12805 at NVDSUSE bug 1135236cpe:/o:suse:sll:7CVE-2017-12806SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
LowCVE-2017-12806 at SUSECVE-2017-12806 at NVDSUSE bug 1135232cpe:/o:suse:sll:7CVE-2017-13077SUSE Liberty Linux 7
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
ModerateCVE-2017-13077 at SUSECVE-2017-13077 at NVDSUSE bug 1056061SUSE bug 1063479SUSE bug 1063963SUSE bug 1179588cpe:/o:suse:sll:7CVE-2017-13078SUSE Liberty Linux 7
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
ModerateCVE-2017-13078 at SUSECVE-2017-13078 at NVDSUSE bug 1056061SUSE bug 1063479SUSE bug 1063667SUSE bug 1179588cpe:/o:suse:sll:7CVE-2017-13080SUSE Liberty Linux 7
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDSUSE bug 1056061SUSE bug 1063479SUSE bug 1063667SUSE bug 1063671SUSE bug 1066295SUSE bug 1105108SUSE bug 1178872SUSE bug 1179588cpe:/o:suse:sll:7CVE-2017-13082SUSE Liberty Linux 7
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
ModerateCVE-2017-13082 at SUSECVE-2017-13082 at NVDSUSE bug 1056061SUSE bug 1063479SUSE bug 1179588cpe:/o:suse:sll:7CVE-2017-13086SUSE Liberty Linux 7
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
ModerateCVE-2017-13086 at SUSECVE-2017-13086 at NVDSUSE bug 1056061SUSE bug 1063479SUSE bug 1179588cpe:/o:suse:sll:7CVE-2017-13087SUSE Liberty Linux 7
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
ModerateCVE-2017-13087 at SUSECVE-2017-13087 at NVDSUSE bug 1056061SUSE bug 1063479SUSE bug 1179588cpe:/o:suse:sll:7CVE-2017-13088SUSE Liberty Linux 7
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
ModerateCVE-2017-13088 at SUSECVE-2017-13088 at NVDSUSE bug 1056061SUSE bug 1063479SUSE bug 1179588cpe:/o:suse:sll:7CVE-2017-13089SUSE Liberty Linux 7
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.
ImportantCVE-2017-13089 at SUSECVE-2017-13089 at NVDSUSE bug 1064715cpe:/o:suse:sll:7CVE-2017-13090SUSE Liberty Linux 7
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.
ImportantCVE-2017-13090 at SUSECVE-2017-13090 at NVDSUSE bug 1064716cpe:/o:suse:sll:7CVE-2017-13166SUSE Liberty Linux 7
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
ModerateCVE-2017-13166 at SUSECVE-2017-13166 at NVDSUSE bug 1072865SUSE bug 1074488SUSE bug 1085447SUSE bug 1087082SUSE bug 1091815cpe:/o:suse:sll:7CVE-2017-13215SUSE Liberty Linux 7
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.
ModerateCVE-2017-13215 at SUSECVE-2017-13215 at NVDSUSE bug 1075908SUSE bug 1091815cpe:/o:suse:sll:7CVE-2017-13672SUSE Liberty Linux 7
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
LowCVE-2017-13672 at SUSECVE-2017-13672 at NVDSUSE bug 1056334SUSE bug 1056336SUSE bug 1084604cpe:/o:suse:sll:7CVE-2017-13711SUSE Liberty Linux 7
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
LowCVE-2017-13711 at SUSECVE-2017-13711 at NVDSUSE bug 1056291cpe:/o:suse:sll:7CVE-2017-13738SUSE Liberty Linux 7
There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.
ImportantCVE-2017-13738 at SUSECVE-2017-13738 at NVDSUSE bug 1056105cpe:/o:suse:sll:7CVE-2017-13740SUSE Liberty Linux 7
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact.
ImportantCVE-2017-13740 at SUSECVE-2017-13740 at NVDSUSE bug 1056097cpe:/o:suse:sll:7CVE-2017-13741SUSE Liberty Linux 7
There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack.
ImportantCVE-2017-13741 at SUSECVE-2017-13741 at NVDSUSE bug 1056095cpe:/o:suse:sll:7CVE-2017-13742SUSE Liberty Linux 7
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack.
ImportantCVE-2017-13742 at SUSECVE-2017-13742 at NVDSUSE bug 1056093cpe:/o:suse:sll:7CVE-2017-13743SUSE Liberty Linux 7
There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.
ImportantCVE-2017-13743 at SUSECVE-2017-13743 at NVDSUSE bug 1056090cpe:/o:suse:sll:7CVE-2017-13744SUSE Liberty Linux 7
There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
ImportantCVE-2017-13744 at SUSECVE-2017-13744 at NVDSUSE bug 1056088cpe:/o:suse:sll:7CVE-2017-14033SUSE Liberty Linux 7
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
ModerateCVE-2017-14033 at SUSECVE-2017-14033 at NVDSUSE bug 1058757cpe:/o:suse:sll:7CVE-2017-14064SUSE Liberty Linux 7
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
ModerateCVE-2017-14064 at SUSECVE-2017-14064 at NVDSUSE bug 1056782cpe:/o:suse:sll:7CVE-2017-14106SUSE Liberty Linux 7
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.
ModerateCVE-2017-14106 at SUSECVE-2017-14106 at NVDSUSE bug 1056982cpe:/o:suse:sll:7CVE-2017-14140SUSE Liberty Linux 7
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
LowCVE-2017-14140 at SUSECVE-2017-14140 at NVDSUSE bug 1057179cpe:/o:suse:sll:7CVE-2017-14167SUSE Liberty Linux 7
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
LowCVE-2017-14167 at SUSECVE-2017-14167 at NVDSUSE bug 1057585cpe:/o:suse:sll:7CVE-2017-14482SUSE Liberty Linux 7
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
CriticalCVE-2017-14482 at SUSECVE-2017-14482 at NVDSUSE bug 1058425cpe:/o:suse:sll:7CVE-2017-14491SUSE Liberty Linux 7
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
ModerateCVE-2017-14491 at SUSECVE-2017-14491 at NVDSUSE bug 1060354SUSE bug 1060360SUSE bug 1060361SUSE bug 1060362SUSE bug 1060364SUSE bug 1063832SUSE bug 1143944cpe:/o:suse:sll:7CVE-2017-14492SUSE Liberty Linux 7
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
ModerateCVE-2017-14492 at SUSECVE-2017-14492 at NVDSUSE bug 1060355SUSE bug 1060360SUSE bug 1060361SUSE bug 1060362SUSE bug 1060364SUSE bug 1063832cpe:/o:suse:sll:7CVE-2017-14493SUSE Liberty Linux 7
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
ModerateCVE-2017-14493 at SUSECVE-2017-14493 at NVDSUSE bug 1060360SUSE bug 1060361SUSE bug 1060362SUSE bug 1060364SUSE bug 1063832cpe:/o:suse:sll:7CVE-2017-14494SUSE Liberty Linux 7
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
ModerateCVE-2017-14494 at SUSECVE-2017-14494 at NVDSUSE bug 1060360SUSE bug 1060361SUSE bug 1060362SUSE bug 1060364cpe:/o:suse:sll:7CVE-2017-14495SUSE Liberty Linux 7
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
ImportantCVE-2017-14495 at SUSECVE-2017-14495 at NVDSUSE bug 1060360SUSE bug 1060361SUSE bug 1060362SUSE bug 1060364cpe:/o:suse:sll:7CVE-2017-14496SUSE Liberty Linux 7
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
ImportantCVE-2017-14496 at SUSECVE-2017-14496 at NVDSUSE bug 1060360SUSE bug 1060361SUSE bug 1060362SUSE bug 1060364cpe:/o:suse:sll:7CVE-2017-14503SUSE Liberty Linux 7
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
ModerateCVE-2017-14503 at SUSECVE-2017-14503 at NVDSUSE bug 1059100cpe:/o:suse:sll:7CVE-2017-14604SUSE Liberty Linux 7
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
ModerateCVE-2017-14604 at SUSECVE-2017-14604 at NVDSUSE bug 1060031cpe:/o:suse:sll:7CVE-2017-14746SUSE Liberty Linux 7
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
ImportantCVE-2017-14746 at SUSECVE-2017-14746 at NVDSUSE bug 1060427SUSE bug 1069666cpe:/o:suse:sll:7CVE-2017-15041SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."
CriticalCVE-2017-15041 at SUSECVE-2017-15041 at NVDSUSE bug 1062085cpe:/o:suse:sll:7CVE-2017-15042SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.
LowCVE-2017-15042 at SUSECVE-2017-15042 at NVDSUSE bug 1062087cpe:/o:suse:sll:7CVE-2017-15097SUSE Liberty Linux 7
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
ImportantCVE-2017-15097 at SUSECVE-2017-15097 at NVDcpe:/o:suse:sll:7CVE-2017-15101SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
ImportantCVE-2017-15101 at SUSECVE-2017-15101 at NVDSUSE bug 1067336cpe:/o:suse:sll:7CVE-2017-15111SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
ModerateCVE-2017-15111 at SUSECVE-2017-15111 at NVDcpe:/o:suse:sll:7CVE-2017-15112SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
ImportantCVE-2017-15112 at SUSECVE-2017-15112 at NVDcpe:/o:suse:sll:7CVE-2017-15116SUSE Liberty Linux 7
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
LowCVE-2017-15116 at SUSECVE-2017-15116 at NVDSUSE bug 1070613cpe:/o:suse:sll:7CVE-2017-15121SUSE Liberty Linux 7
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
ModerateCVE-2017-15121 at SUSECVE-2017-15121 at NVDSUSE bug 1071726cpe:/o:suse:sll:7CVE-2017-15124SUSE Liberty Linux 7
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
ModerateCVE-2017-15124 at SUSECVE-2017-15124 at NVDSUSE bug 1073489cpe:/o:suse:sll:7CVE-2017-15126SUSE Liberty Linux 7
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
CriticalCVE-2017-15126 at SUSECVE-2017-15126 at NVDSUSE bug 1073108SUSE bug 1171522cpe:/o:suse:sll:7CVE-2017-15127SUSE Liberty Linux 7
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
ModerateCVE-2017-15127 at SUSECVE-2017-15127 at NVDSUSE bug 1073113cpe:/o:suse:sll:7CVE-2017-15129SUSE Liberty Linux 7
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
ModerateCVE-2017-15129 at SUSECVE-2017-15129 at NVDSUSE bug 1074839cpe:/o:suse:sll:7CVE-2017-15131SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
ImportantCVE-2017-15131 at SUSECVE-2017-15131 at NVDSUSE bug 1075378cpe:/o:suse:sll:7CVE-2017-15134SUSE Liberty Linux 7
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
LowCVE-2017-15134 at SUSECVE-2017-15134 at NVDSUSE bug 1007004SUSE bug 1076530cpe:/o:suse:sll:7CVE-2017-15135SUSE Liberty Linux 7
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
LowCVE-2017-15135 at SUSECVE-2017-15135 at NVDSUSE bug 1007004SUSE bug 1076530cpe:/o:suse:sll:7CVE-2017-15265SUSE Liberty Linux 7
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
ModerateCVE-2017-15265 at SUSECVE-2017-15265 at NVDSUSE bug 1062520SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-15268SUSE Liberty Linux 7
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
ModerateCVE-2017-15268 at SUSECVE-2017-15268 at NVDSUSE bug 1062942cpe:/o:suse:sll:7CVE-2017-15275SUSE Liberty Linux 7
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
ModerateCVE-2017-15275 at SUSECVE-2017-15275 at NVDSUSE bug 1063008SUSE bug 1069666cpe:/o:suse:sll:7CVE-2017-15289SUSE Liberty Linux 7
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
ModerateCVE-2017-15289 at SUSECVE-2017-15289 at NVDSUSE bug 1063122SUSE bug 1063123SUSE bug 1178658cpe:/o:suse:sll:7CVE-2017-15412SUSE Liberty Linux 7
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2017-15412 at SUSECVE-2017-15412 at NVDSUSE bug 1071691SUSE bug 1077993SUSE bug 1123129SUSE bug 1123919cpe:/o:suse:sll:7CVE-2017-15649SUSE Liberty Linux 7
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
ImportantCVE-2017-15649 at SUSECVE-2017-15649 at NVDSUSE bug 1064388SUSE bug 1064392SUSE bug 1087082cpe:/o:suse:sll:7CVE-2017-15670SUSE Liberty Linux 7
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
ImportantCVE-2017-15670 at SUSECVE-2017-15670 at NVDSUSE bug 1064583SUSE bug 1110160SUSE bug 1123874cpe:/o:suse:sll:7CVE-2017-15705SUSE Liberty Linux 7
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.
ImportantCVE-2017-15705 at SUSECVE-2017-15705 at NVDSUSE bug 1108745cpe:/o:suse:sll:7CVE-2017-15710SUSE Liberty Linux 7
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
ModerateCVE-2017-15710 at SUSECVE-2017-15710 at NVDSUSE bug 1086776cpe:/o:suse:sll:7CVE-2017-15715SUSE Liberty Linux 7
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
ModerateCVE-2017-15715 at SUSECVE-2017-15715 at NVDSUSE bug 1086774cpe:/o:suse:sll:7CVE-2017-15804SUSE Liberty Linux 7
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
ModerateCVE-2017-15804 at SUSECVE-2017-15804 at NVDSUSE bug 1064580SUSE bug 1110160SUSE bug 1123874cpe:/o:suse:sll:7CVE-2017-15906SUSE Liberty Linux 7
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
ModerateCVE-2017-15906 at SUSECVE-2017-15906 at NVDSUSE bug 1064285SUSE bug 1065000SUSE bug 1074115SUSE bug 1079488SUSE bug 1090163SUSE bug 1099316SUSE bug 1138392cpe:/o:suse:sll:7CVE-2017-16541SUSE Liberty Linux 7
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
ModerateCVE-2017-16541 at SUSECVE-2017-16541 at NVDSUSE bug 1066489SUSE bug 1107343cpe:/o:suse:sll:7CVE-2017-16844SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
ModerateCVE-2017-16844 at SUSECVE-2017-16844 at NVDSUSE bug 1068648cpe:/o:suse:sll:7CVE-2017-16939SUSE Liberty Linux 7
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
ModerateCVE-2017-16939 at SUSECVE-2017-16939 at NVDSUSE bug 1069702SUSE bug 1069708SUSE bug 1115893SUSE bug 1120260cpe:/o:suse:sll:7CVE-2017-16997SUSE Liberty Linux 7
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
ImportantCVE-2017-16997 at SUSECVE-2017-16997 at NVDSUSE bug 1073231cpe:/o:suse:sll:7CVE-2017-17405SUSE Liberty Linux 7
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
ImportantCVE-2017-17405 at SUSECVE-2017-17405 at NVDSUSE bug 1073002SUSE bug 1078782cpe:/o:suse:sll:7CVE-2017-17448SUSE Liberty Linux 7
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
ModerateCVE-2017-17448 at SUSECVE-2017-17448 at NVDSUSE bug 1071693cpe:/o:suse:sll:7CVE-2017-17449SUSE Liberty Linux 7
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
ModerateCVE-2017-17449 at SUSECVE-2017-17449 at NVDSUSE bug 1071694cpe:/o:suse:sll:7CVE-2017-17558SUSE Liberty Linux 7
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
ModerateCVE-2017-17558 at SUSECVE-2017-17558 at NVDSUSE bug 1072561SUSE bug 1087082SUSE bug 1146519cpe:/o:suse:sll:7CVE-2017-17724SUSE Liberty Linux 7
In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.
LowCVE-2017-17724 at SUSECVE-2017-17724 at NVDSUSE bug 1080736SUSE bug 1087892cpe:/o:suse:sll:7CVE-2017-17742SUSE Liberty Linux 7
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
ModerateCVE-2017-17742 at SUSECVE-2017-17742 at NVDSUSE bug 1087434SUSE bug 1136906SUSE bug 1152992cpe:/o:suse:sll:7CVE-2017-17790SUSE Liberty Linux 7
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
ModerateCVE-2017-17790 at SUSECVE-2017-17790 at NVDSUSE bug 1073002SUSE bug 1078782cpe:/o:suse:sll:7CVE-2017-17805SUSE Liberty Linux 7
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
ImportantCVE-2017-17805 at SUSECVE-2017-17805 at NVDSUSE bug 1073792SUSE bug 1087082SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-17807SUSE Liberty Linux 7
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
ModerateCVE-2017-17807 at SUSECVE-2017-17807 at NVDSUSE bug 1073860cpe:/o:suse:sll:7CVE-2017-17833SUSE Liberty Linux 7
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
ImportantCVE-2017-17833 at SUSECVE-2017-17833 at NVDSUSE bug 1090638SUSE bug 1099519SUSE bug 1126909cpe:/o:suse:sll:7CVE-2017-18017SUSE Liberty Linux 7
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
ModerateCVE-2017-18017 at SUSECVE-2017-18017 at NVDSUSE bug 1074488SUSE bug 1080255SUSE bug 1091815SUSE bug 1115893SUSE bug 971126cpe:/o:suse:sll:7CVE-2017-18189SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
ModerateCVE-2017-18189 at SUSECVE-2017-18189 at NVDSUSE bug 1081146SUSE bug 1141667cpe:/o:suse:sll:7CVE-2017-18190SUSE Liberty Linux 7
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
ImportantCVE-2017-18190 at SUSECVE-2017-18190 at NVDSUSE bug 1081557cpe:/o:suse:sll:7CVE-2017-18198SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
ModerateCVE-2017-18198 at SUSECVE-2017-18198 at NVDSUSE bug 1082819cpe:/o:suse:sll:7CVE-2017-18199SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
LowCVE-2017-18199 at SUSECVE-2017-18199 at NVDSUSE bug 1082821cpe:/o:suse:sll:7CVE-2017-18201SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
ModerateCVE-2017-18201 at SUSECVE-2017-18201 at NVDSUSE bug 1082877cpe:/o:suse:sll:7CVE-2017-18203SUSE Liberty Linux 7
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
ModerateCVE-2017-18203 at SUSECVE-2017-18203 at NVDSUSE bug 1083242SUSE bug 1091815cpe:/o:suse:sll:7CVE-2017-18205SUSE Liberty Linux 7
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
LowCVE-2017-18205 at SUSECVE-2017-18205 at NVDSUSE bug 1082998SUSE bug 1200039cpe:/o:suse:sll:7CVE-2017-18206SUSE Liberty Linux 7
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
ModerateCVE-2017-18206 at SUSECVE-2017-18206 at NVDSUSE bug 1083002SUSE bug 1215218cpe:/o:suse:sll:7CVE-2017-18208SUSE Liberty Linux 7
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
ModerateCVE-2017-18208 at SUSECVE-2017-18208 at NVDSUSE bug 1083494SUSE bug 1087082SUSE bug 1091815cpe:/o:suse:sll:7CVE-2017-18232SUSE Liberty Linux 7
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
LowCVE-2017-18232 at SUSECVE-2017-18232 at NVDSUSE bug 1085413cpe:/o:suse:sll:7CVE-2017-18233SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.
LowCVE-2017-18233 at SUSECVE-2017-18233 at NVDSUSE bug 1085584SUSE bug 1085585cpe:/o:suse:sll:7CVE-2017-18234SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.
ModerateCVE-2017-18234 at SUSECVE-2017-18234 at NVDSUSE bug 1085585SUSE bug 1103718cpe:/o:suse:sll:7CVE-2017-18236SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.
LowCVE-2017-18236 at SUSECVE-2017-18236 at NVDSUSE bug 1085585SUSE bug 1085589cpe:/o:suse:sll:7CVE-2017-18238SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.
LowCVE-2017-18238 at SUSECVE-2017-18238 at NVDSUSE bug 1085583SUSE bug 1085585cpe:/o:suse:sll:7CVE-2017-18251SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
LowCVE-2017-18251 at SUSECVE-2017-18251 at NVDSUSE bug 1087037cpe:/o:suse:sll:7CVE-2017-18252SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
LowCVE-2017-18252 at SUSECVE-2017-18252 at NVDSUSE bug 1087033cpe:/o:suse:sll:7CVE-2017-18254SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
LowCVE-2017-18254 at SUSECVE-2017-18254 at NVDSUSE bug 1087027cpe:/o:suse:sll:7CVE-2017-18258SUSE Liberty Linux 7
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
LowCVE-2017-18258 at SUSECVE-2017-18258 at NVDSUSE bug 1088279SUSE bug 1088601SUSE bug 1105166cpe:/o:suse:sll:7CVE-2017-18267SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
LowCVE-2017-18267 at SUSECVE-2017-18267 at NVDSUSE bug 1092945cpe:/o:suse:sll:7CVE-2017-18271SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
LowCVE-2017-18271 at SUSECVE-2017-18271 at NVDSUSE bug 1094204cpe:/o:suse:sll:7CVE-2017-18273SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
ImportantCVE-2017-18273 at SUSECVE-2017-18273 at NVDcpe:/o:suse:sll:7CVE-2017-18344SUSE Liberty Linux 7
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
ModerateCVE-2017-18344 at SUSECVE-2017-18344 at NVDSUSE bug 1087082SUSE bug 1102851SUSE bug 1103203SUSE bug 1103580SUSE bug 1215674cpe:/o:suse:sll:7CVE-2017-18551SUSE Liberty Linux 7
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
ModerateCVE-2017-18551 at SUSECVE-2017-18551 at NVDSUSE bug 1146163cpe:/o:suse:sll:7CVE-2017-18595SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
LowCVE-2017-18595 at SUSECVE-2017-18595 at NVDSUSE bug 1149555cpe:/o:suse:sll:7CVE-2017-18922SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
ImportantCVE-2017-18922 at SUSECVE-2017-18922 at NVDSUSE bug 1173477cpe:/o:suse:sll:7CVE-2017-2583SUSE Liberty Linux 7
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
ModerateCVE-2017-2583 at SUSECVE-2017-2583 at NVDSUSE bug 1020602SUSE bug 1030573SUSE bug 1087082cpe:/o:suse:sll:7CVE-2017-2590SUSE Liberty Linux 7
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
ImportantCVE-2017-2590 at SUSECVE-2017-2590 at NVDcpe:/o:suse:sll:7CVE-2017-2596SUSE Liberty Linux 7
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
LowCVE-2017-2596 at SUSECVE-2017-2596 at NVDSUSE bug 1022785SUSE bug 1027179cpe:/o:suse:sll:7CVE-2017-2615SUSE Liberty Linux 7
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
ModerateCVE-2017-2615 at SUSECVE-2017-2615 at NVDSUSE bug 1023004SUSE bug 1178658cpe:/o:suse:sll:7CVE-2017-2616SUSE Liberty Linux 7
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
ImportantCVE-2017-2616 at SUSECVE-2017-2616 at NVDSUSE bug 1023041SUSE bug 1123789cpe:/o:suse:sll:7CVE-2017-2618SUSE Liberty Linux 7
A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.
ModerateCVE-2017-2618 at SUSECVE-2017-2618 at NVDSUSE bug 1253081cpe:/o:suse:sll:7CVE-2017-2619SUSE Liberty Linux 7
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
ImportantCVE-2017-2619 at SUSECVE-2017-2619 at NVDSUSE bug 1027147SUSE bug 1036283SUSE bug 1054017cpe:/o:suse:sll:7CVE-2017-2620SUSE Liberty Linux 7
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
ModerateCVE-2017-2620 at SUSECVE-2017-2620 at NVDSUSE bug 1024834SUSE bug 1024972SUSE bug 1178658cpe:/o:suse:sll:7CVE-2017-2625SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
ModerateCVE-2017-2625 at SUSECVE-2017-2625 at NVDSUSE bug 1025046SUSE bug 1025068SUSE bug 1025639SUSE bug 1123802SUSE bug 815650cpe:/o:suse:sll:7CVE-2017-2626SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
ModerateCVE-2017-2626 at SUSECVE-2017-2626 at NVDSUSE bug 1025068SUSE bug 1025639SUSE bug 1048274SUSE bug 1123800cpe:/o:suse:sll:7CVE-2017-2633SUSE Liberty Linux 7
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
LowCVE-2017-2633 at SUSECVE-2017-2633 at NVDSUSE bug 1026612SUSE bug 1026636SUSE bug 1074701cpe:/o:suse:sll:7CVE-2017-2636SUSE Liberty Linux 7
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
ModerateCVE-2017-2636 at SUSECVE-2017-2636 at NVDSUSE bug 1027565SUSE bug 1027575SUSE bug 1028372SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-2640SUSE Liberty Linux 7
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
ImportantCVE-2017-2640 at SUSECVE-2017-2640 at NVDSUSE bug 1028835cpe:/o:suse:sll:7CVE-2017-2647SUSE Liberty Linux 7
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.
ImportantCVE-2017-2647 at SUSECVE-2017-2647 at NVDSUSE bug 1030593SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-2668SUSE Liberty Linux 7
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
CriticalCVE-2017-2668 at SUSECVE-2017-2668 at NVDSUSE bug 1069067cpe:/o:suse:sll:7CVE-2017-2671SUSE Liberty Linux 7
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
ImportantCVE-2017-2671 at SUSECVE-2017-2671 at NVDSUSE bug 1027179SUSE bug 1031003SUSE bug 1087082cpe:/o:suse:sll:7CVE-2017-2862SUSE Liberty Linux 7 LTSS
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
ImportantCVE-2017-2862 at SUSECVE-2017-2862 at NVDSUSE bug 1048289CVE-2017-2885SUSE Liberty Linux 7
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
ImportantCVE-2017-2885 at SUSECVE-2017-2885 at NVDSUSE bug 1052916cpe:/o:suse:sll:7CVE-2017-3135SUSE Liberty Linux 7
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
ImportantCVE-2017-3135 at SUSECVE-2017-3135 at NVDSUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1024130SUSE bug 1033466cpe:/o:suse:sll:7CVE-2017-3136SUSE Liberty Linux 7
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
ImportantCVE-2017-3136 at SUSECVE-2017-3136 at NVDSUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1024130SUSE bug 1033461SUSE bug 1033466SUSE bug 1081545cpe:/o:suse:sll:7CVE-2017-3137SUSE Liberty Linux 7
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
ImportantCVE-2017-3137 at SUSECVE-2017-3137 at NVDSUSE bug 1018700SUSE bug 1018701SUSE bug 1018702SUSE bug 1024130SUSE bug 1033461SUSE bug 1033466SUSE bug 1033467SUSE bug 1034162SUSE bug 1076118SUSE bug 1081545cpe:/o:suse:sll:7CVE-2017-3142SUSE Liberty Linux 7
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
ImportantCVE-2017-3142 at SUSECVE-2017-3142 at NVDSUSE bug 1024130SUSE bug 1046554SUSE bug 1046555cpe:/o:suse:sll:7CVE-2017-3143SUSE Liberty Linux 7
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
ImportantCVE-2017-3143 at SUSECVE-2017-3143 at NVDSUSE bug 1024130SUSE bug 1046554SUSE bug 1046555cpe:/o:suse:sll:7CVE-2017-3144SUSE Liberty Linux 7
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
ModerateCVE-2017-3144 at SUSECVE-2017-3144 at NVDSUSE bug 1076118SUSE bug 1076119cpe:/o:suse:sll:7CVE-2017-3145SUSE Liberty Linux 7
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
ImportantCVE-2017-3145 at SUSECVE-2017-3145 at NVDSUSE bug 1076118SUSE bug 1101131SUSE bug 1177790cpe:/o:suse:sll:7CVE-2017-3167SUSE Liberty Linux 7
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
ModerateCVE-2017-3167 at SUSECVE-2017-3167 at NVDSUSE bug 1045065SUSE bug 1078450cpe:/o:suse:sll:7CVE-2017-3169SUSE Liberty Linux 7
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
ModerateCVE-2017-3169 at SUSECVE-2017-3169 at NVDSUSE bug 1045062SUSE bug 1078450cpe:/o:suse:sll:7CVE-2017-3231SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
ModerateCVE-2017-3231 at SUSECVE-2017-3231 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2017-3238SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
ModerateCVE-2017-3238 at SUSECVE-2017-3238 at NVDSUSE bug 1020868SUSE bug 1020882cpe:/o:suse:sll:7CVE-2017-3241SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
ImportantCVE-2017-3241 at SUSECVE-2017-3241 at NVDSUSE bug 1020905SUSE bug 1024218SUSE bug 1163365cpe:/o:suse:sll:7CVE-2017-3243SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).
ModerateCVE-2017-3243 at SUSECVE-2017-3243 at NVDSUSE bug 1020868SUSE bug 1020891cpe:/o:suse:sll:7CVE-2017-3244SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
ModerateCVE-2017-3244 at SUSECVE-2017-3244 at NVDSUSE bug 1020868SUSE bug 1020877cpe:/o:suse:sll:7CVE-2017-3252SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).
ImportantCVE-2017-3252 at SUSECVE-2017-3252 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2017-3253SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).
ImportantCVE-2017-3253 at SUSECVE-2017-3253 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2017-3258SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
ModerateCVE-2017-3258 at SUSECVE-2017-3258 at NVDSUSE bug 1020868SUSE bug 1020875cpe:/o:suse:sll:7CVE-2017-3261SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
ModerateCVE-2017-3261 at SUSECVE-2017-3261 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2017-3265SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).
ModerateCVE-2017-3265 at SUSECVE-2017-3265 at NVDSUSE bug 1020868SUSE bug 1020885cpe:/o:suse:sll:7CVE-2017-3272SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).
ImportantCVE-2017-3272 at SUSECVE-2017-3272 at NVDSUSE bug 1020905SUSE bug 1024218cpe:/o:suse:sll:7CVE-2017-3289SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts).
CriticalCVE-2017-3289 at SUSECVE-2017-3289 at NVDSUSE bug 1020905SUSE bug 1024218SUSE bug 1163365cpe:/o:suse:sll:7CVE-2017-3291SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).
ModerateCVE-2017-3291 at SUSECVE-2017-3291 at NVDSUSE bug 1020868SUSE bug 1020884SUSE bug 998309cpe:/o:suse:sll:7CVE-2017-3302SUSE Liberty Linux 7
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
ModerateCVE-2017-3302 at SUSECVE-2017-3302 at NVDSUSE bug 1022428SUSE bug 1034850SUSE bug 1034911cpe:/o:suse:sll:7CVE-2017-3308SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
LowCVE-2017-3308 at SUSECVE-2017-3308 at NVDSUSE bug 1034850SUSE bug 1048715cpe:/o:suse:sll:7CVE-2017-3309SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
LowCVE-2017-3309 at SUSECVE-2017-3309 at NVDSUSE bug 1034850SUSE bug 1048715cpe:/o:suse:sll:7CVE-2017-3312SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).
ModerateCVE-2017-3312 at SUSECVE-2017-3312 at NVDSUSE bug 1020868SUSE bug 1020873SUSE bug 998309cpe:/o:suse:sll:7CVE-2017-3313SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).
LowCVE-2017-3313 at SUSECVE-2017-3313 at NVDSUSE bug 1020868SUSE bug 1020890SUSE bug 1034911cpe:/o:suse:sll:7CVE-2017-3317SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).
LowCVE-2017-3317 at SUSECVE-2017-3317 at NVDSUSE bug 1020868SUSE bug 1020894cpe:/o:suse:sll:7CVE-2017-3318SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).
ModerateCVE-2017-3318 at SUSECVE-2017-3318 at NVDSUSE bug 1020868SUSE bug 1020896cpe:/o:suse:sll:7CVE-2017-3453SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
LowCVE-2017-3453 at SUSECVE-2017-3453 at NVDSUSE bug 1034850SUSE bug 1048715cpe:/o:suse:sll:7CVE-2017-3456SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
LowCVE-2017-3456 at SUSECVE-2017-3456 at NVDSUSE bug 1034850SUSE bug 1048715cpe:/o:suse:sll:7CVE-2017-3464SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
LowCVE-2017-3464 at SUSECVE-2017-3464 at NVDSUSE bug 1034850SUSE bug 1048715cpe:/o:suse:sll:7CVE-2017-3509SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
ModerateCVE-2017-3509 at SUSECVE-2017-3509 at NVDSUSE bug 1034849SUSE bug 1038505cpe:/o:suse:sll:7CVE-2017-3511SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2017-3511 at SUSECVE-2017-3511 at NVDSUSE bug 1034849SUSE bug 1038505cpe:/o:suse:sll:7CVE-2017-3526SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
ImportantCVE-2017-3526 at SUSECVE-2017-3526 at NVDSUSE bug 1034849cpe:/o:suse:sll:7CVE-2017-3533SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2017-3533 at SUSECVE-2017-3533 at NVDSUSE bug 1034849SUSE bug 1038505cpe:/o:suse:sll:7CVE-2017-3539SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
ModerateCVE-2017-3539 at SUSECVE-2017-3539 at NVDSUSE bug 1005522SUSE bug 1034849SUSE bug 1038505cpe:/o:suse:sll:7CVE-2017-3544SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ImportantCVE-2017-3544 at SUSECVE-2017-3544 at NVDSUSE bug 1034849SUSE bug 1038505cpe:/o:suse:sll:7CVE-2017-3600SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
LowCVE-2017-3600 at SUSECVE-2017-3600 at NVDSUSE bug 1029014SUSE bug 1034850SUSE bug 1048715cpe:/o:suse:sll:7CVE-2017-3636SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
ModerateCVE-2017-3636 at SUSECVE-2017-3636 at NVDSUSE bug 1049399SUSE bug 1049422SUSE bug 1054591SUSE bug 1076506cpe:/o:suse:sll:7CVE-2017-3641SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2017-3641 at SUSECVE-2017-3641 at NVDSUSE bug 1049404SUSE bug 1049422SUSE bug 1054591SUSE bug 1076506cpe:/o:suse:sll:7CVE-2017-3651SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2017-3651 at SUSECVE-2017-3651 at NVDSUSE bug 1049415SUSE bug 1049422cpe:/o:suse:sll:7CVE-2017-3653SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
LowCVE-2017-3653 at SUSECVE-2017-3653 at NVDSUSE bug 1049417SUSE bug 1049422SUSE bug 1054591SUSE bug 1076506cpe:/o:suse:sll:7CVE-2017-3731SUSE Liberty Linux 7
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
ModerateCVE-2017-3731 at SUSECVE-2017-3731 at NVDSUSE bug 1021641SUSE bug 1022085SUSE bug 1064118SUSE bug 1064119cpe:/o:suse:sll:7CVE-2017-3735SUSE Liberty Linux 7
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
LowCVE-2017-3735 at SUSECVE-2017-3735 at NVDSUSE bug 1056058cpe:/o:suse:sll:7CVE-2017-3736SUSE Liberty Linux 7
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
ModerateCVE-2017-3736 at SUSECVE-2017-3736 at NVDSUSE bug 1066242SUSE bug 1071906SUSE bug 1076369SUSE bug 957814cpe:/o:suse:sll:7CVE-2017-3737SUSE Liberty Linux 7
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.
ModerateCVE-2017-3737 at SUSECVE-2017-3737 at NVDSUSE bug 1071905SUSE bug 1072322SUSE bug 1076369SUSE bug 1089987SUSE bug 1089997cpe:/o:suse:sll:7CVE-2017-3738SUSE Liberty Linux 7
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.
LowCVE-2017-3738 at SUSECVE-2017-3738 at NVDSUSE bug 1071906SUSE bug 1097757cpe:/o:suse:sll:7CVE-2017-5202SUSE Liberty Linux 7
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
ModerateCVE-2017-5202 at SUSECVE-2017-5202 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5203SUSE Liberty Linux 7
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
ModerateCVE-2017-5203 at SUSECVE-2017-5203 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5204SUSE Liberty Linux 7
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
ModerateCVE-2017-5204 at SUSECVE-2017-5204 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5205SUSE Liberty Linux 7
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
ModerateCVE-2017-5205 at SUSECVE-2017-5205 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5208SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
ImportantCVE-2017-5208 at SUSECVE-2017-5208 at NVDSUSE bug 1018756SUSE bug 1019328cpe:/o:suse:sll:7CVE-2017-5332SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
ImportantCVE-2017-5332 at SUSECVE-2017-5332 at NVDSUSE bug 1018756SUSE bug 1019328cpe:/o:suse:sll:7CVE-2017-5333SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
ImportantCVE-2017-5333 at SUSECVE-2017-5333 at NVDSUSE bug 1018756SUSE bug 1019328cpe:/o:suse:sll:7CVE-2017-5334SUSE Liberty Linux 7
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
ModerateCVE-2017-5334 at SUSECVE-2017-5334 at NVDSUSE bug 1018831cpe:/o:suse:sll:7CVE-2017-5335SUSE Liberty Linux 7
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
ModerateCVE-2017-5335 at SUSECVE-2017-5335 at NVDSUSE bug 1018832SUSE bug 1021057cpe:/o:suse:sll:7CVE-2017-5336SUSE Liberty Linux 7
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
ModerateCVE-2017-5336 at SUSECVE-2017-5336 at NVDSUSE bug 1018832SUSE bug 1021057cpe:/o:suse:sll:7CVE-2017-5337SUSE Liberty Linux 7
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
ModerateCVE-2017-5337 at SUSECVE-2017-5337 at NVDSUSE bug 1018832SUSE bug 1021057cpe:/o:suse:sll:7CVE-2017-5341SUSE Liberty Linux 7
The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
ModerateCVE-2017-5341 at SUSECVE-2017-5341 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5342SUSE Liberty Linux 7
In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
ModerateCVE-2017-5342 at SUSECVE-2017-5342 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5373SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ImportantCVE-2017-5373 at SUSECVE-2017-5373 at NVDSUSE bug 1021824SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5375SUSE Liberty Linux 7
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ImportantCVE-2017-5375 at SUSECVE-2017-5375 at NVDSUSE bug 1021814SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5376SUSE Liberty Linux 7
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ImportantCVE-2017-5376 at SUSECVE-2017-5376 at NVDSUSE bug 1021817SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5378SUSE Liberty Linux 7
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ModerateCVE-2017-5378 at SUSECVE-2017-5378 at NVDSUSE bug 1021818SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5380SUSE Liberty Linux 7
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ModerateCVE-2017-5380 at SUSECVE-2017-5380 at NVDSUSE bug 1021819SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5383SUSE Liberty Linux 7
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ModerateCVE-2017-5383 at SUSECVE-2017-5383 at NVDSUSE bug 1021822SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5386SUSE Liberty Linux 7
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
ModerateCVE-2017-5386 at SUSECVE-2017-5386 at NVDSUSE bug 1021823SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5390SUSE Liberty Linux 7
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ModerateCVE-2017-5390 at SUSECVE-2017-5390 at NVDSUSE bug 1021820SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5396SUSE Liberty Linux 7
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
ModerateCVE-2017-5396 at SUSECVE-2017-5396 at NVDSUSE bug 1021821SUSE bug 1021991cpe:/o:suse:sll:7CVE-2017-5398SUSE Liberty Linux 7
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5398 at SUSECVE-2017-5398 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5400SUSE Liberty Linux 7
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5400 at SUSECVE-2017-5400 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5401SUSE Liberty Linux 7
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5401 at SUSECVE-2017-5401 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5402SUSE Liberty Linux 7
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5402 at SUSECVE-2017-5402 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5404SUSE Liberty Linux 7
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5404 at SUSECVE-2017-5404 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5405SUSE Liberty Linux 7
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5405 at SUSECVE-2017-5405 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5407SUSE Liberty Linux 7
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5407 at SUSECVE-2017-5407 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5408SUSE Liberty Linux 7
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5408 at SUSECVE-2017-5408 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5410SUSE Liberty Linux 7
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
ModerateCVE-2017-5410 at SUSECVE-2017-5410 at NVDSUSE bug 1028391SUSE bug 1028393cpe:/o:suse:sll:7CVE-2017-5428SUSE Liberty Linux 7
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
ImportantCVE-2017-5428 at SUSECVE-2017-5428 at NVDSUSE bug 1029822cpe:/o:suse:sll:7CVE-2017-5429SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5429 at SUSECVE-2017-5429 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5430SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5430 at SUSECVE-2017-5430 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5432SUSE Liberty Linux 7
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5432 at SUSECVE-2017-5432 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5433SUSE Liberty Linux 7
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5433 at SUSECVE-2017-5433 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5434SUSE Liberty Linux 7
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5434 at SUSECVE-2017-5434 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5435SUSE Liberty Linux 7
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5435 at SUSECVE-2017-5435 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5436SUSE Liberty Linux 7
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5436 at SUSECVE-2017-5436 at NVDSUSE bug 1035082SUSE bug 1035204cpe:/o:suse:sll:7CVE-2017-5437SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a duplicate of CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. Notes: All CVE users should reference CVE-2016-10195, CVE-2016-10196, and/or CVE-2016-10197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
ImportantCVE-2017-5437 at SUSECVE-2017-5437 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5438SUSE Liberty Linux 7
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5438 at SUSECVE-2017-5438 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5439SUSE Liberty Linux 7
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5439 at SUSECVE-2017-5439 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5440SUSE Liberty Linux 7
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5440 at SUSECVE-2017-5440 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5441SUSE Liberty Linux 7
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5441 at SUSECVE-2017-5441 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5442SUSE Liberty Linux 7
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5442 at SUSECVE-2017-5442 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5443SUSE Liberty Linux 7
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5443 at SUSECVE-2017-5443 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5444SUSE Liberty Linux 7
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5444 at SUSECVE-2017-5444 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5445SUSE Liberty Linux 7
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5445 at SUSECVE-2017-5445 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5446SUSE Liberty Linux 7
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5446 at SUSECVE-2017-5446 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5447SUSE Liberty Linux 7
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5447 at SUSECVE-2017-5447 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5448SUSE Liberty Linux 7
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5448 at SUSECVE-2017-5448 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5449SUSE Liberty Linux 7
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5449 at SUSECVE-2017-5449 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5451SUSE Liberty Linux 7
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5451 at SUSECVE-2017-5451 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5454SUSE Liberty Linux 7
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
LowCVE-2017-5454 at SUSECVE-2017-5454 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5455SUSE Liberty Linux 7
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
ModerateCVE-2017-5455 at SUSECVE-2017-5455 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5456SUSE Liberty Linux 7
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
ModerateCVE-2017-5456 at SUSECVE-2017-5456 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5459SUSE Liberty Linux 7
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5459 at SUSECVE-2017-5459 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5460SUSE Liberty Linux 7
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5460 at SUSECVE-2017-5460 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5461SUSE Liberty Linux 7
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
ImportantCVE-2017-5461 at SUSECVE-2017-5461 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5464SUSE Liberty Linux 7
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5464 at SUSECVE-2017-5464 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5465SUSE Liberty Linux 7
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5465 at SUSECVE-2017-5465 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5466SUSE Liberty Linux 7
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5466 at SUSECVE-2017-5466 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5467SUSE Liberty Linux 7
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5467 at SUSECVE-2017-5467 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5469SUSE Liberty Linux 7
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
ModerateCVE-2017-5469 at SUSECVE-2017-5469 at NVDSUSE bug 1035082SUSE bug 1035209cpe:/o:suse:sll:7CVE-2017-5470SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-5470 at SUSECVE-2017-5470 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-5472SUSE Liberty Linux 7
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-5472 at SUSECVE-2017-5472 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-5482SUSE Liberty Linux 7
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.
ModerateCVE-2017-5482 at SUSECVE-2017-5482 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5483SUSE Liberty Linux 7
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
ModerateCVE-2017-5483 at SUSECVE-2017-5483 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5484SUSE Liberty Linux 7
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
ModerateCVE-2017-5484 at SUSECVE-2017-5484 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5485SUSE Liberty Linux 7
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
ModerateCVE-2017-5485 at SUSECVE-2017-5485 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5486SUSE Liberty Linux 7
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
ModerateCVE-2017-5486 at SUSECVE-2017-5486 at NVDSUSE bug 1020940cpe:/o:suse:sll:7CVE-2017-5581SUSE Liberty Linux 7
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.
ModerateCVE-2017-5581 at SUSECVE-2017-5581 at NVDSUSE bug 1019274SUSE bug 1021302cpe:/o:suse:sll:7CVE-2017-5645SUSE Liberty Linux 7
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
ModerateCVE-2017-5645 at SUSECVE-2017-5645 at NVDSUSE bug 1034569SUSE bug 1159646cpe:/o:suse:sll:7CVE-2017-5647SUSE Liberty Linux 7
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
ImportantCVE-2017-5647 at SUSECVE-2017-5647 at NVDSUSE bug 1033448cpe:/o:suse:sll:7CVE-2017-5648SUSE Liberty Linux 7
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.
LowCVE-2017-5648 at SUSECVE-2017-5648 at NVDSUSE bug 1033447cpe:/o:suse:sll:7CVE-2017-5664SUSE Liberty Linux 7
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
ImportantCVE-2017-5664 at SUSECVE-2017-5664 at NVDSUSE bug 1042910cpe:/o:suse:sll:7CVE-2017-5715SUSE Liberty Linux 7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
ImportantCVE-2017-5715 at SUSECVE-2017-5715 at NVDSUSE bug 1068032SUSE bug 1074562SUSE bug 1074578SUSE bug 1074701SUSE bug 1074741SUSE bug 1074919SUSE bug 1075006SUSE bug 1075007SUSE bug 1075262SUSE bug 1075419SUSE bug 1076115SUSE bug 1076372SUSE bug 1076606SUSE bug 1078353SUSE bug 1080039SUSE bug 1087887SUSE bug 1087939SUSE bug 1088147SUSE bug 1089055SUSE bug 1091815SUSE bug 1095735SUSE bug 1102517SUSE bug 1105108SUSE bug 1126516SUSE bug 1173489SUSE bug 1178658SUSE bug 1201457SUSE bug 1201877SUSE bug 1203236cpe:/o:suse:sll:7CVE-2017-5731SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
ImportantCVE-2017-5731 at SUSECVE-2017-5731 at NVDSUSE bug 1115917cpe:/o:suse:sll:7CVE-2017-5732SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none
ModerateCVE-2017-5732 at SUSECVE-2017-5732 at NVDSUSE bug 1115917cpe:/o:suse:sll:7CVE-2017-5733SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none
ModerateCVE-2017-5733 at SUSECVE-2017-5733 at NVDSUSE bug 1115917cpe:/o:suse:sll:7CVE-2017-5734SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
ModerateCVE-2017-5734 at SUSECVE-2017-5734 at NVDSUSE bug 1115917cpe:/o:suse:sll:7CVE-2017-5735SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none
ModerateCVE-2017-5735 at SUSECVE-2017-5735 at NVDSUSE bug 1115917cpe:/o:suse:sll:7CVE-2017-5753SUSE Liberty Linux 7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
ImportantCVE-2017-5753 at SUSECVE-2017-5753 at NVDSUSE bug 1068032SUSE bug 1074562SUSE bug 1074578SUSE bug 1074701SUSE bug 1075006SUSE bug 1075419SUSE bug 1075748SUSE bug 1080039SUSE bug 1087084SUSE bug 1087939SUSE bug 1089055SUSE bug 1136865SUSE bug 1178658SUSE bug 1201877SUSE bug 1209547cpe:/o:suse:sll:7CVE-2017-5754SUSE Liberty Linux 7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
ImportantCVE-2017-5754 at SUSECVE-2017-5754 at NVDSUSE bug 1068032SUSE bug 1074562SUSE bug 1074578SUSE bug 1074701SUSE bug 1075006SUSE bug 1075008SUSE bug 1087939SUSE bug 1089055SUSE bug 1115045SUSE bug 1136865SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2017-5837SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
LowCVE-2017-5837 at SUSECVE-2017-5837 at NVDSUSE bug 1023259SUSE bug 1024076SUSE bug 1024079cpe:/o:suse:sll:7CVE-2017-5838SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
ModerateCVE-2017-5838 at SUSECVE-2017-5838 at NVDSUSE bug 1023259SUSE bug 1024051cpe:/o:suse:sll:7CVE-2017-5839SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
LowCVE-2017-5839 at SUSECVE-2017-5839 at NVDSUSE bug 1023259SUSE bug 1024047cpe:/o:suse:sll:7CVE-2017-5840SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
LowCVE-2017-5840 at SUSECVE-2017-5840 at NVDSUSE bug 1023259SUSE bug 1024034cpe:/o:suse:sll:7CVE-2017-5841SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
LowCVE-2017-5841 at SUSECVE-2017-5841 at NVDSUSE bug 1023259SUSE bug 1024030SUSE bug 1024062cpe:/o:suse:sll:7CVE-2017-5842SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
LowCVE-2017-5842 at SUSECVE-2017-5842 at NVDSUSE bug 1023259SUSE bug 1024041cpe:/o:suse:sll:7CVE-2017-5843SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
LowCVE-2017-5843 at SUSECVE-2017-5843 at NVDSUSE bug 1023259SUSE bug 1024044cpe:/o:suse:sll:7CVE-2017-5844SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
LowCVE-2017-5844 at SUSECVE-2017-5844 at NVDSUSE bug 1023259SUSE bug 1024079cpe:/o:suse:sll:7CVE-2017-5845SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
LowCVE-2017-5845 at SUSECVE-2017-5845 at NVDSUSE bug 1023259SUSE bug 1024062cpe:/o:suse:sll:7CVE-2017-5848SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
LowCVE-2017-5848 at SUSECVE-2017-5848 at NVDSUSE bug 1023259SUSE bug 1024068cpe:/o:suse:sll:7CVE-2017-5884SUSE Liberty Linux 7
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
LowCVE-2017-5884 at SUSECVE-2017-5884 at NVDSUSE bug 1024266cpe:/o:suse:sll:7CVE-2017-5885SUSE Liberty Linux 7
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
LowCVE-2017-5885 at SUSECVE-2017-5885 at NVDSUSE bug 1024268cpe:/o:suse:sll:7CVE-2017-5898SUSE Liberty Linux 7
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
ModerateCVE-2017-5898 at SUSECVE-2017-5898 at NVDSUSE bug 1023907SUSE bug 1024307cpe:/o:suse:sll:7CVE-2017-5970SUSE Liberty Linux 7
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
ModerateCVE-2017-5970 at SUSECVE-2017-5970 at NVDSUSE bug 1024938SUSE bug 1025013SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-5986SUSE Liberty Linux 7
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
ModerateCVE-2017-5986 at SUSECVE-2017-5986 at NVDSUSE bug 1025235SUSE bug 1027066cpe:/o:suse:sll:7CVE-2017-6001SUSE Liberty Linux 7
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
ModerateCVE-2017-6001 at SUSECVE-2017-6001 at NVDSUSE bug 1015160SUSE bug 1025626cpe:/o:suse:sll:7CVE-2017-6009SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.
ModerateCVE-2017-6009 at SUSECVE-2017-6009 at NVDSUSE bug 1025703cpe:/o:suse:sll:7CVE-2017-6010SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.
ModerateCVE-2017-6010 at SUSECVE-2017-6010 at NVDSUSE bug 1025700cpe:/o:suse:sll:7CVE-2017-6011SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
ModerateCVE-2017-6011 at SUSECVE-2017-6011 at NVDSUSE bug 1025700cpe:/o:suse:sll:7CVE-2017-6059SUSE Liberty Linux 7
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
ImportantCVE-2017-6059 at SUSECVE-2017-6059 at NVDcpe:/o:suse:sll:7CVE-2017-6074SUSE Liberty Linux 7
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
ImportantCVE-2017-6074 at SUSECVE-2017-6074 at NVDSUSE bug 1026024SUSE bug 1072204cpe:/o:suse:sll:7CVE-2017-6214SUSE Liberty Linux 7
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
ModerateCVE-2017-6214 at SUSECVE-2017-6214 at NVDSUSE bug 1026722SUSE bug 1027179SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-6413SUSE Liberty Linux 7
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
ImportantCVE-2017-6413 at SUSECVE-2017-6413 at NVDcpe:/o:suse:sll:7CVE-2017-6462SUSE Liberty Linux 7
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
ModerateCVE-2017-6462 at SUSECVE-2017-6462 at NVDSUSE bug 1030050SUSE bug 1038049SUSE bug 1044525cpe:/o:suse:sll:7CVE-2017-6463SUSE Liberty Linux 7
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
ModerateCVE-2017-6463 at SUSECVE-2017-6463 at NVDSUSE bug 1030050SUSE bug 1038049SUSE bug 1044525cpe:/o:suse:sll:7CVE-2017-6464SUSE Liberty Linux 7
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
ModerateCVE-2017-6464 at SUSECVE-2017-6464 at NVDSUSE bug 1030050SUSE bug 1038049SUSE bug 1044525cpe:/o:suse:sll:7CVE-2017-6519SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
ModerateCVE-2017-6519 at SUSECVE-2017-6519 at NVDSUSE bug 1037001cpe:/o:suse:sll:7CVE-2017-6951SUSE Liberty Linux 7
The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type.
LowCVE-2017-6951 at SUSECVE-2017-6951 at NVDSUSE bug 1029850SUSE bug 1030593cpe:/o:suse:sll:7CVE-2017-7184SUSE Liberty Linux 7
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
ModerateCVE-2017-7184 at SUSECVE-2017-7184 at NVDSUSE bug 1030573SUSE bug 1030575SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-7187SUSE Liberty Linux 7
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.
ModerateCVE-2017-7187 at SUSECVE-2017-7187 at NVDSUSE bug 1027179SUSE bug 1030213SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-7207SUSE Liberty Linux 7
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
LowCVE-2017-7207 at SUSECVE-2017-7207 at NVDSUSE bug 1030263SUSE bug 1036453cpe:/o:suse:sll:7CVE-2017-7294SUSE Liberty Linux 7
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.
ModerateCVE-2017-7294 at SUSECVE-2017-7294 at NVDSUSE bug 1027179SUSE bug 1031440SUSE bug 1031481SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-7308SUSE Liberty Linux 7
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
ModerateCVE-2017-7308 at SUSECVE-2017-7308 at NVDSUSE bug 1027179SUSE bug 1031579SUSE bug 1031660SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-7392SUSE Liberty Linux 7
In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.
LowCVE-2017-7392 at SUSECVE-2017-7392 at NVDSUSE bug 1031886cpe:/o:suse:sll:7CVE-2017-7393SUSE Liberty Linux 7
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
ModerateCVE-2017-7393 at SUSECVE-2017-7393 at NVDSUSE bug 1031875SUSE bug 1031879cpe:/o:suse:sll:7CVE-2017-7394SUSE Liberty Linux 7
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.
ModerateCVE-2017-7394 at SUSECVE-2017-7394 at NVDSUSE bug 1031879cpe:/o:suse:sll:7CVE-2017-7395SUSE Liberty Linux 7
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
ModerateCVE-2017-7395 at SUSECVE-2017-7395 at NVDSUSE bug 1031877cpe:/o:suse:sll:7CVE-2017-7396SUSE Liberty Linux 7
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
LowCVE-2017-7396 at SUSECVE-2017-7396 at NVDSUSE bug 1031886cpe:/o:suse:sll:7CVE-2017-7472SUSE Liberty Linux 7
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
ModerateCVE-2017-7472 at SUSECVE-2017-7472 at NVDSUSE bug 1034862cpe:/o:suse:sll:7CVE-2017-7477SUSE Liberty Linux 7
Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.
ModerateCVE-2017-7477 at SUSECVE-2017-7477 at NVDSUSE bug 1035823cpe:/o:suse:sll:7CVE-2017-7484SUSE Liberty Linux 7
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
ModerateCVE-2017-7484 at SUSECVE-2017-7484 at NVDSUSE bug 1037603SUSE bug 1051015cpe:/o:suse:sll:7CVE-2017-7486SUSE Liberty Linux 7
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
ModerateCVE-2017-7486 at SUSECVE-2017-7486 at NVDSUSE bug 1037624SUSE bug 1051015SUSE bug 1051685cpe:/o:suse:sll:7CVE-2017-7488SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
ModerateCVE-2017-7488 at SUSECVE-2017-7488 at NVDcpe:/o:suse:sll:7CVE-2017-7494SUSE Liberty Linux 7
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
ImportantCVE-2017-7494 at SUSECVE-2017-7494 at NVDSUSE bug 1038231cpe:/o:suse:sll:7CVE-2017-7502SUSE Liberty Linux 7
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
ImportantCVE-2017-7502 at SUSECVE-2017-7502 at NVDSUSE bug 1041603cpe:/o:suse:sll:7CVE-2017-7506SUSE Liberty Linux 7
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
ImportantCVE-2017-7506 at SUSECVE-2017-7506 at NVDSUSE bug 1046779SUSE bug 1047730cpe:/o:suse:sll:7CVE-2017-7507SUSE Liberty Linux 7
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
ImportantCVE-2017-7507 at SUSECVE-2017-7507 at NVDSUSE bug 1043398cpe:/o:suse:sll:7CVE-2017-7518SUSE Liberty Linux 7
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
ModerateCVE-2017-7518 at SUSECVE-2017-7518 at NVDSUSE bug 1045922SUSE bug 1087082cpe:/o:suse:sll:7CVE-2017-7533SUSE Liberty Linux 7
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
ImportantCVE-2017-7533 at SUSECVE-2017-7533 at NVDSUSE bug 1049483SUSE bug 1050677SUSE bug 1050751SUSE bug 1053919cpe:/o:suse:sll:7CVE-2017-7537SUSE Liberty Linux 7
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
ImportantCVE-2017-7537 at SUSECVE-2017-7537 at NVDcpe:/o:suse:sll:7CVE-2017-7541SUSE Liberty Linux 7
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.
ModerateCVE-2017-7541 at SUSECVE-2017-7541 at NVDSUSE bug 1049645cpe:/o:suse:sll:7CVE-2017-7542SUSE Liberty Linux 7
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
ModerateCVE-2017-7542 at SUSECVE-2017-7542 at NVDSUSE bug 1049882SUSE bug 1061936cpe:/o:suse:sll:7CVE-2017-7546SUSE Liberty Linux 7
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
ModerateCVE-2017-7546 at SUSECVE-2017-7546 at NVDSUSE bug 1051684SUSE bug 1054365SUSE bug 1140876cpe:/o:suse:sll:7CVE-2017-7547SUSE Liberty Linux 7
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
ModerateCVE-2017-7547 at SUSECVE-2017-7547 at NVDSUSE bug 1051685SUSE bug 1054365SUSE bug 1140876cpe:/o:suse:sll:7CVE-2017-7555SUSE Liberty Linux 7
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
ModerateCVE-2017-7555 at SUSECVE-2017-7555 at NVDSUSE bug 1054171cpe:/o:suse:sll:7CVE-2017-7558SUSE Liberty Linux 7
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
ModerateCVE-2017-7558 at SUSECVE-2017-7558 at NVDSUSE bug 1053919SUSE bug 1055300cpe:/o:suse:sll:7CVE-2017-7562SUSE Liberty Linux 7
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
ModerateCVE-2017-7562 at SUSECVE-2017-7562 at NVDSUSE bug 1055851SUSE bug 1056995cpe:/o:suse:sll:7CVE-2017-7616SUSE Liberty Linux 7
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
ModerateCVE-2017-7616 at SUSECVE-2017-7616 at NVDSUSE bug 1033336cpe:/o:suse:sll:7CVE-2017-7645SUSE Liberty Linux 7
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
ImportantCVE-2017-7645 at SUSECVE-2017-7645 at NVDSUSE bug 1034670SUSE bug 1036741SUSE bug 1046191SUSE bug 1087082cpe:/o:suse:sll:7CVE-2017-7668SUSE Liberty Linux 7
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
CriticalCVE-2017-7668 at SUSECVE-2017-7668 at NVDSUSE bug 1045061SUSE bug 1078450cpe:/o:suse:sll:7CVE-2017-7674SUSE Liberty Linux 7
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
ModerateCVE-2017-7674 at SUSECVE-2017-7674 at NVDSUSE bug 1053352cpe:/o:suse:sll:7CVE-2017-7679SUSE Liberty Linux 7
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
ModerateCVE-2017-7679 at SUSECVE-2017-7679 at NVDSUSE bug 1045060SUSE bug 1057861SUSE bug 1078450cpe:/o:suse:sll:7CVE-2017-7718SUSE Liberty Linux 7
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
ModerateCVE-2017-7718 at SUSECVE-2017-7718 at NVDSUSE bug 1034908SUSE bug 1034994SUSE bug 1178658cpe:/o:suse:sll:7CVE-2017-7749SUSE Liberty Linux 7
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7749 at SUSECVE-2017-7749 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7750SUSE Liberty Linux 7
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7750 at SUSECVE-2017-7750 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7751SUSE Liberty Linux 7
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7751 at SUSECVE-2017-7751 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7752SUSE Liberty Linux 7
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7752 at SUSECVE-2017-7752 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7753SUSE Liberty Linux 7
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7753 at SUSECVE-2017-7753 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7754SUSE Liberty Linux 7
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7754 at SUSECVE-2017-7754 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7756SUSE Liberty Linux 7
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7756 at SUSECVE-2017-7756 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7757SUSE Liberty Linux 7
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7757 at SUSECVE-2017-7757 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7758SUSE Liberty Linux 7
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7758 at SUSECVE-2017-7758 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7762SUSE Liberty Linux 7
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.
ImportantCVE-2017-7762 at SUSECVE-2017-7762 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7764SUSE Liberty Linux 7
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7764 at SUSECVE-2017-7764 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7771SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
ImportantCVE-2017-7771 at SUSECVE-2017-7771 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7772SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
ImportantCVE-2017-7772 at SUSECVE-2017-7772 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7773SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
ImportantCVE-2017-7773 at SUSECVE-2017-7773 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7774SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
ImportantCVE-2017-7774 at SUSECVE-2017-7774 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7775SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
ImportantCVE-2017-7775 at SUSECVE-2017-7775 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7776SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
ImportantCVE-2017-7776 at SUSECVE-2017-7776 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7777SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
ImportantCVE-2017-7777 at SUSECVE-2017-7777 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7778SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
ImportantCVE-2017-7778 at SUSECVE-2017-7778 at NVDSUSE bug 1043960SUSE bug 1044239SUSE bug 1044240SUSE bug 1044241SUSE bug 1044242cpe:/o:suse:sll:7CVE-2017-7779SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7779 at SUSECVE-2017-7779 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7784SUSE Liberty Linux 7
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7784 at SUSECVE-2017-7784 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7785SUSE Liberty Linux 7
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7785 at SUSECVE-2017-7785 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7786SUSE Liberty Linux 7
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7786 at SUSECVE-2017-7786 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7787SUSE Liberty Linux 7
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7787 at SUSECVE-2017-7787 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7791SUSE Liberty Linux 7
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7791 at SUSECVE-2017-7791 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7792SUSE Liberty Linux 7
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7792 at SUSECVE-2017-7792 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7793SUSE Liberty Linux 7
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7793 at SUSECVE-2017-7793 at NVDSUSE bug 1060445cpe:/o:suse:sll:7CVE-2017-7798SUSE Liberty Linux 7
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.
ImportantCVE-2017-7798 at SUSECVE-2017-7798 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7800SUSE Liberty Linux 7
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7800 at SUSECVE-2017-7800 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7801SUSE Liberty Linux 7
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7801 at SUSECVE-2017-7801 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7802SUSE Liberty Linux 7
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7802 at SUSECVE-2017-7802 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7803SUSE Liberty Linux 7
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7803 at SUSECVE-2017-7803 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7805SUSE Liberty Linux 7
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7805 at SUSECVE-2017-7805 at NVDSUSE bug 1060445SUSE bug 1061005cpe:/o:suse:sll:7CVE-2017-7807SUSE Liberty Linux 7
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7807 at SUSECVE-2017-7807 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7809SUSE Liberty Linux 7
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ImportantCVE-2017-7809 at SUSECVE-2017-7809 at NVDSUSE bug 1052829cpe:/o:suse:sll:7CVE-2017-7810SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7810 at SUSECVE-2017-7810 at NVDSUSE bug 1060445cpe:/o:suse:sll:7CVE-2017-7814SUSE Liberty Linux 7
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7814 at SUSECVE-2017-7814 at NVDSUSE bug 1060445cpe:/o:suse:sll:7CVE-2017-7818SUSE Liberty Linux 7
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7818 at SUSECVE-2017-7818 at NVDSUSE bug 1060445cpe:/o:suse:sll:7CVE-2017-7819SUSE Liberty Linux 7
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7819 at SUSECVE-2017-7819 at NVDSUSE bug 1060445cpe:/o:suse:sll:7CVE-2017-7823SUSE Liberty Linux 7
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7823 at SUSECVE-2017-7823 at NVDSUSE bug 1060445cpe:/o:suse:sll:7CVE-2017-7824SUSE Liberty Linux 7
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ImportantCVE-2017-7824 at SUSECVE-2017-7824 at NVDSUSE bug 1060445cpe:/o:suse:sll:7CVE-2017-7826SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
ModerateCVE-2017-7826 at SUSECVE-2017-7826 at NVDSUSE bug 1068101cpe:/o:suse:sll:7CVE-2017-7828SUSE Liberty Linux 7
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
ModerateCVE-2017-7828 at SUSECVE-2017-7828 at NVDSUSE bug 1068101cpe:/o:suse:sll:7CVE-2017-7829SUSE Liberty Linux 7
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
ModerateCVE-2017-7829 at SUSECVE-2017-7829 at NVDSUSE bug 1071236SUSE bug 1074046cpe:/o:suse:sll:7CVE-2017-7830SUSE Liberty Linux 7
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
ModerateCVE-2017-7830 at SUSECVE-2017-7830 at NVDSUSE bug 1068101cpe:/o:suse:sll:7CVE-2017-7843SUSE Liberty Linux 7
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
ModerateCVE-2017-7843 at SUSECVE-2017-7843 at NVDSUSE bug 1072034cpe:/o:suse:sll:7CVE-2017-7846SUSE Liberty Linux 7
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.
ImportantCVE-2017-7846 at SUSECVE-2017-7846 at NVDSUSE bug 1074043cpe:/o:suse:sll:7CVE-2017-7847SUSE Liberty Linux 7
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
ModerateCVE-2017-7847 at SUSECVE-2017-7847 at NVDSUSE bug 1074044cpe:/o:suse:sll:7CVE-2017-7848SUSE Liberty Linux 7
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
ModerateCVE-2017-7848 at SUSECVE-2017-7848 at NVDSUSE bug 1074045cpe:/o:suse:sll:7CVE-2017-7869SUSE Liberty Linux 7
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
CriticalCVE-2017-7869 at SUSECVE-2017-7869 at NVDSUSE bug 1034173SUSE bug 1038337SUSE bug 1049210SUSE bug 1149679cpe:/o:suse:sll:7CVE-2017-7889SUSE Liberty Linux 7
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
ModerateCVE-2017-7889 at SUSECVE-2017-7889 at NVDSUSE bug 1034405cpe:/o:suse:sll:7CVE-2017-7890SUSE Liberty Linux 7
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
LowCVE-2017-7890 at SUSECVE-2017-7890 at NVDSUSE bug 1050241cpe:/o:suse:sll:7CVE-2017-7895SUSE Liberty Linux 7
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
ModerateCVE-2017-7895 at SUSECVE-2017-7895 at NVDSUSE bug 1034670SUSE bug 1036741cpe:/o:suse:sll:7CVE-2017-7980SUSE Liberty Linux 7
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
ModerateCVE-2017-7980 at SUSECVE-2017-7980 at NVDSUSE bug 1035406SUSE bug 1035483cpe:/o:suse:sll:7CVE-2017-8291SUSE Liberty Linux 7
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
ModerateCVE-2017-8291 at SUSECVE-2017-8291 at NVDSUSE bug 1036453cpe:/o:suse:sll:7CVE-2017-8386SUSE Liberty Linux 7
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
ModerateCVE-2017-8386 at SUSECVE-2017-8386 at NVDSUSE bug 1038395cpe:/o:suse:sll:7CVE-2017-8422SUSE Liberty Linux 7
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
ImportantCVE-2017-8422 at SUSECVE-2017-8422 at NVDSUSE bug 1033300SUSE bug 1036244SUSE bug 1041511SUSE bug 749065SUSE bug 869959cpe:/o:suse:sll:7CVE-2017-8779SUSE Liberty Linux 7
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
ImportantCVE-2017-8779 at SUSECVE-2017-8779 at NVDSUSE bug 1037559SUSE bug 1037930SUSE bug 1101814SUSE bug 798028cpe:/o:suse:sll:7CVE-2017-8797SUSE Liberty Linux 7
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.
ImportantCVE-2017-8797 at SUSECVE-2017-8797 at NVDSUSE bug 1046202SUSE bug 1046206cpe:/o:suse:sll:7CVE-2017-8824SUSE Liberty Linux 7
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
ImportantCVE-2017-8824 at SUSECVE-2017-8824 at NVDSUSE bug 1070771SUSE bug 1076734SUSE bug 1092904SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-8890SUSE Liberty Linux 7
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
ImportantCVE-2017-8890 at SUSECVE-2017-8890 at NVDSUSE bug 1038544SUSE bug 1038564SUSE bug 1039883SUSE bug 1039885SUSE bug 1040069SUSE bug 1042364SUSE bug 1051906SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-8932SUSE Liberty Linux 7
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
ModerateCVE-2017-8932 at SUSECVE-2017-8932 at NVDSUSE bug 1040618cpe:/o:suse:sll:7CVE-2017-9074SUSE Liberty Linux 7
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
ModerateCVE-2017-9074 at SUSECVE-2017-9074 at NVDSUSE bug 1039882SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-9075SUSE Liberty Linux 7
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
ModerateCVE-2017-9075 at SUSECVE-2017-9075 at NVDSUSE bug 1038544SUSE bug 1039883SUSE bug 1051906SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-9076SUSE Liberty Linux 7
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
ModerateCVE-2017-9076 at SUSECVE-2017-9076 at NVDSUSE bug 1038544SUSE bug 1039885SUSE bug 1040069SUSE bug 1051906SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-9077SUSE Liberty Linux 7
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
ModerateCVE-2017-9077 at SUSECVE-2017-9077 at NVDSUSE bug 1038544SUSE bug 1040069SUSE bug 1042364SUSE bug 1115893cpe:/o:suse:sll:7CVE-2017-9148SUSE Liberty Linux 7
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
ImportantCVE-2017-9148 at SUSECVE-2017-9148 at NVDSUSE bug 1041445SUSE bug 1046141cpe:/o:suse:sll:7CVE-2017-9242SUSE Liberty Linux 7
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
ImportantCVE-2017-9242 at SUSECVE-2017-9242 at NVDSUSE bug 1041431SUSE bug 1042892cpe:/o:suse:sll:7CVE-2017-9287SUSE Liberty Linux 7
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
ModerateCVE-2017-9287 at SUSECVE-2017-9287 at NVDSUSE bug 1041764cpe:/o:suse:sll:7CVE-2017-9461SUSE Liberty Linux 7
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
ModerateCVE-2017-9461 at SUSECVE-2017-9461 at NVDcpe:/o:suse:sll:7CVE-2017-9462SUSE Liberty Linux 7
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
ImportantCVE-2017-9462 at SUSECVE-2017-9462 at NVDSUSE bug 1043063cpe:/o:suse:sll:7CVE-2017-9524SUSE Liberty Linux 7
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
ModerateCVE-2017-9524 at SUSECVE-2017-9524 at NVDSUSE bug 1043808cpe:/o:suse:sll:7CVE-2017-9725SUSE Liberty Linux 7
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
ModerateCVE-2017-9725 at SUSECVE-2017-9725 at NVDSUSE bug 1057481cpe:/o:suse:sll:7CVE-2017-9775SUSE Liberty Linux 7
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
ModerateCVE-2017-9775 at SUSECVE-2017-9775 at NVDSUSE bug 1045719cpe:/o:suse:sll:7CVE-2017-9776SUSE Liberty Linux 7
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
ModerateCVE-2017-9776 at SUSECVE-2017-9776 at NVDSUSE bug 1045721cpe:/o:suse:sll:7CVE-2017-9788SUSE Liberty Linux 7
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
ModerateCVE-2017-9788 at SUSECVE-2017-9788 at NVDSUSE bug 1048576cpe:/o:suse:sll:7CVE-2017-9798SUSE Liberty Linux 7
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
ModerateCVE-2017-9798 at SUSECVE-2017-9798 at NVDSUSE bug 1058058SUSE bug 1060757SUSE bug 1077582SUSE bug 1078450SUSE bug 1089997cpe:/o:suse:sll:7CVE-2017-9800SUSE Liberty Linux 7
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.
ImportantCVE-2017-9800 at SUSECVE-2017-9800 at NVDSUSE bug 1051362SUSE bug 1052481SUSE bug 1052696SUSE bug 1052932SUSE bug 1053364SUSE bug 1054653SUSE bug 1066430SUSE bug 1071709SUSE bug 1128150cpe:/o:suse:sll:7CVE-2018-0494SUSE Liberty Linux 7
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
ModerateCVE-2018-0494 at SUSECVE-2018-0494 at NVDSUSE bug 1092061SUSE bug 1123797SUSE bug 1159418cpe:/o:suse:sll:7CVE-2018-0495SUSE Liberty Linux 7
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
ModerateCVE-2018-0495 at SUSECVE-2018-0495 at NVDSUSE bug 1097410SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-0618SUSE Liberty Linux 7
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
ModerateCVE-2018-0618 at SUSECVE-2018-0618 at NVDSUSE bug 1099510cpe:/o:suse:sll:7CVE-2018-0732SUSE Liberty Linux 7
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
ModerateCVE-2018-0732 at SUSECVE-2018-0732 at NVDSUSE bug 1077628SUSE bug 1087102SUSE bug 1097158SUSE bug 1099502SUSE bug 1106692SUSE bug 1108542SUSE bug 1110163SUSE bug 1112097SUSE bug 1122198SUSE bug 1148697cpe:/o:suse:sll:7CVE-2018-0734SUSE Liberty Linux 7
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
ModerateCVE-2018-0734 at SUSECVE-2018-0734 at NVDSUSE bug 1113534SUSE bug 1113652SUSE bug 1113742SUSE bug 1122198SUSE bug 1122212SUSE bug 1126909SUSE bug 1148697cpe:/o:suse:sll:7CVE-2018-0737SUSE Liberty Linux 7
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
ModerateCVE-2018-0737 at SUSECVE-2018-0737 at NVDSUSE bug 1089039SUSE bug 1089041SUSE bug 1089044SUSE bug 1089045SUSE bug 1108542SUSE bug 1123780SUSE bug 1126909cpe:/o:suse:sll:7CVE-2018-0739SUSE Liberty Linux 7
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
ModerateCVE-2018-0739 at SUSECVE-2018-0739 at NVDSUSE bug 1087102SUSE bug 1089997SUSE bug 1094291SUSE bug 1108542cpe:/o:suse:sll:7CVE-2018-1000001SUSE Liberty Linux 7
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
ImportantCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDSUSE bug 1074293SUSE bug 1099047SUSE bug 1123874cpe:/o:suse:sll:7CVE-2018-1000004SUSE Liberty Linux 7
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
ModerateCVE-2018-1000004 at SUSECVE-2018-1000004 at NVDSUSE bug 1076017SUSE bug 1091815cpe:/o:suse:sll:7CVE-2018-1000007SUSE Liberty Linux 7
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
ModerateCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDSUSE bug 1077001SUSE bug 1145903SUSE bug 1185551SUSE bug 1192797SUSE bug 1198766cpe:/o:suse:sll:7CVE-2018-1000024SUSE Liberty Linux 7
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
ModerateCVE-2018-1000024 at SUSECVE-2018-1000024 at NVDSUSE bug 1077003cpe:/o:suse:sll:7CVE-2018-1000026SUSE Liberty Linux 7
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
ImportantCVE-2018-1000026 at SUSECVE-2018-1000026 at NVDSUSE bug 1079384SUSE bug 1087082SUSE bug 1096723cpe:/o:suse:sll:7CVE-2018-1000027SUSE Liberty Linux 7
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
ModerateCVE-2018-1000027 at SUSECVE-2018-1000027 at NVDSUSE bug 1077006cpe:/o:suse:sll:7CVE-2018-1000073SUSE Liberty Linux 7
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.
ModerateCVE-2018-1000073 at SUSECVE-2018-1000073 at NVDSUSE bug 1082007cpe:/o:suse:sll:7CVE-2018-1000074SUSE Liberty Linux 7
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.
ImportantCVE-2018-1000074 at SUSECVE-2018-1000074 at NVDSUSE bug 1082008SUSE bug 1175764cpe:/o:suse:sll:7CVE-2018-1000075SUSE Liberty Linux 7
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.
LowCVE-2018-1000075 at SUSECVE-2018-1000075 at NVDSUSE bug 1082014cpe:/o:suse:sll:7CVE-2018-1000076SUSE Liberty Linux 7
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.
ModerateCVE-2018-1000076 at SUSECVE-2018-1000076 at NVDSUSE bug 1082009cpe:/o:suse:sll:7CVE-2018-1000077SUSE Liberty Linux 7
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.
ModerateCVE-2018-1000077 at SUSECVE-2018-1000077 at NVDSUSE bug 1082010SUSE bug 1183937cpe:/o:suse:sll:7CVE-2018-1000078SUSE Liberty Linux 7
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.
ModerateCVE-2018-1000078 at SUSECVE-2018-1000078 at NVDSUSE bug 1082011cpe:/o:suse:sll:7CVE-2018-1000079SUSE Liberty Linux 7
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.
ModerateCVE-2018-1000079 at SUSECVE-2018-1000079 at NVDSUSE bug 1082058cpe:/o:suse:sll:7CVE-2018-1000119SUSE Liberty Linux 7
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.
ModerateCVE-2018-1000119 at SUSECVE-2018-1000119 at NVDSUSE bug 1084436cpe:/o:suse:sll:7CVE-2018-1000120SUSE Liberty Linux 7
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
ModerateCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDSUSE bug 1084521SUSE bug 1101811SUSE bug 1112526cpe:/o:suse:sll:7CVE-2018-1000121SUSE Liberty Linux 7
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
LowCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDSUSE bug 1084524SUSE bug 1085215SUSE bug 1101811SUSE bug 1112526cpe:/o:suse:sll:7CVE-2018-1000122SUSE Liberty Linux 7
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
ModerateCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDSUSE bug 1084532SUSE bug 1101811SUSE bug 1112526cpe:/o:suse:sll:7CVE-2018-1000132SUSE Liberty Linux 7
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
ModerateCVE-2018-1000132 at SUSECVE-2018-1000132 at NVDSUSE bug 1085211cpe:/o:suse:sll:7CVE-2018-1000140SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
CriticalCVE-2018-1000140 at SUSECVE-2018-1000140 at NVDSUSE bug 1086730cpe:/o:suse:sll:7CVE-2018-1000156SUSE Liberty Linux 7
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
ModerateCVE-2018-1000156 at SUSECVE-2018-1000156 at NVDSUSE bug 1088420SUSE bug 1093615SUSE bug 1101128SUSE bug 1142513cpe:/o:suse:sll:7CVE-2018-1000199SUSE Liberty Linux 7
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
ImportantCVE-2018-1000199 at SUSECVE-2018-1000199 at NVDSUSE bug 1089895SUSE bug 1090036cpe:/o:suse:sll:7CVE-2018-1000301SUSE Liberty Linux 7
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
CriticalCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDSUSE bug 1092098SUSE bug 1122464cpe:/o:suse:sll:7CVE-2018-1000801SUSE Liberty Linux 7
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
ModerateCVE-2018-1000801 at SUSECVE-2018-1000801 at NVDSUSE bug 1107591cpe:/o:suse:sll:7CVE-2018-1000805SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
CriticalCVE-2018-1000805 at SUSECVE-2018-1000805 at NVDSUSE bug 1111151cpe:/o:suse:sll:7CVE-2018-1000852SUSE Liberty Linux 7
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.
ModerateCVE-2018-1000852 at SUSECVE-2018-1000852 at NVDSUSE bug 1117963SUSE bug 1120507SUSE bug 1131873cpe:/o:suse:sll:7CVE-2018-1000876SUSE Liberty Linux 7
binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.
ModerateCVE-2018-1000876 at SUSECVE-2018-1000876 at NVDSUSE bug 1120640cpe:/o:suse:sll:7CVE-2018-1000877SUSE Liberty Linux 7
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
LowCVE-2018-1000877 at SUSECVE-2018-1000877 at NVDSUSE bug 1120653cpe:/o:suse:sll:7CVE-2018-1000878SUSE Liberty Linux 7
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
ModerateCVE-2018-1000878 at SUSECVE-2018-1000878 at NVDSUSE bug 1120654cpe:/o:suse:sll:7CVE-2018-1002200SUSE Liberty Linux 7
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
ModerateCVE-2018-1002200 at SUSECVE-2018-1002200 at NVDcpe:/o:suse:sll:7CVE-2018-10177SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.
ModerateCVE-2018-10177 at SUSECVE-2018-10177 at NVDSUSE bug 1089781cpe:/o:suse:sll:7CVE-2018-10194SUSE Liberty Linux 7
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
ModerateCVE-2018-10194 at SUSECVE-2018-10194 at NVDSUSE bug 1090099cpe:/o:suse:sll:7CVE-2018-10322SUSE Liberty Linux 7
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
ModerateCVE-2018-10322 at SUSECVE-2018-10322 at NVDSUSE bug 1087082SUSE bug 1090749cpe:/o:suse:sll:7CVE-2018-10360SUSE Liberty Linux 7
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
LowCVE-2018-10360 at SUSECVE-2018-10360 at NVDSUSE bug 1096974SUSE bug 1096984SUSE bug 1126118cpe:/o:suse:sll:7CVE-2018-10372SUSE Liberty Linux 7
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
LowCVE-2018-10372 at SUSECVE-2018-10372 at NVDSUSE bug 1091015cpe:/o:suse:sll:7CVE-2018-10373SUSE Liberty Linux 7
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.
LowCVE-2018-10373 at SUSECVE-2018-10373 at NVDSUSE bug 1090997cpe:/o:suse:sll:7CVE-2018-1049SUSE Liberty Linux 7
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
ModerateCVE-2018-1049 at SUSECVE-2018-1049 at NVDSUSE bug 1076308SUSE bug 1140475cpe:/o:suse:sll:7CVE-2018-1050SUSE Liberty Linux 7
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
ModerateCVE-2018-1050 at SUSECVE-2018-1050 at NVDSUSE bug 1081741cpe:/o:suse:sll:7CVE-2018-10534SUSE Liberty Linux 7
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.
ModerateCVE-2018-10534 at SUSECVE-2018-10534 at NVDSUSE bug 1091368cpe:/o:suse:sll:7CVE-2018-10535SUSE Liberty Linux 7
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
LowCVE-2018-10535 at SUSECVE-2018-10535 at NVDSUSE bug 1091365cpe:/o:suse:sll:7CVE-2018-1054SUSE Liberty Linux 7
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
ImportantCVE-2018-1054 at SUSECVE-2018-1054 at NVDSUSE bug 1083689cpe:/o:suse:sll:7CVE-2018-10547SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.
ModerateCVE-2018-10547 at SUSECVE-2018-10547 at NVDSUSE bug 1091362cpe:/o:suse:sll:7CVE-2018-1059SUSE Liberty Linux 7
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
ModerateCVE-2018-1059 at SUSECVE-2018-1059 at NVDSUSE bug 1089638SUSE bug 1090647cpe:/o:suse:sll:7CVE-2018-1060SUSE Liberty Linux 7
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
LowCVE-2018-1060 at SUSECVE-2018-1060 at NVDSUSE bug 1088009cpe:/o:suse:sll:7CVE-2018-1061SUSE Liberty Linux 7
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
LowCVE-2018-1061 at SUSECVE-2018-1061 at NVDSUSE bug 1088004cpe:/o:suse:sll:7CVE-2018-1063SUSE Liberty Linux 7
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
ModerateCVE-2018-1063 at SUSECVE-2018-1063 at NVDSUSE bug 1083624cpe:/o:suse:sll:7CVE-2018-1064SUSE Liberty Linux 7
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
ModerateCVE-2018-1064 at SUSECVE-2018-1064 at NVDSUSE bug 1076500SUSE bug 1083625SUSE bug 1087887SUSE bug 1088147cpe:/o:suse:sll:7CVE-2018-10675SUSE Liberty Linux 7
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
ModerateCVE-2018-10675 at SUSECVE-2018-10675 at NVDSUSE bug 1087082SUSE bug 1091755SUSE bug 1115893cpe:/o:suse:sll:7CVE-2018-1068SUSE Liberty Linux 7
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
ImportantCVE-2018-1068 at SUSECVE-2018-1068 at NVDSUSE bug 1085107SUSE bug 1085114SUSE bug 1087082SUSE bug 1123903cpe:/o:suse:sll:7CVE-2018-10689SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.
ModerateCVE-2018-10689 at SUSECVE-2018-10689 at NVDSUSE bug 1091942cpe:/o:suse:sll:7CVE-2018-1071SUSE Liberty Linux 7
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
LowCVE-2018-1071 at SUSECVE-2018-1071 at NVDSUSE bug 1084656SUSE bug 1200039cpe:/o:suse:sll:7CVE-2018-10733SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
ModerateCVE-2018-10733 at SUSECVE-2018-10733 at NVDSUSE bug 1092125cpe:/o:suse:sll:7CVE-2018-10767SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.
ModerateCVE-2018-10767 at SUSECVE-2018-10767 at NVDSUSE bug 1092123cpe:/o:suse:sll:7CVE-2018-10768SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
LowCVE-2018-10768 at SUSECVE-2018-10768 at NVDSUSE bug 1092105cpe:/o:suse:sll:7CVE-2018-10772SUSE Liberty Linux 7
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
LowCVE-2018-10772 at SUSECVE-2018-10772 at NVDSUSE bug 1092096cpe:/o:suse:sll:7CVE-2018-10779SUSE Liberty Linux 7
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
LowCVE-2018-10779 at SUSECVE-2018-10779 at NVDSUSE bug 1092480cpe:/o:suse:sll:7CVE-2018-1079SUSE Liberty Linux 7
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
ImportantCVE-2018-1079 at SUSECVE-2018-1079 at NVDcpe:/o:suse:sll:7CVE-2018-1080SUSE Liberty Linux 7
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.
ImportantCVE-2018-1080 at SUSECVE-2018-1080 at NVDcpe:/o:suse:sll:7CVE-2018-10804SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
LowCVE-2018-10804 at SUSECVE-2018-10804 at NVDSUSE bug 1095813cpe:/o:suse:sll:7CVE-2018-10805SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
LowCVE-2018-10805 at SUSECVE-2018-10805 at NVDSUSE bug 1095812cpe:/o:suse:sll:7CVE-2018-1083SUSE Liberty Linux 7
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.
ModerateCVE-2018-1083 at SUSECVE-2018-1083 at NVDSUSE bug 1087026SUSE bug 1189668SUSE bug 1200209cpe:/o:suse:sll:7CVE-2018-1084SUSE Liberty Linux 7
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
ImportantCVE-2018-1084 at SUSECVE-2018-1084 at NVDSUSE bug 1089346cpe:/o:suse:sll:7CVE-2018-10844SUSE Liberty Linux 7
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
ModerateCVE-2018-10844 at SUSECVE-2018-10844 at NVDSUSE bug 1105437SUSE bug 1105459cpe:/o:suse:sll:7CVE-2018-10845SUSE Liberty Linux 7
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
ModerateCVE-2018-10845 at SUSECVE-2018-10845 at NVDSUSE bug 1105437SUSE bug 1105459cpe:/o:suse:sll:7CVE-2018-10846SUSE Liberty Linux 7
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
ModerateCVE-2018-10846 at SUSECVE-2018-10846 at NVDSUSE bug 1105460cpe:/o:suse:sll:7CVE-2018-10850SUSE Liberty Linux 7
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
ModerateCVE-2018-10850 at SUSECVE-2018-10850 at NVDSUSE bug 1096368cpe:/o:suse:sll:7CVE-2018-10852SUSE Liberty Linux 7
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
ModerateCVE-2018-10852 at SUSECVE-2018-10852 at NVDSUSE bug 1098377cpe:/o:suse:sll:7CVE-2018-10853SUSE Liberty Linux 7
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
ImportantCVE-2018-10853 at SUSECVE-2018-10853 at NVDSUSE bug 1097104SUSE bug 1097108cpe:/o:suse:sll:7CVE-2018-10858SUSE Liberty Linux 7
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
ModerateCVE-2018-10858 at SUSECVE-2018-10858 at NVDSUSE bug 1103411SUSE bug 1110943cpe:/o:suse:sll:7CVE-2018-1086SUSE Liberty Linux 7
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
ImportantCVE-2018-1086 at SUSECVE-2018-1086 at NVDcpe:/o:suse:sll:7CVE-2018-1087SUSE Liberty Linux 7
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.
ImportantCVE-2018-1087 at SUSECVE-2018-1087 at NVDSUSE bug 1087088cpe:/o:suse:sll:7CVE-2018-10873SUSE Liberty Linux 7
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
ImportantCVE-2018-10873 at SUSECVE-2018-10873 at NVDSUSE bug 1104448cpe:/o:suse:sll:7CVE-2018-10878SUSE Liberty Linux 7
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
ModerateCVE-2018-10878 at SUSECVE-2018-10878 at NVDSUSE bug 1087082SUSE bug 1099813cpe:/o:suse:sll:7CVE-2018-10879SUSE Liberty Linux 7
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
ModerateCVE-2018-10879 at SUSECVE-2018-10879 at NVDSUSE bug 1087082SUSE bug 1099844cpe:/o:suse:sll:7CVE-2018-10881SUSE Liberty Linux 7
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
ModerateCVE-2018-10881 at SUSECVE-2018-10881 at NVDSUSE bug 1087082SUSE bug 1099864cpe:/o:suse:sll:7CVE-2018-10883SUSE Liberty Linux 7
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
ModerateCVE-2018-10883 at SUSECVE-2018-10883 at NVDSUSE bug 1087082SUSE bug 1099863cpe:/o:suse:sll:7CVE-2018-1089SUSE Liberty Linux 7
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
ImportantCVE-2018-1089 at SUSECVE-2018-1089 at NVDSUSE bug 1092187cpe:/o:suse:sll:7CVE-2018-10893SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
ModerateCVE-2018-10893 at SUSECVE-2018-10893 at NVDSUSE bug 1101295cpe:/o:suse:sll:7CVE-2018-10896SUSE Liberty Linux 7
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.
ImportantCVE-2018-10896 at SUSECVE-2018-10896 at NVDcpe:/o:suse:sll:7CVE-2018-10897SUSE Liberty Linux 7
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
ImportantCVE-2018-10897 at SUSECVE-2018-10897 at NVDSUSE bug 1100972cpe:/o:suse:sll:7CVE-2018-10902SUSE Liberty Linux 7
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
LowCVE-2018-10902 at SUSECVE-2018-10902 at NVDSUSE bug 1105322SUSE bug 1105323cpe:/o:suse:sll:7CVE-2018-10906SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
ModerateCVE-2018-10906 at SUSECVE-2018-10906 at NVDSUSE bug 1101797SUSE bug 1127346SUSE bug 1127350cpe:/o:suse:sll:7CVE-2018-1091SUSE Liberty Linux 7
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.
LowCVE-2018-1091 at SUSECVE-2018-1091 at NVDSUSE bug 1087231cpe:/o:suse:sll:7CVE-2018-10910SUSE Liberty Linux 7
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
LowCVE-2018-10910 at SUSECVE-2018-10910 at NVDSUSE bug 1102238cpe:/o:suse:sll:7CVE-2018-10911SUSE Liberty Linux 7
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
ModerateCVE-2018-10911 at SUSECVE-2018-10911 at NVDSUSE bug 1105776SUSE bug 1107020cpe:/o:suse:sll:7CVE-2018-10915SUSE Liberty Linux 7
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
ImportantCVE-2018-10915 at SUSECVE-2018-10915 at NVDSUSE bug 1104199SUSE bug 1140876SUSE bug 1185814cpe:/o:suse:sll:7CVE-2018-10916SUSE Liberty Linux 7
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.
ModerateCVE-2018-10916 at SUSECVE-2018-10916 at NVDSUSE bug 1103367cpe:/o:suse:sll:7CVE-2018-1092SUSE Liberty Linux 7
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
ModerateCVE-2018-1092 at SUSECVE-2018-1092 at NVDSUSE bug 1087012SUSE bug 1087082cpe:/o:suse:sll:7CVE-2018-10935SUSE Liberty Linux 7
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
ModerateCVE-2018-10935 at SUSECVE-2018-10935 at NVDSUSE bug 1105606cpe:/o:suse:sll:7CVE-2018-1094SUSE Liberty Linux 7
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
LowCVE-2018-1094 at SUSECVE-2018-1094 at NVDSUSE bug 1087007SUSE bug 1087082cpe:/o:suse:sll:7CVE-2018-10940SUSE Liberty Linux 7
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
ModerateCVE-2018-10940 at SUSECVE-2018-10940 at NVDSUSE bug 1087082SUSE bug 1092903SUSE bug 1107689SUSE bug 1113751cpe:/o:suse:sll:7CVE-2018-10958SUSE Liberty Linux 7
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
LowCVE-2018-10958 at SUSECVE-2018-10958 at NVDSUSE bug 1092952cpe:/o:suse:sll:7CVE-2018-10963SUSE Liberty Linux 7
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
ModerateCVE-2018-10963 at SUSECVE-2018-10963 at NVDSUSE bug 1092949cpe:/o:suse:sll:7CVE-2018-10998SUSE Liberty Linux 7
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
ModerateCVE-2018-10998 at SUSECVE-2018-10998 at NVDSUSE bug 1093095cpe:/o:suse:sll:7CVE-2018-1100SUSE Liberty Linux 7
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
ImportantCVE-2018-1100 at SUSECVE-2018-1100 at NVDSUSE bug 1089030SUSE bug 1189668cpe:/o:suse:sll:7CVE-2018-11037SUSE Liberty Linux 7
In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.
ModerateCVE-2018-11037 at SUSECVE-2018-11037 at NVDSUSE bug 1093475cpe:/o:suse:sll:7CVE-2018-1106SUSE Liberty Linux 7
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
ModerateCVE-2018-1106 at SUSECVE-2018-1106 at NVDSUSE bug 1086936SUSE bug 1123722cpe:/o:suse:sll:7CVE-2018-1111SUSE Liberty Linux 7
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
ImportantCVE-2018-1111 at SUSECVE-2018-1111 at NVDSUSE bug 1093364cpe:/o:suse:sll:7CVE-2018-1113SUSE Liberty Linux 7
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.
ModerateCVE-2018-1113 at SUSECVE-2018-1113 at NVDcpe:/o:suse:sll:7CVE-2018-1116SUSE Liberty Linux 7
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
LowCVE-2018-1116 at SUSECVE-2018-1116 at NVDSUSE bug 1099031cpe:/o:suse:sll:7CVE-2018-1118SUSE Liberty Linux 7
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
LowCVE-2018-1118 at SUSECVE-2018-1118 at NVDSUSE bug 1087082SUSE bug 1092472cpe:/o:suse:sll:7CVE-2018-1120SUSE Liberty Linux 7
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
ModerateCVE-2018-1120 at SUSECVE-2018-1120 at NVDSUSE bug 1087082SUSE bug 1092100SUSE bug 1093158cpe:/o:suse:sll:7CVE-2018-11212SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
LowCVE-2018-11212 at SUSECVE-2018-11212 at NVDSUSE bug 1122299cpe:/o:suse:sll:7CVE-2018-11213SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
ModerateCVE-2018-11213 at SUSECVE-2018-11213 at NVDSUSE bug 1160884cpe:/o:suse:sll:7CVE-2018-11214SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
ModerateCVE-2018-11214 at SUSECVE-2018-11214 at NVDSUSE bug 1160884cpe:/o:suse:sll:7CVE-2018-1122SUSE Liberty Linux 7
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1122 at SUSECVE-2018-1122 at NVDSUSE bug 1087082SUSE bug 1092100SUSE bug 1093158SUSE bug 1123135SUSE bug 1126909SUSE bug 1128955cpe:/o:suse:sll:7CVE-2018-11235SUSE Liberty Linux 7
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
ImportantCVE-2018-11235 at SUSECVE-2018-11235 at NVDSUSE bug 1095219cpe:/o:suse:sll:7CVE-2018-11236SUSE Liberty Linux 7
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
ImportantCVE-2018-11236 at SUSECVE-2018-11236 at NVDSUSE bug 1094161SUSE bug 1110160SUSE bug 1118435SUSE bug 1123874cpe:/o:suse:sll:7CVE-2018-11237SUSE Liberty Linux 7
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
ModerateCVE-2018-11237 at SUSECVE-2018-11237 at NVDSUSE bug 1092877SUSE bug 1094154SUSE bug 1118435cpe:/o:suse:sll:7CVE-2018-1124SUSE Liberty Linux 7
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVE-2018-1124 at SUSECVE-2018-1124 at NVDSUSE bug 1087082SUSE bug 1092100SUSE bug 1093158SUSE bug 1123135SUSE bug 1126909SUSE bug 1128955cpe:/o:suse:sll:7CVE-2018-1126SUSE Liberty Linux 7
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-1126 at SUSECVE-2018-1126 at NVDSUSE bug 1087082SUSE bug 1092100SUSE bug 1093158SUSE bug 1123135SUSE bug 1126909SUSE bug 1128955cpe:/o:suse:sll:7CVE-2018-1130SUSE Liberty Linux 7
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
LowCVE-2018-1130 at SUSECVE-2018-1130 at NVDSUSE bug 1092904cpe:/o:suse:sll:7CVE-2018-11362SUSE Liberty Linux 7
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
ModerateCVE-2018-11362 at SUSECVE-2018-11362 at NVDSUSE bug 1094301cpe:/o:suse:sll:7CVE-2018-1139SUSE Liberty Linux 7
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
ModerateCVE-2018-1139 at SUSECVE-2018-1139 at NVDSUSE bug 1095048cpe:/o:suse:sll:7CVE-2018-11439SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
LowCVE-2018-11439 at SUSECVE-2018-11439 at NVDSUSE bug 1096180cpe:/o:suse:sll:7CVE-2018-11645SUSE Liberty Linux 7
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
ModerateCVE-2018-11645 at SUSECVE-2018-11645 at NVDSUSE bug 1095610cpe:/o:suse:sll:7CVE-2018-11656SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
ModerateCVE-2018-11656 at SUSECVE-2018-11656 at NVDSUSE bug 1095726cpe:/o:suse:sll:7CVE-2018-11712SUSE Liberty Linux 7 LTSS
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.
ModerateCVE-2018-11712 at SUSECVE-2018-11712 at NVDSUSE bug 1096061SUSE bug 1097693CVE-2018-11713SUSE Liberty Linux 7 LTSS
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.
ModerateCVE-2018-11713 at SUSECVE-2018-11713 at NVDSUSE bug 1096060SUSE bug 1097693CVE-2018-11781SUSE Liberty Linux 7
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
ImportantCVE-2018-11781 at SUSECVE-2018-11781 at NVDSUSE bug 1108748cpe:/o:suse:sll:7CVE-2018-11782SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.
ModerateCVE-2018-11782 at SUSECVE-2018-11782 at NVDSUSE bug 1142743cpe:/o:suse:sll:7CVE-2018-11784SUSE Liberty Linux 7
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
ModerateCVE-2018-11784 at SUSECVE-2018-11784 at NVDSUSE bug 1110850SUSE bug 1122212cpe:/o:suse:sll:7CVE-2018-11806SUSE Liberty Linux 7
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
ModerateCVE-2018-11806 at SUSECVE-2018-11806 at NVDSUSE bug 1096223SUSE bug 1096224SUSE bug 1178658cpe:/o:suse:sll:7CVE-2018-11813SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
ModerateCVE-2018-11813 at SUSECVE-2018-11813 at NVDSUSE bug 1096209SUSE bug 1172994SUSE bug 1172995cpe:/o:suse:sll:7CVE-2018-12015SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
LowCVE-2018-12015 at SUSECVE-2018-12015 at NVDSUSE bug 1096718SUSE bug 1099497SUSE bug 1099507SUSE bug 1106717cpe:/o:suse:sll:7CVE-2018-12020SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
ImportantCVE-2018-12020 at SUSECVE-2018-12020 at NVDSUSE bug 1096745SUSE bug 1101134cpe:/o:suse:sll:7CVE-2018-12121SUSE Liberty Linux 7
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.
ModerateCVE-2018-12121 at SUSECVE-2018-12121 at NVDSUSE bug 1117626SUSE bug 1127532cpe:/o:suse:sll:7CVE-2018-12126SUSE Liberty Linux 7
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
ModerateCVE-2018-12126 at SUSECVE-2018-12126 at NVDSUSE bug 1103186SUSE bug 1111331SUSE bug 1132686SUSE bug 1135409SUSE bug 1135524SUSE bug 1137916SUSE bug 1138534SUSE bug 1141977SUSE bug 1149725SUSE bug 1149726SUSE bug 1149729SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2018-12127SUSE Liberty Linux 7
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
ModerateCVE-2018-12127 at SUSECVE-2018-12127 at NVDSUSE bug 1103186SUSE bug 1111331SUSE bug 1132686SUSE bug 1135409SUSE bug 1138534SUSE bug 1141977SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2018-12130SUSE Liberty Linux 7
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
ModerateCVE-2018-12130 at SUSECVE-2018-12130 at NVDSUSE bug 1103186SUSE bug 1111331SUSE bug 1132686SUSE bug 1135409SUSE bug 1137916SUSE bug 1138534SUSE bug 1141977SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2018-12180SUSE Liberty Linux 7
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
ImportantCVE-2018-12180 at SUSECVE-2018-12180 at NVDSUSE bug 1127820cpe:/o:suse:sll:7CVE-2018-12181SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
ModerateCVE-2018-12181 at SUSECVE-2018-12181 at NVDSUSE bug 1128503cpe:/o:suse:sll:7CVE-2018-12207SUSE Liberty Linux 7
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
ModerateCVE-2018-12207 at SUSECVE-2018-12207 at NVDSUSE bug 1117665SUSE bug 1139073SUSE bug 1152505SUSE bug 1155812SUSE bug 1155817SUSE bug 1155945SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2018-12264SUSE Liberty Linux 7
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
LowCVE-2018-12264 at SUSECVE-2018-12264 at NVDSUSE bug 1097600cpe:/o:suse:sll:7CVE-2018-12265SUSE Liberty Linux 7
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
LowCVE-2018-12265 at SUSECVE-2018-12265 at NVDSUSE bug 1097599cpe:/o:suse:sll:7CVE-2018-12327SUSE Liberty Linux 7
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
LowCVE-2018-12327 at SUSECVE-2018-12327 at NVDSUSE bug 1098531SUSE bug 1107887SUSE bug 1111552SUSE bug 1111853SUSE bug 1155513cpe:/o:suse:sll:7CVE-2018-12359SUSE Liberty Linux 7
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-12359 at SUSECVE-2018-12359 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-12360SUSE Liberty Linux 7
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-12360 at SUSECVE-2018-12360 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-12362SUSE Liberty Linux 7
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-12362 at SUSECVE-2018-12362 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-12363SUSE Liberty Linux 7
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-12363 at SUSECVE-2018-12363 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-12364SUSE Liberty Linux 7
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-12364 at SUSECVE-2018-12364 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-12365SUSE Liberty Linux 7
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-12365 at SUSECVE-2018-12365 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-12366SUSE Liberty Linux 7
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-12366 at SUSECVE-2018-12366 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-12372SUSE Liberty Linux 7
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
ModerateCVE-2018-12372 at SUSECVE-2018-12372 at NVDSUSE bug 1100082cpe:/o:suse:sll:7CVE-2018-12373SUSE Liberty Linux 7
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
ModerateCVE-2018-12373 at SUSECVE-2018-12373 at NVDSUSE bug 1100079cpe:/o:suse:sll:7CVE-2018-12374SUSE Liberty Linux 7
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
ModerateCVE-2018-12374 at SUSECVE-2018-12374 at NVDSUSE bug 1100081cpe:/o:suse:sll:7CVE-2018-12376SUSE Liberty Linux 7
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
ModerateCVE-2018-12376 at SUSECVE-2018-12376 at NVDSUSE bug 1107343cpe:/o:suse:sll:7CVE-2018-12377SUSE Liberty Linux 7
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
ModerateCVE-2018-12377 at SUSECVE-2018-12377 at NVDSUSE bug 1107343cpe:/o:suse:sll:7CVE-2018-12378SUSE Liberty Linux 7
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
ModerateCVE-2018-12378 at SUSECVE-2018-12378 at NVDSUSE bug 1107343cpe:/o:suse:sll:7CVE-2018-12379SUSE Liberty Linux 7
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
ModerateCVE-2018-12379 at SUSECVE-2018-12379 at NVDSUSE bug 1107343cpe:/o:suse:sll:7CVE-2018-12383SUSE Liberty Linux 7
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.
ModerateCVE-2018-12383 at SUSECVE-2018-12383 at NVDSUSE bug 1107343cpe:/o:suse:sll:7CVE-2018-12384SUSE Liberty Linux 7
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
ModerateCVE-2018-12384 at SUSECVE-2018-12384 at NVDSUSE bug 1106873SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-12385SUSE Liberty Linux 7
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.
ModerateCVE-2018-12385 at SUSECVE-2018-12385 at NVDSUSE bug 1109363cpe:/o:suse:sll:7CVE-2018-12386SUSE Liberty Linux 7
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
ImportantCVE-2018-12386 at SUSECVE-2018-12386 at NVDSUSE bug 1110506cpe:/o:suse:sll:7CVE-2018-12387SUSE Liberty Linux 7
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.
ImportantCVE-2018-12387 at SUSECVE-2018-12387 at NVDSUSE bug 1110507cpe:/o:suse:sll:7CVE-2018-12389SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
ImportantCVE-2018-12389 at SUSECVE-2018-12389 at NVDSUSE bug 1112852cpe:/o:suse:sll:7CVE-2018-12390SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
ImportantCVE-2018-12390 at SUSECVE-2018-12390 at NVDSUSE bug 1112852cpe:/o:suse:sll:7CVE-2018-12392SUSE Liberty Linux 7
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
ImportantCVE-2018-12392 at SUSECVE-2018-12392 at NVDSUSE bug 1112852cpe:/o:suse:sll:7CVE-2018-12393SUSE Liberty Linux 7
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
ImportantCVE-2018-12393 at SUSECVE-2018-12393 at NVDSUSE bug 1112852cpe:/o:suse:sll:7CVE-2018-12395SUSE Liberty Linux 7
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
ImportantCVE-2018-12395 at SUSECVE-2018-12395 at NVDSUSE bug 1112852cpe:/o:suse:sll:7CVE-2018-12396SUSE Liberty Linux 7
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
ImportantCVE-2018-12396 at SUSECVE-2018-12396 at NVDSUSE bug 1112852cpe:/o:suse:sll:7CVE-2018-12397SUSE Liberty Linux 7
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.
ImportantCVE-2018-12397 at SUSECVE-2018-12397 at NVDSUSE bug 1112852cpe:/o:suse:sll:7CVE-2018-12404SUSE Liberty Linux 7
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
ModerateCVE-2018-12404 at SUSECVE-2018-12404 at NVDSUSE bug 1119069SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-12405SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
ModerateCVE-2018-12405 at SUSECVE-2018-12405 at NVDSUSE bug 1112111SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-12599SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
ModerateCVE-2018-12599 at SUSECVE-2018-12599 at NVDSUSE bug 1098546SUSE bug 1117463cpe:/o:suse:sll:7CVE-2018-12600SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
ModerateCVE-2018-12600 at SUSECVE-2018-12600 at NVDSUSE bug 1098545SUSE bug 1098546SUSE bug 1117463cpe:/o:suse:sll:7CVE-2018-12641SUSE Liberty Linux 7
An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.
LowCVE-2018-12641 at SUSECVE-2018-12641 at NVDSUSE bug 1098937cpe:/o:suse:sll:7CVE-2018-12697SUSE Liberty Linux 7
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
LowCVE-2018-12697 at SUSECVE-2018-12697 at NVDSUSE bug 1098940cpe:/o:suse:sll:7CVE-2018-1283SUSE Liberty Linux 7
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.
ImportantCVE-2018-1283 at SUSECVE-2018-1283 at NVDSUSE bug 1086814cpe:/o:suse:sll:7CVE-2018-12900SUSE Liberty Linux 7
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
ModerateCVE-2018-12900 at SUSECVE-2018-12900 at NVDSUSE bug 1099257SUSE bug 1125113SUSE bug 1150480cpe:/o:suse:sll:7CVE-2018-12910SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
LowCVE-2018-12910 at SUSECVE-2018-12910 at NVDSUSE bug 1100097cpe:/o:suse:sll:7CVE-2018-1301SUSE Liberty Linux 7
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
ImportantCVE-2018-1301 at SUSECVE-2018-1301 at NVDSUSE bug 1086817cpe:/o:suse:sll:7CVE-2018-1303SUSE Liberty Linux 7
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
ImportantCVE-2018-1303 at SUSECVE-2018-1303 at NVDSUSE bug 1086813cpe:/o:suse:sll:7CVE-2018-13033SUSE Liberty Linux 7
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
ModerateCVE-2018-13033 at SUSECVE-2018-13033 at NVDSUSE bug 1099929cpe:/o:suse:sll:7CVE-2018-1304SUSE Liberty Linux 7
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.
ModerateCVE-2018-1304 at SUSECVE-2018-1304 at NVDSUSE bug 1082480cpe:/o:suse:sll:7CVE-2018-1305SUSE Liberty Linux 7
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.
ModerateCVE-2018-1305 at SUSECVE-2018-1305 at NVDSUSE bug 1082481SUSE bug 1112097cpe:/o:suse:sll:7CVE-2018-13053SUSE Liberty Linux 7
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.
LowCVE-2018-13053 at SUSECVE-2018-13053 at NVDSUSE bug 1099924SUSE bug 1115893cpe:/o:suse:sll:7CVE-2018-13093SUSE Liberty Linux 7
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.
ModerateCVE-2018-13093 at SUSECVE-2018-13093 at NVDSUSE bug 1100001cpe:/o:suse:sll:7CVE-2018-13094SUSE Liberty Linux 7
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
ModerateCVE-2018-13094 at SUSECVE-2018-13094 at NVDSUSE bug 1087082SUSE bug 1100000cpe:/o:suse:sll:7CVE-2018-13095SUSE Liberty Linux 7
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.
ModerateCVE-2018-13095 at SUSECVE-2018-13095 at NVDSUSE bug 1099999cpe:/o:suse:sll:7CVE-2018-1311SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
ImportantCVE-2018-1311 at SUSECVE-2018-1311 at NVDSUSE bug 1159552SUSE bug 1221037cpe:/o:suse:sll:7CVE-2018-1312SUSE Liberty Linux 7
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
ModerateCVE-2018-1312 at SUSECVE-2018-1312 at NVDSUSE bug 1086775cpe:/o:suse:sll:7CVE-2018-13139SUSE Liberty Linux 7
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
ImportantCVE-2018-13139 at SUSECVE-2018-13139 at NVDSUSE bug 1100167SUSE bug 1116993SUSE bug 1211493cpe:/o:suse:sll:7CVE-2018-13153SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
ModerateCVE-2018-13153 at SUSECVE-2018-13153 at NVDSUSE bug 1100175cpe:/o:suse:sll:7CVE-2018-13259SUSE Liberty Linux 7
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
ImportantCVE-2018-13259 at SUSECVE-2018-13259 at NVDSUSE bug 1107294SUSE bug 1194009SUSE bug 1194012SUSE bug 1200039SUSE bug 1200209cpe:/o:suse:sll:7CVE-2018-13346SUSE Liberty Linux 7
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
ModerateCVE-2018-13346 at SUSECVE-2018-13346 at NVDSUSE bug 1100354cpe:/o:suse:sll:7CVE-2018-13347SUSE Liberty Linux 7
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
ModerateCVE-2018-13347 at SUSECVE-2018-13347 at NVDSUSE bug 1100355cpe:/o:suse:sll:7CVE-2018-1336SUSE Liberty Linux 7
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
ModerateCVE-2018-1336 at SUSECVE-2018-1336 at NVDSUSE bug 1102400cpe:/o:suse:sll:7CVE-2018-13405SUSE Liberty Linux 7
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
ModerateCVE-2018-13405 at SUSECVE-2018-13405 at NVDSUSE bug 1087082SUSE bug 1100416SUSE bug 1129735SUSE bug 1195161SUSE bug 1198702cpe:/o:suse:sll:7CVE-2018-13440SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
LowCVE-2018-13440 at SUSECVE-2018-13440 at NVDSUSE bug 1100523cpe:/o:suse:sll:7CVE-2018-13796SUSE Liberty Linux 7
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
ModerateCVE-2018-13796 at SUSECVE-2018-13796 at NVDSUSE bug 1101288cpe:/o:suse:sll:7CVE-2018-13988SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
ModerateCVE-2018-13988 at SUSECVE-2018-13988 at NVDSUSE bug 1102531cpe:/o:suse:sll:7CVE-2018-14036SUSE Liberty Linux 7 LTSS
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
LowCVE-2018-14036 at SUSECVE-2018-14036 at NVDSUSE bug 1099699SUSE bug 1101332SUSE bug 1112694CVE-2018-14040SUSE Liberty Linux 7
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
ModerateCVE-2018-14040 at SUSECVE-2018-14040 at NVDcpe:/o:suse:sll:7CVE-2018-14042SUSE Liberty Linux 7
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
ModerateCVE-2018-14042 at SUSECVE-2018-14042 at NVDcpe:/o:suse:sll:7CVE-2018-14046SUSE Liberty Linux 7
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
LowCVE-2018-14046 at SUSECVE-2018-14046 at NVDSUSE bug 1101339cpe:/o:suse:sll:7CVE-2018-14340SUSE Liberty Linux 7
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
LowCVE-2018-14340 at SUSECVE-2018-14340 at NVDSUSE bug 1101804cpe:/o:suse:sll:7CVE-2018-14341SUSE Liberty Linux 7
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
LowCVE-2018-14341 at SUSECVE-2018-14341 at NVDSUSE bug 1101776cpe:/o:suse:sll:7CVE-2018-14348SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
ModerateCVE-2018-14348 at SUSECVE-2018-14348 at NVDSUSE bug 1100365cpe:/o:suse:sll:7CVE-2018-14354SUSE Liberty Linux 7
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CriticalCVE-2018-14354 at SUSECVE-2018-14354 at NVDSUSE bug 1101428SUSE bug 1101578SUSE bug 1101581SUSE bug 1101589SUSE bug 1101593cpe:/o:suse:sll:7CVE-2018-14355SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
ModerateCVE-2018-14355 at SUSECVE-2018-14355 at NVDSUSE bug 1101428SUSE bug 1101577SUSE bug 1101593cpe:/o:suse:sll:7CVE-2018-14357SUSE Liberty Linux 7
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
ImportantCVE-2018-14357 at SUSECVE-2018-14357 at NVDSUSE bug 1101428SUSE bug 1101573SUSE bug 1101581SUSE bug 1101589SUSE bug 1101593cpe:/o:suse:sll:7CVE-2018-14362SUSE Liberty Linux 7
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
ModerateCVE-2018-14362 at SUSECVE-2018-14362 at NVDSUSE bug 1101428SUSE bug 1101567SUSE bug 1101589SUSE bug 1101593cpe:/o:suse:sll:7CVE-2018-14368SUSE Liberty Linux 7
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
LowCVE-2018-14368 at SUSECVE-2018-14368 at NVDSUSE bug 1101794cpe:/o:suse:sll:7CVE-2018-14404SUSE Liberty Linux 7
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
ModerateCVE-2018-14404 at SUSECVE-2018-14404 at NVDSUSE bug 1102046SUSE bug 1148896cpe:/o:suse:sll:7CVE-2018-14434SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
LowCVE-2018-14434 at SUSECVE-2018-14434 at NVDSUSE bug 1102003cpe:/o:suse:sll:7CVE-2018-14435SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
LowCVE-2018-14435 at SUSECVE-2018-14435 at NVDSUSE bug 1102007cpe:/o:suse:sll:7CVE-2018-14436SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
LowCVE-2018-14436 at SUSECVE-2018-14436 at NVDSUSE bug 1102005cpe:/o:suse:sll:7CVE-2018-14437SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
LowCVE-2018-14437 at SUSECVE-2018-14437 at NVDSUSE bug 1102004cpe:/o:suse:sll:7CVE-2018-14498SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
LowCVE-2018-14498 at SUSECVE-2018-14498 at NVDSUSE bug 1128712cpe:/o:suse:sll:7CVE-2018-14526SUSE Liberty Linux 7
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
ModerateCVE-2018-14526 at SUSECVE-2018-14526 at NVDSUSE bug 1104205cpe:/o:suse:sll:7CVE-2018-14567SUSE Liberty Linux 7
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
ModerateCVE-2018-14567 at SUSECVE-2018-14567 at NVDSUSE bug 1088279SUSE bug 1088601SUSE bug 1105166cpe:/o:suse:sll:7CVE-2018-14598SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
ModerateCVE-2018-14598 at SUSECVE-2018-14598 at NVDSUSE bug 1102073cpe:/o:suse:sll:7CVE-2018-14599SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
ModerateCVE-2018-14599 at SUSECVE-2018-14599 at NVDSUSE bug 1102062cpe:/o:suse:sll:7CVE-2018-14600SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.
ImportantCVE-2018-14600 at SUSECVE-2018-14600 at NVDSUSE bug 1102068SUSE bug 1178417cpe:/o:suse:sll:7CVE-2018-14618SUSE Liberty Linux 7
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
ModerateCVE-2018-14618 at SUSECVE-2018-14618 at NVDSUSE bug 1106019SUSE bug 1112758SUSE bug 1122464cpe:/o:suse:sll:7CVE-2018-14624SUSE Liberty Linux 7
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
ImportantCVE-2018-14624 at SUSECVE-2018-14624 at NVDSUSE bug 1106699cpe:/o:suse:sll:7CVE-2018-14625SUSE Liberty Linux 7
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
ModerateCVE-2018-14625 at SUSECVE-2018-14625 at NVDSUSE bug 1106615cpe:/o:suse:sll:7CVE-2018-14633SUSE Liberty Linux 7
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
ModerateCVE-2018-14633 at SUSECVE-2018-14633 at NVDSUSE bug 1107829SUSE bug 1107832cpe:/o:suse:sll:7CVE-2018-14634SUSE Liberty Linux 7
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
ModerateCVE-2018-14634 at SUSECVE-2018-14634 at NVDSUSE bug 1108912SUSE bug 1108963SUSE bug 1115893SUSE bug 1120323SUSE bug 1122265SUSE bug 1188063cpe:/o:suse:sll:7CVE-2018-14638SUSE Liberty Linux 7
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
ImportantCVE-2018-14638 at SUSECVE-2018-14638 at NVDSUSE bug 1108674cpe:/o:suse:sll:7CVE-2018-14646SUSE Liberty Linux 7
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
ModerateCVE-2018-14646 at SUSECVE-2018-14646 at NVDSUSE bug 1117290cpe:/o:suse:sll:7CVE-2018-14647SUSE Liberty Linux 7
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
ModerateCVE-2018-14647 at SUSECVE-2018-14647 at NVDSUSE bug 1109847SUSE bug 1126909cpe:/o:suse:sll:7CVE-2018-14648SUSE Liberty Linux 7
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
ImportantCVE-2018-14648 at SUSECVE-2018-14648 at NVDSUSE bug 1109609cpe:/o:suse:sll:7CVE-2018-14650SUSE Liberty Linux 7
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.
ModerateCVE-2018-14650 at SUSECVE-2018-14650 at NVDcpe:/o:suse:sll:7CVE-2018-14665SUSE Liberty Linux 7
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
ImportantCVE-2018-14665 at SUSECVE-2018-14665 at NVDSUSE bug 1111697SUSE bug 1112020cpe:/o:suse:sll:7CVE-2018-14679SUSE Liberty Linux 7
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
LowCVE-2018-14679 at SUSECVE-2018-14679 at NVDSUSE bug 1102922SUSE bug 1103032SUSE bug 1103040cpe:/o:suse:sll:7CVE-2018-14680SUSE Liberty Linux 7
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
LowCVE-2018-14680 at SUSECVE-2018-14680 at NVDSUSE bug 1102922SUSE bug 1103032SUSE bug 1103040cpe:/o:suse:sll:7CVE-2018-14681SUSE Liberty Linux 7
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
LowCVE-2018-14681 at SUSECVE-2018-14681 at NVDSUSE bug 1102922SUSE bug 1103032SUSE bug 1103040cpe:/o:suse:sll:7CVE-2018-14682SUSE Liberty Linux 7
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
LowCVE-2018-14682 at SUSECVE-2018-14682 at NVDSUSE bug 1102922SUSE bug 1103032SUSE bug 1103040cpe:/o:suse:sll:7CVE-2018-14734SUSE Liberty Linux 7
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
LowCVE-2018-14734 at SUSECVE-2018-14734 at NVDSUSE bug 1103119SUSE bug 1131390cpe:/o:suse:sll:7CVE-2018-15127SUSE Liberty Linux 7
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
CriticalCVE-2018-15127 at SUSECVE-2018-15127 at NVDSUSE bug 1120117SUSE bug 1123828SUSE bug 1123832cpe:/o:suse:sll:7CVE-2018-15473SUSE Liberty Linux 7
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
ModerateCVE-2018-15473 at SUSECVE-2018-15473 at NVDSUSE bug 1105010SUSE bug 1106163SUSE bug 1123133SUSE bug 1138392SUSE bug 1205621cpe:/o:suse:sll:7CVE-2018-15518SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
LowCVE-2018-15518 at SUSECVE-2018-15518 at NVDSUSE bug 1118595SUSE bug 1126909cpe:/o:suse:sll:7CVE-2018-15587SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
ModerateCVE-2018-15587 at SUSECVE-2018-15587 at NVDSUSE bug 1125230cpe:/o:suse:sll:7CVE-2018-15594SUSE Liberty Linux 7
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
ModerateCVE-2018-15594 at SUSECVE-2018-15594 at NVDSUSE bug 1105348SUSE bug 1133319cpe:/o:suse:sll:7CVE-2018-15607SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
ModerateCVE-2018-15607 at SUSECVE-2018-15607 at NVDSUSE bug 1105594cpe:/o:suse:sll:7CVE-2018-15686SUSE Liberty Linux 7
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
ModerateCVE-2018-15686 at SUSECVE-2018-15686 at NVDSUSE bug 1113665SUSE bug 1120323cpe:/o:suse:sll:7CVE-2018-15688SUSE Liberty Linux 7
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
ImportantCVE-2018-15688 at SUSECVE-2018-15688 at NVDSUSE bug 1113632SUSE bug 1113668SUSE bug 1113669cpe:/o:suse:sll:7CVE-2018-15746SUSE Liberty Linux 7
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
ModerateCVE-2018-15746 at SUSECVE-2018-15746 at NVDSUSE bug 1106222cpe:/o:suse:sll:7CVE-2018-15853SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
LowCVE-2018-15853 at SUSECVE-2018-15853 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15854SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
LowCVE-2018-15854 at SUSECVE-2018-15854 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15855SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
LowCVE-2018-15855 at SUSECVE-2018-15855 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15856SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
LowCVE-2018-15856 at SUSECVE-2018-15856 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15857SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
LowCVE-2018-15857 at SUSECVE-2018-15857 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15859SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
LowCVE-2018-15859 at SUSECVE-2018-15859 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15861SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
LowCVE-2018-15861 at SUSECVE-2018-15861 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15862SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
LowCVE-2018-15862 at SUSECVE-2018-15862 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15863SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
LowCVE-2018-15863 at SUSECVE-2018-15863 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15864SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.
LowCVE-2018-15864 at SUSECVE-2018-15864 at NVDSUSE bug 1105832cpe:/o:suse:sll:7CVE-2018-15908SUSE Liberty Linux 7
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
ModerateCVE-2018-15908 at SUSECVE-2018-15908 at NVDSUSE bug 1105464SUSE bug 1106171cpe:/o:suse:sll:7CVE-2018-15909SUSE Liberty Linux 7
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
ModerateCVE-2018-15909 at SUSECVE-2018-15909 at NVDSUSE bug 1105464SUSE bug 1106172cpe:/o:suse:sll:7CVE-2018-15910SUSE Liberty Linux 7
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
ModerateCVE-2018-15910 at SUSECVE-2018-15910 at NVDSUSE bug 1105464SUSE bug 1106173cpe:/o:suse:sll:7CVE-2018-15911SUSE Liberty Linux 7
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
ModerateCVE-2018-15911 at SUSECVE-2018-15911 at NVDSUSE bug 1105464SUSE bug 1106195SUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1118455cpe:/o:suse:sll:7CVE-2018-16057SUSE Liberty Linux 7
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
ImportantCVE-2018-16057 at SUSECVE-2018-16057 at NVDSUSE bug 1106514cpe:/o:suse:sll:7CVE-2018-16062SUSE Liberty Linux 7
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
ModerateCVE-2018-16062 at SUSECVE-2018-16062 at NVDSUSE bug 1106390cpe:/o:suse:sll:7CVE-2018-16328SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
LowCVE-2018-16328 at SUSECVE-2018-16328 at NVDSUSE bug 1106857cpe:/o:suse:sll:7CVE-2018-16391SUSE Liberty Linux 7
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16391 at SUSECVE-2018-16391 at NVDSUSE bug 1106998cpe:/o:suse:sll:7CVE-2018-16392SUSE Liberty Linux 7
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16392 at SUSECVE-2018-16392 at NVDSUSE bug 1106999cpe:/o:suse:sll:7CVE-2018-16393SUSE Liberty Linux 7
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16393 at SUSECVE-2018-16393 at NVDSUSE bug 1108318cpe:/o:suse:sll:7CVE-2018-16395SUSE Liberty Linux 7
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.
ModerateCVE-2018-16395 at SUSECVE-2018-16395 at NVDSUSE bug 1112530SUSE bug 1136906cpe:/o:suse:sll:7CVE-2018-16396SUSE Liberty Linux 7
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
ModerateCVE-2018-16396 at SUSECVE-2018-16396 at NVDSUSE bug 1112532SUSE bug 1136906cpe:/o:suse:sll:7CVE-2018-16402SUSE Liberty Linux 7
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
ModerateCVE-2018-16402 at SUSECVE-2018-16402 at NVDSUSE bug 1107066cpe:/o:suse:sll:7CVE-2018-16403SUSE Liberty Linux 7
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
LowCVE-2018-16403 at SUSECVE-2018-16403 at NVDSUSE bug 1107067cpe:/o:suse:sll:7CVE-2018-16418SUSE Liberty Linux 7
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16418 at SUSECVE-2018-16418 at NVDSUSE bug 1107039cpe:/o:suse:sll:7CVE-2018-16419SUSE Liberty Linux 7
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16419 at SUSECVE-2018-16419 at NVDSUSE bug 1107107cpe:/o:suse:sll:7CVE-2018-16420SUSE Liberty Linux 7
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16420 at SUSECVE-2018-16420 at NVDSUSE bug 1107097cpe:/o:suse:sll:7CVE-2018-16421SUSE Liberty Linux 7
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16421 at SUSECVE-2018-16421 at NVDSUSE bug 1107049cpe:/o:suse:sll:7CVE-2018-16422SUSE Liberty Linux 7
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16422 at SUSECVE-2018-16422 at NVDSUSE bug 1107038cpe:/o:suse:sll:7CVE-2018-16423SUSE Liberty Linux 7
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
ModerateCVE-2018-16423 at SUSECVE-2018-16423 at NVDSUSE bug 1107037cpe:/o:suse:sll:7CVE-2018-16426SUSE Liberty Linux 7
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
ModerateCVE-2018-16426 at SUSECVE-2018-16426 at NVDSUSE bug 1107034cpe:/o:suse:sll:7CVE-2018-16427SUSE Liberty Linux 7
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
ModerateCVE-2018-16427 at SUSECVE-2018-16427 at NVDSUSE bug 1107033cpe:/o:suse:sll:7CVE-2018-16509SUSE Liberty Linux 7
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
ModerateCVE-2018-16509 at SUSECVE-2018-16509 at NVDSUSE bug 1107410SUSE bug 1108027SUSE bug 1118318cpe:/o:suse:sll:7CVE-2018-16511SUSE Liberty Linux 7
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
ModerateCVE-2018-16511 at SUSECVE-2018-16511 at NVDSUSE bug 1107426SUSE bug 1111479SUSE bug 1112229cpe:/o:suse:sll:7CVE-2018-16539SUSE Liberty Linux 7
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
ModerateCVE-2018-16539 at SUSECVE-2018-16539 at NVDSUSE bug 1107422cpe:/o:suse:sll:7CVE-2018-16540SUSE Liberty Linux 7
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
ModerateCVE-2018-16540 at SUSECVE-2018-16540 at NVDSUSE bug 1107420cpe:/o:suse:sll:7CVE-2018-16541SUSE Liberty Linux 7
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
ModerateCVE-2018-16541 at SUSECVE-2018-16541 at NVDSUSE bug 1107421SUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1118455cpe:/o:suse:sll:7CVE-2018-16542SUSE Liberty Linux 7
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
ModerateCVE-2018-16542 at SUSECVE-2018-16542 at NVDSUSE bug 1107413cpe:/o:suse:sll:7CVE-2018-16548SUSE Liberty Linux 7
An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.
LowCVE-2018-16548 at SUSECVE-2018-16548 at NVDSUSE bug 1107424cpe:/o:suse:sll:7CVE-2018-16640SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
LowCVE-2018-16640 at SUSECVE-2018-16640 at NVDSUSE bug 1107619CVE-2018-16642SUSE Liberty Linux 7 LTSS
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
ModerateCVE-2018-16642 at SUSECVE-2018-16642 at NVDSUSE bug 1107616CVE-2018-16643SUSE Liberty Linux 7 LTSS
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
LowCVE-2018-16643 at SUSECVE-2018-16643 at NVDSUSE bug 1107612CVE-2018-16644SUSE Liberty Linux 7 LTSS
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
LowCVE-2018-16644 at SUSECVE-2018-16644 at NVDSUSE bug 1107609SUSE bug 1107612SUSE bug 1117463CVE-2018-16645SUSE Liberty Linux 7 LTSS
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
LowCVE-2018-16645 at SUSECVE-2018-16645 at NVDSUSE bug 1107604CVE-2018-16646SUSE Liberty Linux 7
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
LowCVE-2018-16646 at SUSECVE-2018-16646 at NVDSUSE bug 1107597SUSE bug 1140882cpe:/o:suse:sll:7CVE-2018-16658SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.
LowCVE-2018-16658 at SUSECVE-2018-16658 at NVDSUSE bug 1092903SUSE bug 1107689SUSE bug 1113751cpe:/o:suse:sll:7CVE-2018-16749SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
LowCVE-2018-16749 at SUSECVE-2018-16749 at NVDSUSE bug 1108282cpe:/o:suse:sll:7CVE-2018-16750SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
LowCVE-2018-16750 at SUSECVE-2018-16750 at NVDSUSE bug 1108283cpe:/o:suse:sll:7CVE-2018-16802SUSE Liberty Linux 7
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
ModerateCVE-2018-16802 at SUSECVE-2018-16802 at NVDSUSE bug 1107410SUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1117327SUSE bug 1118455cpe:/o:suse:sll:7CVE-2018-16838SUSE Liberty Linux 7
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
ModerateCVE-2018-16838 at SUSECVE-2018-16838 at NVDSUSE bug 1124194cpe:/o:suse:sll:7CVE-2018-16842SUSE Liberty Linux 7
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
ModerateCVE-2018-16842 at SUSECVE-2018-16842 at NVDSUSE bug 1113660SUSE bug 1122464cpe:/o:suse:sll:7CVE-2018-16863SUSE Liberty Linux 7
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
ImportantCVE-2018-16863 at SUSECVE-2018-16863 at NVDSUSE bug 1118318cpe:/o:suse:sll:7CVE-2018-16864SUSE Liberty Linux 7
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
ImportantCVE-2018-16864 at SUSECVE-2018-16864 at NVDSUSE bug 1108912SUSE bug 1120323SUSE bug 1122265SUSE bug 1188063cpe:/o:suse:sll:7CVE-2018-16865SUSE Liberty Linux 7
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
ImportantCVE-2018-16865 at SUSECVE-2018-16865 at NVDSUSE bug 1108912SUSE bug 1120323SUSE bug 1122265SUSE bug 1188063cpe:/o:suse:sll:7CVE-2018-16866SUSE Liberty Linux 7
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
LowCVE-2018-16866 at SUSECVE-2018-16866 at NVDSUSE bug 1108912SUSE bug 1120323SUSE bug 1122265SUSE bug 1126183cpe:/o:suse:sll:7CVE-2018-16871SUSE Liberty Linux 7
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
ModerateCVE-2018-16871 at SUSECVE-2018-16871 at NVDSUSE bug 1137103SUSE bug 1156320cpe:/o:suse:sll:7CVE-2018-16881SUSE Liberty Linux 7
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
ImportantCVE-2018-16881 at SUSECVE-2018-16881 at NVDSUSE bug 1123164cpe:/o:suse:sll:7CVE-2018-16884SUSE Liberty Linux 7
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
ImportantCVE-2018-16884 at SUSECVE-2018-16884 at NVDSUSE bug 1119946SUSE bug 1119947cpe:/o:suse:sll:7CVE-2018-16885SUSE Liberty Linux 7
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.
ModerateCVE-2018-16885 at SUSECVE-2018-16885 at NVDSUSE bug 1120258cpe:/o:suse:sll:7CVE-2018-16888SUSE Liberty Linux 7
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
ModerateCVE-2018-16888 at SUSECVE-2018-16888 at NVDSUSE bug 1065951SUSE bug 1120625cpe:/o:suse:sll:7CVE-2018-17095SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
ImportantCVE-2018-17095 at SUSECVE-2018-17095 at NVDSUSE bug 1111586cpe:/o:suse:sll:7CVE-2018-17100SUSE Liberty Linux 7
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
LowCVE-2018-17100 at SUSECVE-2018-17100 at NVDSUSE bug 1108637cpe:/o:suse:sll:7CVE-2018-17101SUSE Liberty Linux 7
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
LowCVE-2018-17101 at SUSECVE-2018-17101 at NVDSUSE bug 1108627cpe:/o:suse:sll:7CVE-2018-17183SUSE Liberty Linux 7
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
ModerateCVE-2018-17183 at SUSECVE-2018-17183 at NVDSUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1117331SUSE bug 1118455cpe:/o:suse:sll:7CVE-2018-17199SUSE Liberty Linux 7
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
ModerateCVE-2018-17199 at SUSECVE-2018-17199 at NVDSUSE bug 1122838SUSE bug 1122839cpe:/o:suse:sll:7CVE-2018-17282SUSE Liberty Linux 7
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
LowCVE-2018-17282 at SUSECVE-2018-17282 at NVDSUSE bug 1109299cpe:/o:suse:sll:7CVE-2018-17336SUSE Liberty Linux 7
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
ImportantCVE-2018-17336 at SUSECVE-2018-17336 at NVDSUSE bug 1109406cpe:/o:suse:sll:7CVE-2018-17407SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
ImportantCVE-2018-17407 at SUSECVE-2018-17407 at NVDSUSE bug 1109673SUSE bug 1125938SUSE bug 1126909cpe:/o:suse:sll:7CVE-2018-17456SUSE Liberty Linux 7
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
ImportantCVE-2018-17456 at SUSECVE-2018-17456 at NVDSUSE bug 1110949cpe:/o:suse:sll:7CVE-2018-17466SUSE Liberty Linux 7
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
ModerateCVE-2018-17466 at SUSECVE-2018-17466 at NVDSUSE bug 1112111SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-17581SUSE Liberty Linux 7
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
LowCVE-2018-17581 at SUSECVE-2018-17581 at NVDSUSE bug 1110282cpe:/o:suse:sll:7CVE-2018-17828SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
ModerateCVE-2018-17828 at SUSECVE-2018-17828 at NVDSUSE bug 1110687cpe:/o:suse:sll:7CVE-2018-17961SUSE Liberty Linux 7
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
ModerateCVE-2018-17961 at SUSECVE-2018-17961 at NVDSUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1117331SUSE bug 1118455SUSE bug 1129180cpe:/o:suse:sll:7CVE-2018-17966SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.
LowCVE-2018-17966 at SUSECVE-2018-17966 at NVDSUSE bug 1110746SUSE bug 1117463CVE-2018-17967SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.
LowCVE-2018-17967 at SUSECVE-2018-17967 at NVDCVE-2018-17972SUSE Liberty Linux 7
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.
LowCVE-2018-17972 at SUSECVE-2018-17972 at NVDSUSE bug 1110785cpe:/o:suse:sll:7CVE-2018-18016SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
LowCVE-2018-18016 at SUSECVE-2018-18016 at NVDSUSE bug 1111072SUSE bug 1117463CVE-2018-18024SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
LowCVE-2018-18024 at SUSECVE-2018-18024 at NVDSUSE bug 1111069SUSE bug 1117463CVE-2018-18066SUSE Liberty Linux 7
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
ImportantCVE-2018-18066 at SUSECVE-2018-18066 at NVDSUSE bug 1111123cpe:/o:suse:sll:7CVE-2018-18073SUSE Liberty Linux 7
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
ModerateCVE-2018-18073 at SUSECVE-2018-18073 at NVDSUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1117331SUSE bug 1118455cpe:/o:suse:sll:7CVE-2018-18074SUSE Liberty Linux 7
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
ModerateCVE-2018-18074 at SUSECVE-2018-18074 at NVDSUSE bug 1111622cpe:/o:suse:sll:7CVE-2018-18281SUSE Liberty Linux 7
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.
ModerateCVE-2018-18281 at SUSECVE-2018-18281 at NVDSUSE bug 1113769cpe:/o:suse:sll:7CVE-2018-18284SUSE Liberty Linux 7
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
ModerateCVE-2018-18284 at SUSECVE-2018-18284 at NVDSUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1117331SUSE bug 1118455SUSE bug 1144621cpe:/o:suse:sll:7CVE-2018-18310SUSE Liberty Linux 7
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
LowCVE-2018-18310 at SUSECVE-2018-18310 at NVDSUSE bug 1111973cpe:/o:suse:sll:7CVE-2018-18311SUSE Liberty Linux 7
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
ImportantCVE-2018-18311 at SUSECVE-2018-18311 at NVDSUSE bug 1114674SUSE bug 1132018cpe:/o:suse:sll:7CVE-2018-18356SUSE Liberty Linux 7
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2018-18356 at SUSECVE-2018-18356 at NVDSUSE bug 1118529SUSE bug 1125330SUSE bug 1125396cpe:/o:suse:sll:7CVE-2018-18384SUSE Liberty Linux 7
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
LowCVE-2018-18384 at SUSECVE-2018-18384 at NVDSUSE bug 1110194SUSE bug 1148898SUSE bug 1153715cpe:/o:suse:sll:7CVE-2018-18397SUSE Liberty Linux 7
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.
ModerateCVE-2018-18397 at SUSECVE-2018-18397 at NVDSUSE bug 1117656SUSE bug 1171522cpe:/o:suse:sll:7CVE-2018-18445SUSE Liberty Linux 7
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
LowCVE-2018-18445 at SUSECVE-2018-18445 at NVDSUSE bug 1112372cpe:/o:suse:sll:7CVE-2018-18492SUSE Liberty Linux 7
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
ModerateCVE-2018-18492 at SUSECVE-2018-18492 at NVDSUSE bug 1112111SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-18493SUSE Liberty Linux 7
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
ModerateCVE-2018-18493 at SUSECVE-2018-18493 at NVDSUSE bug 1112111SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-18494SUSE Liberty Linux 7
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
ModerateCVE-2018-18494 at SUSECVE-2018-18494 at NVDSUSE bug 1112111SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-18498SUSE Liberty Linux 7
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
ModerateCVE-2018-18498 at SUSECVE-2018-18498 at NVDSUSE bug 1112111SUSE bug 1119105SUSE bug 1121207cpe:/o:suse:sll:7CVE-2018-18500SUSE Liberty Linux 7
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
ModerateCVE-2018-18500 at SUSECVE-2018-18500 at NVDSUSE bug 1122983SUSE bug 986639cpe:/o:suse:sll:7CVE-2018-18501SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
ModerateCVE-2018-18501 at SUSECVE-2018-18501 at NVDSUSE bug 1122983SUSE bug 986639cpe:/o:suse:sll:7CVE-2018-18505SUSE Liberty Linux 7
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
ModerateCVE-2018-18505 at SUSECVE-2018-18505 at NVDSUSE bug 1122983SUSE bug 986639cpe:/o:suse:sll:7CVE-2018-18506SUSE Liberty Linux 7
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.
ModerateCVE-2018-18506 at SUSECVE-2018-18506 at NVDSUSE bug 1122983SUSE bug 1129821SUSE bug 986639cpe:/o:suse:sll:7CVE-2018-18511SUSE Liberty Linux 7
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.
ModerateCVE-2018-18511 at SUSECVE-2018-18511 at NVDSUSE bug 1125330SUSE bug 1125396SUSE bug 1135824cpe:/o:suse:sll:7CVE-2018-18520SUSE Liberty Linux 7
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
LowCVE-2018-18520 at SUSECVE-2018-18520 at NVDSUSE bug 1112726cpe:/o:suse:sll:7CVE-2018-18521SUSE Liberty Linux 7
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
LowCVE-2018-18521 at SUSECVE-2018-18521 at NVDSUSE bug 1112723cpe:/o:suse:sll:7CVE-2018-18544SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
LowCVE-2018-18544 at SUSECVE-2018-18544 at NVDSUSE bug 1113064cpe:/o:suse:sll:7CVE-2018-18557SUSE Liberty Linux 7
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
ModerateCVE-2018-18557 at SUSECVE-2018-18557 at NVDSUSE bug 1113094cpe:/o:suse:sll:7CVE-2018-18559SUSE Liberty Linux 7
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
ImportantCVE-2018-18559 at SUSECVE-2018-18559 at NVDSUSE bug 1112859SUSE bug 1112921cpe:/o:suse:sll:7CVE-2018-18584SUSE Liberty Linux 7
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.
ModerateCVE-2018-18584 at SUSECVE-2018-18584 at NVDSUSE bug 1113038SUSE bug 1113039cpe:/o:suse:sll:7CVE-2018-18585SUSE Liberty Linux 7
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
ModerateCVE-2018-18585 at SUSECVE-2018-18585 at NVDSUSE bug 1113038SUSE bug 1113039cpe:/o:suse:sll:7CVE-2018-18661SUSE Liberty Linux 7
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.
LowCVE-2018-18661 at SUSECVE-2018-18661 at NVDSUSE bug 1113672cpe:/o:suse:sll:7CVE-2018-18751SUSE Liberty Linux 7
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
ModerateCVE-2018-18751 at SUSECVE-2018-18751 at NVDSUSE bug 1113719cpe:/o:suse:sll:7CVE-2018-18897SUSE Liberty Linux 7
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
LowCVE-2018-18897 at SUSECVE-2018-18897 at NVDSUSE bug 1114966cpe:/o:suse:sll:7CVE-2018-18915SUSE Liberty Linux 7
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.
LowCVE-2018-18915 at SUSECVE-2018-18915 at NVDSUSE bug 1114690cpe:/o:suse:sll:7CVE-2018-19044SUSE Liberty Linux 7
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.
ImportantCVE-2018-19044 at SUSECVE-2018-19044 at NVDSUSE bug 1015141cpe:/o:suse:sll:7CVE-2018-19058SUSE Liberty Linux 7
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
LowCVE-2018-19058 at SUSECVE-2018-19058 at NVDSUSE bug 1115187cpe:/o:suse:sll:7CVE-2018-19059SUSE Liberty Linux 7
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
LowCVE-2018-19059 at SUSECVE-2018-19059 at NVDSUSE bug 1115186cpe:/o:suse:sll:7CVE-2018-19060SUSE Liberty Linux 7
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
LowCVE-2018-19060 at SUSECVE-2018-19060 at NVDSUSE bug 1115185cpe:/o:suse:sll:7CVE-2018-19107SUSE Liberty Linux 7
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
LowCVE-2018-19107 at SUSECVE-2018-19107 at NVDSUSE bug 1115374cpe:/o:suse:sll:7CVE-2018-19108SUSE Liberty Linux 7
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
LowCVE-2018-19108 at SUSECVE-2018-19108 at NVDSUSE bug 1115364cpe:/o:suse:sll:7CVE-2018-19115SUSE Liberty Linux 7
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
ImportantCVE-2018-19115 at SUSECVE-2018-19115 at NVDSUSE bug 1015141cpe:/o:suse:sll:7CVE-2018-19134SUSE Liberty Linux 7
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
ImportantCVE-2018-19134 at SUSECVE-2018-19134 at NVDSUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1118455cpe:/o:suse:sll:7CVE-2018-19149SUSE Liberty Linux 7
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
LowCVE-2018-19149 at SUSECVE-2018-19149 at NVDSUSE bug 1115626cpe:/o:suse:sll:7CVE-2018-19198SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
CriticalCVE-2018-19198 at SUSECVE-2018-19198 at NVDSUSE bug 1115722cpe:/o:suse:sll:7CVE-2018-19199SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
CriticalCVE-2018-19199 at SUSECVE-2018-19199 at NVDSUSE bug 1115723cpe:/o:suse:sll:7CVE-2018-19208SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
ModerateCVE-2018-19208 at SUSECVE-2018-19208 at NVDSUSE bug 1115713cpe:/o:suse:sll:7CVE-2018-19409SUSE Liberty Linux 7
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
LowCVE-2018-19409 at SUSECVE-2018-19409 at NVDSUSE bug 1108027SUSE bug 1109105SUSE bug 1111479SUSE bug 1111480SUSE bug 1112229SUSE bug 1117022SUSE bug 1117331SUSE bug 1118455cpe:/o:suse:sll:7CVE-2018-19475SUSE Liberty Linux 7
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
ModerateCVE-2018-19475 at SUSECVE-2018-19475 at NVDSUSE bug 1117327SUSE bug 1117331cpe:/o:suse:sll:7CVE-2018-19476SUSE Liberty Linux 7
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
LowCVE-2018-19476 at SUSECVE-2018-19476 at NVDSUSE bug 1117313SUSE bug 1117331cpe:/o:suse:sll:7CVE-2018-19477SUSE Liberty Linux 7
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
LowCVE-2018-19477 at SUSECVE-2018-19477 at NVDSUSE bug 1117274SUSE bug 1117331cpe:/o:suse:sll:7CVE-2018-19519SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
ModerateCVE-2018-19519 at SUSECVE-2018-19519 at NVDSUSE bug 1117267cpe:/o:suse:sll:7CVE-2018-19535SUSE Liberty Linux 7
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
ModerateCVE-2018-19535 at SUSECVE-2018-19535 at NVDSUSE bug 1117291cpe:/o:suse:sll:7CVE-2018-19607SUSE Liberty Linux 7
Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
LowCVE-2018-19607 at SUSECVE-2018-19607 at NVDSUSE bug 1117513cpe:/o:suse:sll:7CVE-2018-19622SUSE Liberty Linux 7
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
ModerateCVE-2018-19622 at SUSECVE-2018-19622 at NVDSUSE bug 1117740cpe:/o:suse:sll:7CVE-2018-19662SUSE Liberty Linux 7
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
ImportantCVE-2018-19662 at SUSECVE-2018-19662 at NVDSUSE bug 1117925cpe:/o:suse:sll:7CVE-2018-19788SUSE Liberty Linux 7
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
ModerateCVE-2018-19788 at SUSECVE-2018-19788 at NVDSUSE bug 1118274SUSE bug 1118277SUSE bug 1119056SUSE bug 1126909cpe:/o:suse:sll:7CVE-2018-19869SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
LowCVE-2018-19869 at SUSECVE-2018-19869 at NVDSUSE bug 1118599cpe:/o:suse:sll:7CVE-2018-19870SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
LowCVE-2018-19870 at SUSECVE-2018-19870 at NVDSUSE bug 1118597cpe:/o:suse:sll:7CVE-2018-19871SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
LowCVE-2018-19871 at SUSECVE-2018-19871 at NVDSUSE bug 1118598cpe:/o:suse:sll:7CVE-2018-19872SUSE Liberty Linux 7
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
ModerateCVE-2018-19872 at SUSECVE-2018-19872 at NVDSUSE bug 1130246cpe:/o:suse:sll:7CVE-2018-19873SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
LowCVE-2018-19873 at SUSECVE-2018-19873 at NVDSUSE bug 1118596SUSE bug 1126909cpe:/o:suse:sll:7CVE-2018-19985SUSE Liberty Linux 7
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.
ModerateCVE-2018-19985 at SUSECVE-2018-19985 at NVDSUSE bug 1120743cpe:/o:suse:sll:7CVE-2018-20060SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
ModerateCVE-2018-20060 at SUSECVE-2018-20060 at NVDSUSE bug 1119376SUSE bug 1216275cpe:/o:suse:sll:7CVE-2018-20096SUSE Liberty Linux 7
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
LowCVE-2018-20096 at SUSECVE-2018-20096 at NVDSUSE bug 1119513cpe:/o:suse:sll:7CVE-2018-20097SUSE Liberty Linux 7
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
ModerateCVE-2018-20097 at SUSECVE-2018-20097 at NVDSUSE bug 1119562cpe:/o:suse:sll:7CVE-2018-20098SUSE Liberty Linux 7
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
ModerateCVE-2018-20098 at SUSECVE-2018-20098 at NVDSUSE bug 1119560cpe:/o:suse:sll:7CVE-2018-20099SUSE Liberty Linux 7
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
ModerateCVE-2018-20099 at SUSECVE-2018-20099 at NVDSUSE bug 1119559cpe:/o:suse:sll:7CVE-2018-20169SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
ModerateCVE-2018-20169 at SUSECVE-2018-20169 at NVDSUSE bug 1119714cpe:/o:suse:sll:7CVE-2018-20467SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
LowCVE-2018-20467 at SUSECVE-2018-20467 at NVDSUSE bug 1120381cpe:/o:suse:sll:7CVE-2018-20481SUSE Liberty Linux 7
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
LowCVE-2018-20481 at SUSECVE-2018-20481 at NVDSUSE bug 1120495cpe:/o:suse:sll:7CVE-2018-20532SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDSUSE bug 1120629cpe:/o:suse:sll:7CVE-2018-20533SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
ModerateCVE-2018-20533 at SUSECVE-2018-20533 at NVDSUSE bug 1120630cpe:/o:suse:sll:7CVE-2018-20534SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application
LowCVE-2018-20534 at SUSECVE-2018-20534 at NVDSUSE bug 1120631cpe:/o:suse:sll:7CVE-2018-20650SUSE Liberty Linux 7
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
LowCVE-2018-20650 at SUSECVE-2018-20650 at NVDSUSE bug 1120939SUSE bug 1120956cpe:/o:suse:sll:7CVE-2018-20662SUSE Liberty Linux 7
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
LowCVE-2018-20662 at SUSECVE-2018-20662 at NVDSUSE bug 1120939SUSE bug 1120956SUSE bug 1214622cpe:/o:suse:sll:7CVE-2018-20676SUSE Liberty Linux 7
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
ModerateCVE-2018-20676 at SUSECVE-2018-20676 at NVDcpe:/o:suse:sll:7CVE-2018-20677SUSE Liberty Linux 7
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
ModerateCVE-2018-20677 at SUSECVE-2018-20677 at NVDcpe:/o:suse:sll:7CVE-2018-20685SUSE Liberty Linux 7 LTSS
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
ModerateCVE-2018-20685 at SUSECVE-2018-20685 at NVDSUSE bug 1121571SUSE bug 1123220SUSE bug 1131109SUSE bug 1134932CVE-2018-20836SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
LowCVE-2018-20836 at SUSECVE-2018-20836 at NVDSUSE bug 1134395cpe:/o:suse:sll:7CVE-2018-20843SUSE Liberty Linux 7
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
ModerateCVE-2018-20843 at SUSECVE-2018-20843 at NVDSUSE bug 1139937cpe:/o:suse:sll:7CVE-2018-20852SUSE Liberty Linux 7
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
ModerateCVE-2018-20852 at SUSECVE-2018-20852 at NVDSUSE bug 1141853cpe:/o:suse:sll:7CVE-2018-20856SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
ImportantCVE-2018-20856 at SUSECVE-2018-20856 at NVDSUSE bug 1143048SUSE bug 1156331cpe:/o:suse:sll:7CVE-2018-20969SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CriticalCVE-2018-20969 at SUSECVE-2018-20969 at NVDSUSE bug 1146398cpe:/o:suse:sll:7CVE-2018-21009SUSE Liberty Linux 7
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
LowCVE-2018-21009 at SUSECVE-2018-21009 at NVDSUSE bug 1149635cpe:/o:suse:sll:7CVE-2018-25011SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
CriticalCVE-2018-25011 at SUSECVE-2018-25011 at NVDSUSE bug 1186247cpe:/o:suse:sll:7CVE-2018-25014SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
CriticalCVE-2018-25014 at SUSECVE-2018-25014 at NVDSUSE bug 1186250cpe:/o:suse:sll:7CVE-2018-25032SUSE Liberty Linux 7
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
ImportantCVE-2018-25032 at SUSECVE-2018-25032 at NVDSUSE bug 1197459SUSE bug 1197893SUSE bug 1198667SUSE bug 1199104SUSE bug 1200049SUSE bug 1201732SUSE bug 1202688SUSE bug 1224427cpe:/o:suse:sll:7CVE-2018-2562SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
ModerateCVE-2018-2562 at SUSECVE-2018-2562 at NVDSUSE bug 1076369SUSE bug 1078431cpe:/o:suse:sll:7CVE-2018-2579SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2018-2579 at SUSECVE-2018-2579 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2582SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).
ModerateCVE-2018-2582 at SUSECVE-2018-2582 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2588SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2018-2588 at SUSECVE-2018-2588 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2599SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
ModerateCVE-2018-2599 at SUSECVE-2018-2599 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2602SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
ModerateCVE-2018-2602 at SUSECVE-2018-2602 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2603SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2603 at SUSECVE-2018-2603 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2618SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2018-2618 at SUSECVE-2018-2618 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2622SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2622 at SUSECVE-2018-2622 at NVDSUSE bug 1076369SUSE bug 1078431cpe:/o:suse:sll:7CVE-2018-2629SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
ModerateCVE-2018-2629 at SUSECVE-2018-2629 at NVDSUSE bug 1076366cpe:/o:suse:sll:7CVE-2018-2633SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2018-2633 at SUSECVE-2018-2633 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2634SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2018-2634 at SUSECVE-2018-2634 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2637SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
ModerateCVE-2018-2637 at SUSECVE-2018-2637 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2640SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2640 at SUSECVE-2018-2640 at NVDSUSE bug 1076369SUSE bug 1078431cpe:/o:suse:sll:7CVE-2018-2641SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).
ModerateCVE-2018-2641 at SUSECVE-2018-2641 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2663SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2663 at SUSECVE-2018-2663 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2665SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2665 at SUSECVE-2018-2665 at NVDSUSE bug 1076369SUSE bug 1078431cpe:/o:suse:sll:7CVE-2018-2668SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2668 at SUSECVE-2018-2668 at NVDSUSE bug 1076369SUSE bug 1078431cpe:/o:suse:sll:7CVE-2018-2677SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2677 at SUSECVE-2018-2677 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2678SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2678 at SUSECVE-2018-2678 at NVDSUSE bug 1076366SUSE bug 1082810cpe:/o:suse:sll:7CVE-2018-2755SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2018-2755 at SUSECVE-2018-2755 at NVDSUSE bug 1089987SUSE bug 1090518cpe:/o:suse:sll:7CVE-2018-2761SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2761 at SUSECVE-2018-2761 at NVDSUSE bug 1089987SUSE bug 1090518cpe:/o:suse:sll:7CVE-2018-2767SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2018-2767 at SUSECVE-2018-2767 at NVDSUSE bug 1088681SUSE bug 1101675cpe:/o:suse:sll:7CVE-2018-2771SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2771 at SUSECVE-2018-2771 at NVDSUSE bug 1089987SUSE bug 1090518cpe:/o:suse:sll:7CVE-2018-2781SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2781 at SUSECVE-2018-2781 at NVDSUSE bug 1089987SUSE bug 1090518cpe:/o:suse:sll:7CVE-2018-2790SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
ModerateCVE-2018-2790 at SUSECVE-2018-2790 at NVDSUSE bug 1090023SUSE bug 1093311SUSE bug 1101637cpe:/o:suse:sll:7CVE-2018-2794SUSE Liberty Linux 7
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2018-2794 at SUSECVE-2018-2794 at NVDSUSE bug 1090024SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2795SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2795 at SUSECVE-2018-2795 at NVDSUSE bug 1090025SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2796SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2796 at SUSECVE-2018-2796 at NVDSUSE bug 1090026SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2797SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2797 at SUSECVE-2018-2797 at NVDSUSE bug 1090027SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2798SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2798 at SUSECVE-2018-2798 at NVDSUSE bug 1090028SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2799SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2799 at SUSECVE-2018-2799 at NVDSUSE bug 1090029SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2800SUSE Liberty Linux 7
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
ModerateCVE-2018-2800 at SUSECVE-2018-2800 at NVDSUSE bug 1090030SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2813SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2018-2813 at SUSECVE-2018-2813 at NVDSUSE bug 1089987SUSE bug 1090518cpe:/o:suse:sll:7CVE-2018-2814SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2018-2814 at SUSECVE-2018-2814 at NVDSUSE bug 1090032SUSE bug 1093311cpe:/o:suse:sll:7CVE-2018-2815SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-2815 at SUSECVE-2018-2815 at NVDSUSE bug 1090033cpe:/o:suse:sll:7CVE-2018-2817SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2817 at SUSECVE-2018-2817 at NVDSUSE bug 1089987SUSE bug 1090518cpe:/o:suse:sll:7CVE-2018-2819SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-2819 at SUSECVE-2018-2819 at NVDSUSE bug 1089987SUSE bug 1090518cpe:/o:suse:sll:7CVE-2018-2952SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2018-2952 at SUSECVE-2018-2952 at NVDSUSE bug 1101645SUSE bug 1101651SUSE bug 1101656cpe:/o:suse:sll:7CVE-2018-3058SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2018-3058 at SUSECVE-2018-3058 at NVDSUSE bug 1101676SUSE bug 1116686cpe:/o:suse:sll:7CVE-2018-3063SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-3063 at SUSECVE-2018-3063 at NVDSUSE bug 1101677SUSE bug 1116686cpe:/o:suse:sll:7CVE-2018-3066SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).
LowCVE-2018-3066 at SUSECVE-2018-3066 at NVDSUSE bug 1101678SUSE bug 1116686cpe:/o:suse:sll:7CVE-2018-3081SUSE Liberty Linux 7
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).
ModerateCVE-2018-3081 at SUSECVE-2018-3081 at NVDSUSE bug 1101680cpe:/o:suse:sll:7CVE-2018-3136SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).
ModerateCVE-2018-3136 at SUSECVE-2018-3136 at NVDSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112148SUSE bug 1112152SUSE bug 1116574cpe:/o:suse:sll:7CVE-2018-3139SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
ModerateCVE-2018-3139 at SUSECVE-2018-3139 at NVDSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112148SUSE bug 1112152SUSE bug 1116574cpe:/o:suse:sll:7CVE-2018-3149SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2018-3149 at SUSECVE-2018-3149 at NVDSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112148SUSE bug 1112152SUSE bug 1116574cpe:/o:suse:sll:7CVE-2018-3150SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2018-3150 at SUSECVE-2018-3150 at NVDSUSE bug 1112145cpe:/o:suse:sll:7CVE-2018-3169SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ModerateCVE-2018-3169 at SUSECVE-2018-3169 at NVDSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112148SUSE bug 1112152SUSE bug 1116574cpe:/o:suse:sll:7CVE-2018-3180SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
ModerateCVE-2018-3180 at SUSECVE-2018-3180 at NVDSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112147SUSE bug 1112148SUSE bug 1112152SUSE bug 1116574cpe:/o:suse:sll:7CVE-2018-3183SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
CriticalCVE-2018-3183 at SUSECVE-2018-3183 at NVDSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112148SUSE bug 1112152SUSE bug 1116574SUSE bug 1120714cpe:/o:suse:sll:7CVE-2018-3214SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2018-3214 at SUSECVE-2018-3214 at NVDSUSE bug 1112142SUSE bug 1112143SUSE bug 1112144SUSE bug 1112146SUSE bug 1112148SUSE bug 1112152SUSE bug 1116574cpe:/o:suse:sll:7CVE-2018-3282SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2018-3282 at SUSECVE-2018-3282 at NVDSUSE bug 1112432SUSE bug 1116686cpe:/o:suse:sll:7CVE-2018-3613SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
ModerateCVE-2018-3613 at SUSECVE-2018-3613 at NVDSUSE bug 1115916cpe:/o:suse:sll:7CVE-2018-3620SUSE Liberty Linux 7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
ModerateCVE-2018-3620 at SUSECVE-2018-3620 at NVDSUSE bug 1087078SUSE bug 1087081SUSE bug 1089343SUSE bug 1090340SUSE bug 1091107SUSE bug 1099306SUSE bug 1104894SUSE bug 1136865SUSE bug 1201877cpe:/o:suse:sll:7CVE-2018-3639SUSE Liberty Linux 7
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
ModerateCVE-2018-3639 at SUSECVE-2018-3639 at NVDSUSE bug 1074701SUSE bug 1085235SUSE bug 1085308SUSE bug 1087078SUSE bug 1087082SUSE bug 1092631SUSE bug 1092885SUSE bug 1094912SUSE bug 1098813SUSE bug 1100394SUSE bug 1102640SUSE bug 1105412SUSE bug 1111963SUSE bug 1172781SUSE bug 1172782SUSE bug 1172783SUSE bug 1173489SUSE bug 1178658SUSE bug 1201877SUSE bug 1215674cpe:/o:suse:sll:7CVE-2018-3646SUSE Liberty Linux 7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
ImportantCVE-2018-3646 at SUSECVE-2018-3646 at NVDSUSE bug 1087078SUSE bug 1087081SUSE bug 1089343SUSE bug 1091107SUSE bug 1099306SUSE bug 1104365SUSE bug 1104894SUSE bug 1106548SUSE bug 1113534SUSE bug 1136865SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2018-3665SUSE Liberty Linux 7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
ModerateCVE-2018-3665 at SUSECVE-2018-3665 at NVDSUSE bug 1087078SUSE bug 1087082SUSE bug 1087086SUSE bug 1090338SUSE bug 1095241SUSE bug 1095242SUSE bug 1096740SUSE bug 1100091SUSE bug 1100555SUSE bug 1178658cpe:/o:suse:sll:7CVE-2018-3693SUSE Liberty Linux 7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
ImportantCVE-2018-3693 at SUSECVE-2018-3693 at NVDSUSE bug 1087078SUSE bug 1087084SUSE bug 1101008cpe:/o:suse:sll:7CVE-2018-4121SUSE Liberty Linux 7 LTSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
ModerateCVE-2018-4121 at SUSECVE-2018-4121 at NVDSUSE bug 1092278CVE-2018-4180SUSE Liberty Linux 7
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
ImportantCVE-2018-4180 at SUSECVE-2018-4180 at NVDSUSE bug 1096405SUSE bug 1096408cpe:/o:suse:sll:7CVE-2018-4181SUSE Liberty Linux 7
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
ModerateCVE-2018-4181 at SUSECVE-2018-4181 at NVDSUSE bug 1096406SUSE bug 1096408SUSE bug 1105281cpe:/o:suse:sll:7CVE-2018-4200SUSE Liberty Linux 7 LTSS
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
ModerateCVE-2018-4200 at SUSECVE-2018-4200 at NVDSUSE bug 1092280CVE-2018-4204SUSE Liberty Linux 7 LTSS
An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
ModerateCVE-2018-4204 at SUSECVE-2018-4204 at NVDSUSE bug 1092279CVE-2018-4700SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
ImportantCVE-2018-4700 at SUSECVE-2018-4700 at NVDSUSE bug 1115750SUSE bug 1131480cpe:/o:suse:sll:7CVE-2018-5089SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5089 at SUSECVE-2018-5089 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5091SUSE Liberty Linux 7
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.
ModerateCVE-2018-5091 at SUSECVE-2018-5091 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5095SUSE Liberty Linux 7
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5095 at SUSECVE-2018-5095 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5096SUSE Liberty Linux 7
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.
ModerateCVE-2018-5096 at SUSECVE-2018-5096 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5097SUSE Liberty Linux 7
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5097 at SUSECVE-2018-5097 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5098SUSE Liberty Linux 7
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5098 at SUSECVE-2018-5098 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5099SUSE Liberty Linux 7
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5099 at SUSECVE-2018-5099 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5102SUSE Liberty Linux 7
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5102 at SUSECVE-2018-5102 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5103SUSE Liberty Linux 7
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5103 at SUSECVE-2018-5103 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5104SUSE Liberty Linux 7
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5104 at SUSECVE-2018-5104 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5117SUSE Liberty Linux 7
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
ModerateCVE-2018-5117 at SUSECVE-2018-5117 at NVDSUSE bug 1077291cpe:/o:suse:sll:7CVE-2018-5125SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
ImportantCVE-2018-5125 at SUSECVE-2018-5125 at NVDSUSE bug 1085130cpe:/o:suse:sll:7CVE-2018-5127SUSE Liberty Linux 7
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
ImportantCVE-2018-5127 at SUSECVE-2018-5127 at NVDSUSE bug 1085130cpe:/o:suse:sll:7CVE-2018-5129SUSE Liberty Linux 7
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
ImportantCVE-2018-5129 at SUSECVE-2018-5129 at NVDSUSE bug 1085130cpe:/o:suse:sll:7CVE-2018-5130SUSE Liberty Linux 7
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
ModerateCVE-2018-5130 at SUSECVE-2018-5130 at NVDSUSE bug 1085130cpe:/o:suse:sll:7CVE-2018-5131SUSE Liberty Linux 7
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
ModerateCVE-2018-5131 at SUSECVE-2018-5131 at NVDSUSE bug 1085130cpe:/o:suse:sll:7CVE-2018-5144SUSE Liberty Linux 7
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
ModerateCVE-2018-5144 at SUSECVE-2018-5144 at NVDSUSE bug 1085130cpe:/o:suse:sll:7CVE-2018-5145SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
ModerateCVE-2018-5145 at SUSECVE-2018-5145 at NVDSUSE bug 1085130cpe:/o:suse:sll:7CVE-2018-5146SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
ModerateCVE-2018-5146 at SUSECVE-2018-5146 at NVDSUSE bug 1085671SUSE bug 1085687SUSE bug 1180395cpe:/o:suse:sll:7CVE-2018-5148SUSE Liberty Linux 7
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.
ModerateCVE-2018-5148 at SUSECVE-2018-5148 at NVDSUSE bug 1087059cpe:/o:suse:sll:7CVE-2018-5150SUSE Liberty Linux 7
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
ImportantCVE-2018-5150 at SUSECVE-2018-5150 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5154SUSE Liberty Linux 7
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
ImportantCVE-2018-5154 at SUSECVE-2018-5154 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5155SUSE Liberty Linux 7
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
ImportantCVE-2018-5155 at SUSECVE-2018-5155 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5156SUSE Liberty Linux 7
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-5156 at SUSECVE-2018-5156 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-5157SUSE Liberty Linux 7
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
ImportantCVE-2018-5157 at SUSECVE-2018-5157 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5158SUSE Liberty Linux 7
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
ImportantCVE-2018-5158 at SUSECVE-2018-5158 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5159SUSE Liberty Linux 7
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
ImportantCVE-2018-5159 at SUSECVE-2018-5159 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5161SUSE Liberty Linux 7
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
ImportantCVE-2018-5161 at SUSECVE-2018-5161 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5162SUSE Liberty Linux 7
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
ImportantCVE-2018-5162 at SUSECVE-2018-5162 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093151SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5168SUSE Liberty Linux 7
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
ImportantCVE-2018-5168 at SUSECVE-2018-5168 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5170SUSE Liberty Linux 7
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
ImportantCVE-2018-5170 at SUSECVE-2018-5170 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5178SUSE Liberty Linux 7
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
ImportantCVE-2018-5178 at SUSECVE-2018-5178 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5183SUSE Liberty Linux 7
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
ImportantCVE-2018-5183 at SUSECVE-2018-5183 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5184SUSE Liberty Linux 7
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
ImportantCVE-2018-5184 at SUSECVE-2018-5184 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093152SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5185SUSE Liberty Linux 7
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
ImportantCVE-2018-5185 at SUSECVE-2018-5185 at NVDSUSE bug 1092548SUSE bug 1092611SUSE bug 1093151SUSE bug 1093969SUSE bug 1093970SUSE bug 1093971SUSE bug 1093972SUSE bug 1093973cpe:/o:suse:sll:7CVE-2018-5188SUSE Liberty Linux 7
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
ImportantCVE-2018-5188 at SUSECVE-2018-5188 at NVDSUSE bug 1098998cpe:/o:suse:sll:7CVE-2018-5344SUSE Liberty Linux 7
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
LowCVE-2018-5344 at SUSECVE-2018-5344 at NVDSUSE bug 1075825SUSE bug 1087082cpe:/o:suse:sll:7CVE-2018-5345SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
LowCVE-2018-5345 at SUSECVE-2018-5345 at NVDSUSE bug 1075745cpe:/o:suse:sll:7CVE-2018-5379SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
CriticalCVE-2018-5379 at SUSECVE-2018-5379 at NVDSUSE bug 1079799cpe:/o:suse:sll:7CVE-2018-5383SUSE Liberty Linux 7
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
ModerateCVE-2018-5383 at SUSECVE-2018-5383 at NVDSUSE bug 1104301SUSE bug 1126909cpe:/o:suse:sll:7CVE-2018-5390SUSE Liberty Linux 7
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
ModerateCVE-2018-5390 at SUSECVE-2018-5390 at NVDSUSE bug 1087082SUSE bug 1102340SUSE bug 1102682SUSE bug 1103097SUSE bug 1103098SUSE bug 1156434cpe:/o:suse:sll:7CVE-2018-5391SUSE Liberty Linux 7
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
ModerateCVE-2018-5391 at SUSECVE-2018-5391 at NVDSUSE bug 1087082SUSE bug 1102340SUSE bug 1103097SUSE bug 1103098SUSE bug 1108654SUSE bug 1114071SUSE bug 1121102SUSE bug 1134140SUSE bug 1181460cpe:/o:suse:sll:7CVE-2018-5407SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
ModerateCVE-2018-5407 at SUSECVE-2018-5407 at NVDSUSE bug 1113534SUSE bug 1116195SUSE bug 1126909SUSE bug 1148697cpe:/o:suse:sll:7CVE-2018-5683SUSE Liberty Linux 7
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
ModerateCVE-2018-5683 at SUSECVE-2018-5683 at NVDSUSE bug 1076114SUSE bug 1076116SUSE bug 1178658cpe:/o:suse:sll:7CVE-2018-5712SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
ModerateCVE-2018-5712 at SUSECVE-2018-5712 at NVDSUSE bug 1076220SUSE bug 1076391SUSE bug 1091362cpe:/o:suse:sll:7CVE-2018-5729SUSE Liberty Linux 7
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
ModerateCVE-2018-5729 at SUSECVE-2018-5729 at NVDSUSE bug 1076211SUSE bug 1083926SUSE bug 1122468cpe:/o:suse:sll:7CVE-2018-5730SUSE Liberty Linux 7
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
ModerateCVE-2018-5730 at SUSECVE-2018-5730 at NVDSUSE bug 1076211SUSE bug 1083927SUSE bug 1122468cpe:/o:suse:sll:7CVE-2018-5732SUSE Liberty Linux 7
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
ImportantCVE-2018-5732 at SUSECVE-2018-5732 at NVDSUSE bug 1083302SUSE bug 1085417cpe:/o:suse:sll:7CVE-2018-5733SUSE Liberty Linux 7
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
ModerateCVE-2018-5733 at SUSECVE-2018-5733 at NVDSUSE bug 1083303SUSE bug 1085417cpe:/o:suse:sll:7CVE-2018-5740SUSE Liberty Linux 7
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
ImportantCVE-2018-5740 at SUSECVE-2018-5740 at NVDSUSE bug 1104129SUSE bug 1141730SUSE bug 1148887SUSE bug 1177790cpe:/o:suse:sll:7CVE-2018-5741SUSE Liberty Linux 7
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.
ModerateCVE-2018-5741 at SUSECVE-2018-5741 at NVDSUSE bug 1109160SUSE bug 1171740cpe:/o:suse:sll:7CVE-2018-5742SUSE Liberty Linux 7
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
ModerateCVE-2018-5742 at SUSECVE-2018-5742 at NVDcpe:/o:suse:sll:7CVE-2018-5743SUSE Liberty Linux 7
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
ImportantCVE-2018-5743 at SUSECVE-2018-5743 at NVDSUSE bug 1133185SUSE bug 1148887SUSE bug 1157051cpe:/o:suse:sll:7CVE-2018-5745SUSE Liberty Linux 7
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.
ModerateCVE-2018-5745 at SUSECVE-2018-5745 at NVDSUSE bug 1126068SUSE bug 1141730SUSE bug 1148887SUSE bug 1177790cpe:/o:suse:sll:7CVE-2018-5748SUSE Liberty Linux 7
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
LowCVE-2018-5748 at SUSECVE-2018-5748 at NVDSUSE bug 1076500SUSE bug 1083625SUSE bug 1087887cpe:/o:suse:sll:7CVE-2018-5750SUSE Liberty Linux 7
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
ModerateCVE-2018-5750 at SUSECVE-2018-5750 at NVDSUSE bug 1077892SUSE bug 1087082cpe:/o:suse:sll:7CVE-2018-5800SUSE Liberty Linux 7
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
LowCVE-2018-5800 at SUSECVE-2018-5800 at NVDSUSE bug 1084691cpe:/o:suse:sll:7CVE-2018-5801SUSE Liberty Linux 7
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
LowCVE-2018-5801 at SUSECVE-2018-5801 at NVDSUSE bug 1084690cpe:/o:suse:sll:7CVE-2018-5802SUSE Liberty Linux 7
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
LowCVE-2018-5802 at SUSECVE-2018-5802 at NVDSUSE bug 1084688cpe:/o:suse:sll:7CVE-2018-5803SUSE Liberty Linux 7
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
LowCVE-2018-5803 at SUSECVE-2018-5803 at NVDSUSE bug 1083900SUSE bug 1087082SUSE bug 1115893cpe:/o:suse:sll:7CVE-2018-5805SUSE Liberty Linux 7
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
ModerateCVE-2018-5805 at SUSECVE-2018-5805 at NVDSUSE bug 1097973cpe:/o:suse:sll:7CVE-2018-5806SUSE Liberty Linux 7
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
ModerateCVE-2018-5806 at SUSECVE-2018-5806 at NVDSUSE bug 1097974cpe:/o:suse:sll:7CVE-2018-5848SUSE Liberty Linux 7
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
ModerateCVE-2018-5848 at SUSECVE-2018-5848 at NVDSUSE bug 1087082SUSE bug 1097356SUSE bug 1105412SUSE bug 1115339cpe:/o:suse:sll:7CVE-2018-5950SUSE Liberty Linux 7
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
ModerateCVE-2018-5950 at SUSECVE-2018-5950 at NVDSUSE bug 1077358cpe:/o:suse:sll:7CVE-2018-6126SUSE Liberty Linux 7
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
ImportantCVE-2018-6126 at SUSECVE-2018-6126 at NVDSUSE bug 1095163SUSE bug 1096449cpe:/o:suse:sll:7CVE-2018-6485SUSE Liberty Linux 7
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
ModerateCVE-2018-6485 at SUSECVE-2018-6485 at NVDSUSE bug 1079036SUSE bug 1123874cpe:/o:suse:sll:7CVE-2018-6541SUSE Liberty Linux 7
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
ModerateCVE-2018-6541 at SUSECVE-2018-6541 at NVDSUSE bug 1079095cpe:/o:suse:sll:7CVE-2018-6560SUSE Liberty Linux 7
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
ImportantCVE-2018-6560 at SUSECVE-2018-6560 at NVDSUSE bug 1078923cpe:/o:suse:sll:7CVE-2018-6574SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
ImportantCVE-2018-6574 at SUSECVE-2018-6574 at NVDSUSE bug 1080006cpe:/o:suse:sll:7CVE-2018-6764SUSE Liberty Linux 7
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
LowCVE-2018-6764 at SUSECVE-2018-6764 at NVDSUSE bug 1080042SUSE bug 1088147cpe:/o:suse:sll:7CVE-2018-6790SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
ModerateCVE-2018-6790 at SUSECVE-2018-6790 at NVDSUSE bug 1079429cpe:/o:suse:sll:7CVE-2018-6914SUSE Liberty Linux 7
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
LowCVE-2018-6914 at SUSECVE-2018-6914 at NVDSUSE bug 1087441SUSE bug 1136906cpe:/o:suse:sll:7CVE-2018-6927SUSE Liberty Linux 7
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
ModerateCVE-2018-6927 at SUSECVE-2018-6927 at NVDSUSE bug 1080757SUSE bug 1091815cpe:/o:suse:sll:7CVE-2018-6952SUSE Liberty Linux 7
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
LowCVE-2018-6952 at SUSECVE-2018-6952 at NVDSUSE bug 1080985SUSE bug 1167721cpe:/o:suse:sll:7CVE-2018-7159SUSE Liberty Linux 7
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
LowCVE-2018-7159 at SUSECVE-2018-7159 at NVDSUSE bug 1087453cpe:/o:suse:sll:7CVE-2018-7191SUSE Liberty Linux 7
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
ModerateCVE-2018-7191 at SUSECVE-2018-7191 at NVDSUSE bug 1135603cpe:/o:suse:sll:7CVE-2018-7208SUSE Liberty Linux 7
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.
LowCVE-2018-7208 at SUSECVE-2018-7208 at NVDSUSE bug 1081527cpe:/o:suse:sll:7CVE-2018-7225SUSE Liberty Linux 7
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
ImportantCVE-2018-7225 at SUSECVE-2018-7225 at NVDSUSE bug 1081493SUSE bug 1090647cpe:/o:suse:sll:7CVE-2018-7409SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
CriticalCVE-2018-7409 at SUSECVE-2018-7409 at NVDSUSE bug 1082290cpe:/o:suse:sll:7CVE-2018-7418SUSE Liberty Linux 7
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
ModerateCVE-2018-7418 at SUSECVE-2018-7418 at NVDSUSE bug 1082692cpe:/o:suse:sll:7CVE-2018-7456SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
ModerateCVE-2018-7456 at SUSECVE-2018-7456 at NVDSUSE bug 1074317SUSE bug 1082825cpe:/o:suse:sll:7CVE-2018-7485SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CriticalCVE-2018-7485 at SUSECVE-2018-7485 at NVDSUSE bug 1082484cpe:/o:suse:sll:7CVE-2018-7549SUSE Liberty Linux 7
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
LowCVE-2018-7549 at SUSECVE-2018-7549 at NVDSUSE bug 1082991SUSE bug 1200039cpe:/o:suse:sll:7CVE-2018-7550SUSE Liberty Linux 7
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
ImportantCVE-2018-7550 at SUSECVE-2018-7550 at NVDSUSE bug 1083291SUSE bug 1083292cpe:/o:suse:sll:7CVE-2018-7566SUSE Liberty Linux 7
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
ModerateCVE-2018-7566 at SUSECVE-2018-7566 at NVDSUSE bug 1083483SUSE bug 1083488SUSE bug 1087082SUSE bug 1091815cpe:/o:suse:sll:7CVE-2018-7568SUSE Liberty Linux 7
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.
ModerateCVE-2018-7568 at SUSECVE-2018-7568 at NVDSUSE bug 1086788cpe:/o:suse:sll:7CVE-2018-7569SUSE Liberty Linux 7
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.
ModerateCVE-2018-7569 at SUSECVE-2018-7569 at NVDSUSE bug 1083532cpe:/o:suse:sll:7CVE-2018-7584SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
ModerateCVE-2018-7584 at SUSECVE-2018-7584 at NVDSUSE bug 1083639cpe:/o:suse:sll:7CVE-2018-7642SUSE Liberty Linux 7
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.
ModerateCVE-2018-7642 at SUSECVE-2018-7642 at NVDSUSE bug 1086786SUSE bug 1128518cpe:/o:suse:sll:7CVE-2018-7643SUSE Liberty Linux 7
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
ModerateCVE-2018-7643 at SUSECVE-2018-7643 at NVDSUSE bug 1086784cpe:/o:suse:sll:7CVE-2018-7725SUSE Liberty Linux 7
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
LowCVE-2018-7725 at SUSECVE-2018-7725 at NVDSUSE bug 1084519cpe:/o:suse:sll:7CVE-2018-7726SUSE Liberty Linux 7
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
LowCVE-2018-7726 at SUSECVE-2018-7726 at NVDSUSE bug 1084517cpe:/o:suse:sll:7CVE-2018-7727SUSE Liberty Linux 7
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
LowCVE-2018-7727 at SUSECVE-2018-7727 at NVDSUSE bug 1084515cpe:/o:suse:sll:7CVE-2018-7730SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.
LowCVE-2018-7730 at SUSECVE-2018-7730 at NVDSUSE bug 1085295SUSE bug 1085585SUSE bug 1103718cpe:/o:suse:sll:7CVE-2018-7740SUSE Liberty Linux 7
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
ModerateCVE-2018-7740 at SUSECVE-2018-7740 at NVDSUSE bug 1084353cpe:/o:suse:sll:7CVE-2018-7755SUSE Liberty Linux 7
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
LowCVE-2018-7755 at SUSECVE-2018-7755 at NVDSUSE bug 1084513cpe:/o:suse:sll:7CVE-2018-7757SUSE Liberty Linux 7
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
ModerateCVE-2018-7757 at SUSECVE-2018-7757 at NVDSUSE bug 1084536SUSE bug 1087082SUSE bug 1087209SUSE bug 1091815cpe:/o:suse:sll:7CVE-2018-7858SUSE Liberty Linux 7
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
ModerateCVE-2018-7858 at SUSECVE-2018-7858 at NVDSUSE bug 1084604cpe:/o:suse:sll:7CVE-2018-8014SUSE Liberty Linux 7
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
LowCVE-2018-8014 at SUSECVE-2018-8014 at NVDSUSE bug 1093697cpe:/o:suse:sll:7CVE-2018-8034SUSE Liberty Linux 7
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
ModerateCVE-2018-8034 at SUSECVE-2018-8034 at NVDSUSE bug 1102379cpe:/o:suse:sll:7CVE-2018-8087SUSE Liberty Linux 7
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
ModerateCVE-2018-8087 at SUSECVE-2018-8087 at NVDSUSE bug 1085053cpe:/o:suse:sll:7CVE-2018-8088SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
ImportantCVE-2018-8088 at SUSECVE-2018-8088 at NVDSUSE bug 1085970cpe:/o:suse:sll:7CVE-2018-8777SUSE Liberty Linux 7
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
ImportantCVE-2018-8777 at SUSECVE-2018-8777 at NVDSUSE bug 1087436SUSE bug 1136906cpe:/o:suse:sll:7CVE-2018-8778SUSE Liberty Linux 7
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
ModerateCVE-2018-8778 at SUSECVE-2018-8778 at NVDSUSE bug 1087433SUSE bug 1136906cpe:/o:suse:sll:7CVE-2018-8779SUSE Liberty Linux 7
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
LowCVE-2018-8779 at SUSECVE-2018-8779 at NVDSUSE bug 1087440SUSE bug 1136906cpe:/o:suse:sll:7CVE-2018-8780SUSE Liberty Linux 7
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
LowCVE-2018-8780 at SUSECVE-2018-8780 at NVDSUSE bug 1087437SUSE bug 1136906cpe:/o:suse:sll:7CVE-2018-8781SUSE Liberty Linux 7
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
ModerateCVE-2018-8781 at SUSECVE-2018-8781 at NVDSUSE bug 1087082SUSE bug 1090643SUSE bug 1090646cpe:/o:suse:sll:7CVE-2018-8786SUSE Liberty Linux 7
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
ImportantCVE-2018-8786 at SUSECVE-2018-8786 at NVDSUSE bug 1116708SUSE bug 1117963SUSE bug 1117966SUSE bug 1131873cpe:/o:suse:sll:7CVE-2018-8787SUSE Liberty Linux 7
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
ImportantCVE-2018-8787 at SUSECVE-2018-8787 at NVDSUSE bug 1116708SUSE bug 1117963SUSE bug 1117964SUSE bug 1131873cpe:/o:suse:sll:7CVE-2018-8788SUSE Liberty Linux 7
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
ImportantCVE-2018-8788 at SUSECVE-2018-8788 at NVDSUSE bug 1116708SUSE bug 1117963SUSE bug 1131873cpe:/o:suse:sll:7CVE-2018-8804SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
LowCVE-2018-8804 at SUSECVE-2018-8804 at NVDSUSE bug 1086011cpe:/o:suse:sll:7CVE-2018-8897SUSE Liberty Linux 7
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
ImportantCVE-2018-8897 at SUSECVE-2018-8897 at NVDSUSE bug 1087078SUSE bug 1087088SUSE bug 1090368SUSE bug 1090820SUSE bug 1090869SUSE bug 1092497SUSE bug 1093522SUSE bug 1093524SUSE bug 1098813SUSE bug 1100835SUSE bug 1115893SUSE bug 1178658cpe:/o:suse:sll:7CVE-2018-8905SUSE Liberty Linux 7
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
ModerateCVE-2018-8905 at SUSECVE-2018-8905 at NVDSUSE bug 1086408cpe:/o:suse:sll:7CVE-2018-8945SUSE Liberty Linux 7
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
LowCVE-2018-8945 at SUSECVE-2018-8945 at NVDSUSE bug 1086608cpe:/o:suse:sll:7CVE-2018-8976SUSE Liberty Linux 7
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
LowCVE-2018-8976 at SUSECVE-2018-8976 at NVDSUSE bug 1086810cpe:/o:suse:sll:7CVE-2018-8977SUSE Liberty Linux 7
In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.
LowCVE-2018-8977 at SUSECVE-2018-8977 at NVDSUSE bug 1086798cpe:/o:suse:sll:7CVE-2018-9133SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
ModerateCVE-2018-9133 at SUSECVE-2018-9133 at NVDSUSE bug 1087820cpe:/o:suse:sll:7CVE-2018-9305SUSE Liberty Linux 7
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
LowCVE-2018-9305 at SUSECVE-2018-9305 at NVDSUSE bug 1088424cpe:/o:suse:sll:7CVE-2018-9363SUSE Liberty Linux 7
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.
ImportantCVE-2018-9363 at SUSECVE-2018-9363 at NVDSUSE bug 1087082SUSE bug 1105292SUSE bug 1105293cpe:/o:suse:sll:7CVE-2018-9516SUSE Liberty Linux 7
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.
LowCVE-2018-9516 at SUSECVE-2018-9516 at NVDSUSE bug 1108498SUSE bug 1123161cpe:/o:suse:sll:7CVE-2018-9517SUSE Liberty Linux 7
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
LowCVE-2018-9517 at SUSECVE-2018-9517 at NVDSUSE bug 1108488cpe:/o:suse:sll:7CVE-2018-9568SUSE Liberty Linux 7
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
ModerateCVE-2018-9568 at SUSECVE-2018-9568 at NVDSUSE bug 1118319SUSE bug 1118320cpe:/o:suse:sll:7CVE-2019-0154SUSE Liberty Linux 7
Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.
ImportantCVE-2019-0154 at SUSECVE-2019-0154 at NVDSUSE bug 1135966SUSE bug 1181720cpe:/o:suse:sll:7CVE-2019-0155SUSE Liberty Linux 7
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
ImportantCVE-2019-0155 at SUSECVE-2019-0155 at NVDSUSE bug 1135966SUSE bug 1135967SUSE bug 1173663cpe:/o:suse:sll:7CVE-2019-0160SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
ModerateCVE-2019-0160 at SUSECVE-2019-0160 at NVDSUSE bug 1130267cpe:/o:suse:sll:7CVE-2019-0161SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
ModerateCVE-2019-0161 at SUSECVE-2019-0161 at NVDSUSE bug 1131361cpe:/o:suse:sll:7CVE-2019-0217SUSE Liberty Linux 7
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
ModerateCVE-2019-0217 at SUSECVE-2019-0217 at NVDSUSE bug 1131239cpe:/o:suse:sll:7CVE-2019-0220SUSE Liberty Linux 7
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
ModerateCVE-2019-0220 at SUSECVE-2019-0220 at NVDSUSE bug 1131241cpe:/o:suse:sll:7CVE-2019-0816SUSE Liberty Linux 7
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
ModerateCVE-2019-0816 at SUSECVE-2019-0816 at NVDSUSE bug 1129124cpe:/o:suse:sll:7CVE-2019-1000019SUSE Liberty Linux 7
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.
LowCVE-2019-1000019 at SUSECVE-2019-1000019 at NVDSUSE bug 1124341cpe:/o:suse:sll:7CVE-2019-1000020SUSE Liberty Linux 7
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
LowCVE-2019-1000020 at SUSECVE-2019-1000020 at NVDSUSE bug 1124342cpe:/o:suse:sll:7CVE-2019-10063SUSE Liberty Linux 7
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.
ImportantCVE-2019-10063 at SUSECVE-2019-10063 at NVDSUSE bug 1130637SUSE bug 1133041SUSE bug 1133043cpe:/o:suse:sll:7CVE-2019-10086SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
ImportantCVE-2019-10086 at SUSECVE-2019-10086 at NVDSUSE bug 1146657cpe:/o:suse:sll:7CVE-2019-10098SUSE Liberty Linux 7
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
LowCVE-2019-10098 at SUSECVE-2019-10098 at NVDSUSE bug 1145738SUSE bug 1168407cpe:/o:suse:sll:7CVE-2019-1010238SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
ImportantCVE-2019-1010238 at SUSECVE-2019-1010238 at NVDSUSE bug 1142332cpe:/o:suse:sll:7CVE-2019-1010305SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.
LowCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDSUSE bug 1141680cpe:/o:suse:sll:7CVE-2019-10126SUSE Liberty Linux 7
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
ImportantCVE-2019-10126 at SUSECVE-2019-10126 at NVDSUSE bug 1136935SUSE bug 1137944SUSE bug 1142129SUSE bug 1156330cpe:/o:suse:sll:7CVE-2019-10131SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
ModerateCVE-2019-10131 at SUSECVE-2019-10131 at NVDSUSE bug 1134075cpe:/o:suse:sll:7CVE-2019-10132SUSE Liberty Linux 7
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
ImportantCVE-2019-10132 at SUSECVE-2019-10132 at NVDSUSE bug 1134348cpe:/o:suse:sll:7CVE-2019-10143SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
ModerateCVE-2019-10143 at SUSECVE-2019-10143 at NVDSUSE bug 1136195cpe:/o:suse:sll:7CVE-2019-10146SUSE Liberty Linux 7
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
ModerateCVE-2019-10146 at SUSECVE-2019-10146 at NVDcpe:/o:suse:sll:7CVE-2019-10153SUSE Liberty Linux 7
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
ModerateCVE-2019-10153 at SUSECVE-2019-10153 at NVDSUSE bug 1137314cpe:/o:suse:sll:7CVE-2019-10160SUSE Liberty Linux 7
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
ImportantCVE-2019-10160 at SUSECVE-2019-10160 at NVDSUSE bug 1138459cpe:/o:suse:sll:7CVE-2019-10161SUSE Liberty Linux 7
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
ImportantCVE-2019-10161 at SUSECVE-2019-10161 at NVDSUSE bug 1138301cpe:/o:suse:sll:7CVE-2019-10166SUSE Liberty Linux 7
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
ImportantCVE-2019-10166 at SUSECVE-2019-10166 at NVDSUSE bug 1138302cpe:/o:suse:sll:7CVE-2019-10167SUSE Liberty Linux 7
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
ImportantCVE-2019-10167 at SUSECVE-2019-10167 at NVDSUSE bug 1138303cpe:/o:suse:sll:7CVE-2019-10168SUSE Liberty Linux 7
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
ImportantCVE-2019-10168 at SUSECVE-2019-10168 at NVDSUSE bug 1138305SUSE bug 1138582cpe:/o:suse:sll:7CVE-2019-10179SUSE Liberty Linux 7
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
ModerateCVE-2019-10179 at SUSECVE-2019-10179 at NVDcpe:/o:suse:sll:7CVE-2019-10181SUSE Liberty Linux 7
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
ImportantCVE-2019-10181 at SUSECVE-2019-10181 at NVDSUSE bug 1142835cpe:/o:suse:sll:7CVE-2019-10182SUSE Liberty Linux 7
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
ModerateCVE-2019-10182 at SUSECVE-2019-10182 at NVDSUSE bug 1142825cpe:/o:suse:sll:7CVE-2019-10185SUSE Liberty Linux 7
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
ImportantCVE-2019-10185 at SUSECVE-2019-10185 at NVDSUSE bug 1142832cpe:/o:suse:sll:7CVE-2019-10195SUSE Liberty Linux 7
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.
ModerateCVE-2019-10195 at SUSECVE-2019-10195 at NVDcpe:/o:suse:sll:7CVE-2019-10197SUSE Liberty Linux 7
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
ImportantCVE-2019-10197 at SUSECVE-2019-10197 at NVDSUSE bug 1141267cpe:/o:suse:sll:7CVE-2019-10207SUSE Liberty Linux 7
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
LowCVE-2019-10207 at SUSECVE-2019-10207 at NVDSUSE bug 1123959SUSE bug 1142857cpe:/o:suse:sll:7CVE-2019-10208SUSE Liberty Linux 7
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
ModerateCVE-2019-10208 at SUSECVE-2019-10208 at NVDSUSE bug 1145092SUSE bug 1171566cpe:/o:suse:sll:7CVE-2019-10216SUSE Liberty Linux 7
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
ModerateCVE-2019-10216 at SUSECVE-2019-10216 at NVDSUSE bug 1144621SUSE bug 1146882SUSE bug 1146884cpe:/o:suse:sll:7CVE-2019-10218SUSE Liberty Linux 7
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.
ModerateCVE-2019-10218 at SUSECVE-2019-10218 at NVDSUSE bug 1144902SUSE bug 1144903cpe:/o:suse:sll:7CVE-2019-10221SUSE Liberty Linux 7
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
ModerateCVE-2019-10221 at SUSECVE-2019-10221 at NVDcpe:/o:suse:sll:7CVE-2019-10638SUSE Liberty Linux 7
In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
ModerateCVE-2019-10638 at SUSECVE-2019-10638 at NVDSUSE bug 1140575SUSE bug 1140577SUSE bug 1142129cpe:/o:suse:sll:7CVE-2019-10639SUSE Liberty Linux 7
The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.
ModerateCVE-2019-10639 at SUSECVE-2019-10639 at NVDSUSE bug 1140577cpe:/o:suse:sll:7CVE-2019-10650SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
ModerateCVE-2019-10650 at SUSECVE-2019-10650 at NVDSUSE bug 1131317cpe:/o:suse:sll:7CVE-2019-10871SUSE Liberty Linux 7
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
ModerateCVE-2019-10871 at SUSECVE-2019-10871 at NVDSUSE bug 1131696cpe:/o:suse:sll:7CVE-2019-11043SUSE Liberty Linux 7
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
ModerateCVE-2019-11043 at SUSECVE-2019-11043 at NVDSUSE bug 1154999cpe:/o:suse:sll:7CVE-2019-11068SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
ModerateCVE-2019-11068 at SUSECVE-2019-11068 at NVDSUSE bug 1132160SUSE bug 1154212cpe:/o:suse:sll:7CVE-2019-11070SUSE Liberty Linux 7
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
ModerateCVE-2019-11070 at SUSECVE-2019-11070 at NVDSUSE bug 1132196SUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-11085SUSE Liberty Linux 7
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
ModerateCVE-2019-11085 at SUSECVE-2019-11085 at NVDSUSE bug 1135278SUSE bug 1135280cpe:/o:suse:sll:7CVE-2019-11091SUSE Liberty Linux 7
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
ModerateCVE-2019-11091 at SUSECVE-2019-11091 at NVDSUSE bug 1103186SUSE bug 1111331SUSE bug 1132686SUSE bug 1133319SUSE bug 1135394SUSE bug 1138043SUSE bug 1138534SUSE bug 1141977SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2019-11135SUSE Liberty Linux 7
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
ModerateCVE-2019-11135 at SUSECVE-2019-11135 at NVDSUSE bug 1139073SUSE bug 1152497SUSE bug 1152505SUSE bug 1152506SUSE bug 1160120SUSE bug 1201877cpe:/o:suse:sll:7CVE-2019-11190SUSE Liberty Linux 7
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.
CVE-2019-11190 at SUSECVE-2019-11190 at NVDSUSE bug 1131543SUSE bug 1132374SUSE bug 1132472cpe:/o:suse:sll:7CVE-2019-11234SUSE Liberty Linux 7
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
ModerateCVE-2019-11234 at SUSECVE-2019-11234 at NVDSUSE bug 1132664cpe:/o:suse:sll:7CVE-2019-11235SUSE Liberty Linux 7
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
ImportantCVE-2019-11235 at SUSECVE-2019-11235 at NVDSUSE bug 1132549SUSE bug 1132664SUSE bug 1144524cpe:/o:suse:sll:7CVE-2019-11236SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
LowCVE-2019-11236 at SUSECVE-2019-11236 at NVDSUSE bug 1129071SUSE bug 1132663cpe:/o:suse:sll:7CVE-2019-1125SUSE Liberty Linux 7
Unknown.
ModerateCVE-2019-1125 at SUSECVE-2019-1125 at NVDSUSE bug 1139358cpe:/o:suse:sll:7CVE-2019-11324SUSE Liberty Linux 7
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
LowCVE-2019-11324 at SUSECVE-2019-11324 at NVDSUSE bug 1132900cpe:/o:suse:sll:7CVE-2019-11358SUSE Liberty Linux 7
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
ModerateCVE-2019-11358 at SUSECVE-2019-11358 at NVDcpe:/o:suse:sll:7CVE-2019-11459SUSE Liberty Linux 7
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.
ModerateCVE-2019-11459 at SUSECVE-2019-11459 at NVDSUSE bug 1133037cpe:/o:suse:sll:7CVE-2019-11470SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
ModerateCVE-2019-11470 at SUSECVE-2019-11470 at NVDSUSE bug 1133205cpe:/o:suse:sll:7CVE-2019-11472SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
ModerateCVE-2019-11472 at SUSECVE-2019-11472 at NVDSUSE bug 1133202SUSE bug 1133203SUSE bug 1133204SUSE bug 1146213cpe:/o:suse:sll:7CVE-2019-11477SUSE Liberty Linux 7
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
ImportantCVE-2019-11477 at SUSECVE-2019-11477 at NVDSUSE bug 1132686SUSE bug 1137586SUSE bug 1142129SUSE bug 1153242cpe:/o:suse:sll:7CVE-2019-11478SUSE Liberty Linux 7
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
ImportantCVE-2019-11478 at SUSECVE-2019-11478 at NVDSUSE bug 1132686SUSE bug 1137586SUSE bug 1142129SUSE bug 1143542cpe:/o:suse:sll:7CVE-2019-11479SUSE Liberty Linux 7
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
ImportantCVE-2019-11479 at SUSECVE-2019-11479 at NVDSUSE bug 1132686SUSE bug 1137586SUSE bug 1142129SUSE bug 1143542cpe:/o:suse:sll:7CVE-2019-11487SUSE Liberty Linux 7
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
ModerateCVE-2019-11487 at SUSECVE-2019-11487 at NVDSUSE bug 1133190SUSE bug 1133191cpe:/o:suse:sll:7CVE-2019-11500SUSE Liberty Linux 7
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
ImportantCVE-2019-11500 at SUSECVE-2019-11500 at NVDSUSE bug 1145559cpe:/o:suse:sll:7CVE-2019-11597SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
ModerateCVE-2019-11597 at SUSECVE-2019-11597 at NVDSUSE bug 1138464SUSE bug 1146211cpe:/o:suse:sll:7CVE-2019-11598SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
ModerateCVE-2019-11598 at SUSECVE-2019-11598 at NVDSUSE bug 1136732SUSE bug 1179313SUSE bug 1179336cpe:/o:suse:sll:7CVE-2019-11599SUSE Liberty Linux 7
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
LowCVE-2019-11599 at SUSECVE-2019-11599 at NVDSUSE bug 1131645SUSE bug 1133738SUSE bug 1157905cpe:/o:suse:sll:7CVE-2019-11691SUSE Liberty Linux 7
A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-11691 at SUSECVE-2019-11691 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-11692SUSE Liberty Linux 7
A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-11692 at SUSECVE-2019-11692 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-11693SUSE Liberty Linux 7
The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-11693 at SUSECVE-2019-11693 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-11698SUSE Liberty Linux 7
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-11698 at SUSECVE-2019-11698 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-11703SUSE Liberty Linux 7
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
ModerateCVE-2019-11703 at SUSECVE-2019-11703 at NVDSUSE bug 1137595cpe:/o:suse:sll:7CVE-2019-11704SUSE Liberty Linux 7
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
ModerateCVE-2019-11704 at SUSECVE-2019-11704 at NVDSUSE bug 1137595cpe:/o:suse:sll:7CVE-2019-11705SUSE Liberty Linux 7
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
ModerateCVE-2019-11705 at SUSECVE-2019-11705 at NVDSUSE bug 1137595cpe:/o:suse:sll:7CVE-2019-11706SUSE Liberty Linux 7
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
ModerateCVE-2019-11706 at SUSECVE-2019-11706 at NVDSUSE bug 1137595cpe:/o:suse:sll:7CVE-2019-11707SUSE Liberty Linux 7
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
ModerateCVE-2019-11707 at SUSECVE-2019-11707 at NVDSUSE bug 1138614cpe:/o:suse:sll:7CVE-2019-11708SUSE Liberty Linux 7
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
CriticalCVE-2019-11708 at SUSECVE-2019-11708 at NVDSUSE bug 1138872cpe:/o:suse:sll:7CVE-2019-11709SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11709 at SUSECVE-2019-11709 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11711SUSE Liberty Linux 7
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11711 at SUSECVE-2019-11711 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11712SUSE Liberty Linux 7
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11712 at SUSECVE-2019-11712 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11713SUSE Liberty Linux 7
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11713 at SUSECVE-2019-11713 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11715SUSE Liberty Linux 7
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11715 at SUSECVE-2019-11715 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11717SUSE Liberty Linux 7
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11717 at SUSECVE-2019-11717 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11719SUSE Liberty Linux 7
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11719 at SUSECVE-2019-11719 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11727SUSE Liberty Linux 7
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
LowCVE-2019-11727 at SUSECVE-2019-11727 at NVDSUSE bug 1140868SUSE bug 1141322cpe:/o:suse:sll:7CVE-2019-11729SUSE Liberty Linux 7
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11729 at SUSECVE-2019-11729 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11730SUSE Liberty Linux 7
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-11730 at SUSECVE-2019-11730 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-11733SUSE Liberty Linux 7
When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.
ModerateCVE-2019-11733 at SUSECVE-2019-11733 at NVDSUSE bug 1145665cpe:/o:suse:sll:7CVE-2019-11739SUSE Liberty Linux 7
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.
ModerateCVE-2019-11739 at SUSECVE-2019-11739 at NVDSUSE bug 1150939SUSE bug 1150940cpe:/o:suse:sll:7CVE-2019-11740SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
ImportantCVE-2019-11740 at SUSECVE-2019-11740 at NVDSUSE bug 1149299SUSE bug 1149323SUSE bug 1149324SUSE bug 1150940cpe:/o:suse:sll:7CVE-2019-11742SUSE Liberty Linux 7
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
ImportantCVE-2019-11742 at SUSECVE-2019-11742 at NVDSUSE bug 1149303SUSE bug 1149323SUSE bug 1149324SUSE bug 1150940cpe:/o:suse:sll:7CVE-2019-11743SUSE Liberty Linux 7
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
ModerateCVE-2019-11743 at SUSECVE-2019-11743 at NVDSUSE bug 1149298SUSE bug 1149323SUSE bug 1149324SUSE bug 1150940cpe:/o:suse:sll:7CVE-2019-11744SUSE Liberty Linux 7
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
ImportantCVE-2019-11744 at SUSECVE-2019-11744 at NVDSUSE bug 1149304SUSE bug 1149323SUSE bug 1149324SUSE bug 1150940cpe:/o:suse:sll:7CVE-2019-11745SUSE Liberty Linux 7
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
ImportantCVE-2019-11745 at SUSECVE-2019-11745 at NVDSUSE bug 1158328SUSE bug 1158527cpe:/o:suse:sll:7CVE-2019-11746SUSE Liberty Linux 7
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
ImportantCVE-2019-11746 at SUSECVE-2019-11746 at NVDSUSE bug 1149297SUSE bug 1149323SUSE bug 1149324SUSE bug 1150940cpe:/o:suse:sll:7CVE-2019-11752SUSE Liberty Linux 7
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
ImportantCVE-2019-11752 at SUSECVE-2019-11752 at NVDSUSE bug 1149296SUSE bug 1149323SUSE bug 1149324SUSE bug 1150940cpe:/o:suse:sll:7CVE-2019-11756SUSE Liberty Linux 7
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.
ImportantCVE-2019-11756 at SUSECVE-2019-11756 at NVDSUSE bug 1161447cpe:/o:suse:sll:7CVE-2019-11757SUSE Liberty Linux 7
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11757 at SUSECVE-2019-11757 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11758SUSE Liberty Linux 7
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11758 at SUSECVE-2019-11758 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11759SUSE Liberty Linux 7
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11759 at SUSECVE-2019-11759 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11760SUSE Liberty Linux 7
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11760 at SUSECVE-2019-11760 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11761SUSE Liberty Linux 7
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11761 at SUSECVE-2019-11761 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11762SUSE Liberty Linux 7
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11762 at SUSECVE-2019-11762 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11763SUSE Liberty Linux 7
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11763 at SUSECVE-2019-11763 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11764SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
ImportantCVE-2019-11764 at SUSECVE-2019-11764 at NVDSUSE bug 1154738cpe:/o:suse:sll:7CVE-2019-11810SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
LowCVE-2019-11810 at SUSECVE-2019-11810 at NVDSUSE bug 1134399cpe:/o:suse:sll:7CVE-2019-11811SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
LowCVE-2019-11811 at SUSECVE-2019-11811 at NVDSUSE bug 1134397cpe:/o:suse:sll:7CVE-2019-11833SUSE Liberty Linux 7
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
LowCVE-2019-11833 at SUSECVE-2019-11833 at NVDSUSE bug 1135281cpe:/o:suse:sll:7CVE-2019-11884SUSE Liberty Linux 7
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
ModerateCVE-2019-11884 at SUSECVE-2019-11884 at NVDSUSE bug 1134848SUSE bug 1139868cpe:/o:suse:sll:7CVE-2019-12155SUSE Liberty Linux 7
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
LowCVE-2019-12155 at SUSECVE-2019-12155 at NVDSUSE bug 1135902SUSE bug 1135905cpe:/o:suse:sll:7CVE-2019-12293SUSE Liberty Linux 7
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
ModerateCVE-2019-12293 at SUSECVE-2019-12293 at NVDSUSE bug 1136105cpe:/o:suse:sll:7CVE-2019-12382SUSE Liberty Linux 7
An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference
LowCVE-2019-12382 at SUSECVE-2019-12382 at NVDSUSE bug 1136586SUSE bug 1155298cpe:/o:suse:sll:7CVE-2019-12387SUSE Liberty Linux 7
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
ModerateCVE-2019-12387 at SUSECVE-2019-12387 at NVDSUSE bug 1137825cpe:/o:suse:sll:7CVE-2019-12420SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
ImportantCVE-2019-12420 at SUSECVE-2019-12420 at NVDSUSE bug 1159133SUSE bug 1186513cpe:/o:suse:sll:7CVE-2019-12450SUSE Liberty Linux 7
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
ImportantCVE-2019-12450 at SUSECVE-2019-12450 at NVDSUSE bug 1137001SUSE bug 1139959SUSE bug 1142126cpe:/o:suse:sll:7CVE-2019-12519SUSE Liberty Linux 7
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
ImportantCVE-2019-12519 at SUSECVE-2019-12519 at NVDSUSE bug 1169659cpe:/o:suse:sll:7CVE-2019-12525SUSE Liberty Linux 7
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
ImportantCVE-2019-12525 at SUSECVE-2019-12525 at NVDSUSE bug 1141332cpe:/o:suse:sll:7CVE-2019-12528SUSE Liberty Linux 7
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
ModerateCVE-2019-12528 at SUSECVE-2019-12528 at NVDSUSE bug 1162689cpe:/o:suse:sll:7CVE-2019-12614SUSE Liberty Linux 7
An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).
ModerateCVE-2019-12614 at SUSECVE-2019-12614 at NVDSUSE bug 1137194cpe:/o:suse:sll:7CVE-2019-12735SUSE Liberty Linux 7
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
ModerateCVE-2019-12735 at SUSECVE-2019-12735 at NVDSUSE bug 1137443cpe:/o:suse:sll:7CVE-2019-12749SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
ModerateCVE-2019-12749 at SUSECVE-2019-12749 at NVDSUSE bug 1137832cpe:/o:suse:sll:7CVE-2019-12779SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
ModerateCVE-2019-12779 at SUSECVE-2019-12779 at NVDSUSE bug 1137835cpe:/o:suse:sll:7CVE-2019-12974SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
ModerateCVE-2019-12974 at SUSECVE-2019-12974 at NVDSUSE bug 1140111cpe:/o:suse:sll:7CVE-2019-12975SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
LowCVE-2019-12975 at SUSECVE-2019-12975 at NVDSUSE bug 1140106cpe:/o:suse:sll:7CVE-2019-12976SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
ModerateCVE-2019-12976 at SUSECVE-2019-12976 at NVDSUSE bug 1140110cpe:/o:suse:sll:7CVE-2019-12978SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
ModerateCVE-2019-12978 at SUSECVE-2019-12978 at NVDSUSE bug 1139885cpe:/o:suse:sll:7CVE-2019-12979SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
ModerateCVE-2019-12979 at SUSECVE-2019-12979 at NVDSUSE bug 1139886cpe:/o:suse:sll:7CVE-2019-13038SUSE Liberty Linux 7
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
ModerateCVE-2019-13038 at SUSECVE-2019-13038 at NVDcpe:/o:suse:sll:7CVE-2019-13133SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
ModerateCVE-2019-13133 at SUSECVE-2019-13133 at NVDSUSE bug 1140100cpe:/o:suse:sll:7CVE-2019-13134SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
ModerateCVE-2019-13134 at SUSECVE-2019-13134 at NVDSUSE bug 1140102cpe:/o:suse:sll:7CVE-2019-13135SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
ModerateCVE-2019-13135 at SUSECVE-2019-13135 at NVDSUSE bug 1140103cpe:/o:suse:sll:7CVE-2019-13232SUSE Liberty Linux 7
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
LowCVE-2019-13232 at SUSECVE-2019-13232 at NVDSUSE bug 1140748cpe:/o:suse:sll:7CVE-2019-13233SUSE Liberty Linux 7
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
LowCVE-2019-13233 at SUSECVE-2019-13233 at NVDSUSE bug 1140454SUSE bug 1144502cpe:/o:suse:sll:7CVE-2019-13295SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
ModerateCVE-2019-13295 at SUSECVE-2019-13295 at NVDSUSE bug 1140664cpe:/o:suse:sll:7CVE-2019-13297SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
ModerateCVE-2019-13297 at SUSECVE-2019-13297 at NVDSUSE bug 1140666cpe:/o:suse:sll:7CVE-2019-13300SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
ModerateCVE-2019-13300 at SUSECVE-2019-13300 at NVDSUSE bug 1140669cpe:/o:suse:sll:7CVE-2019-13301SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
ModerateCVE-2019-13301 at SUSECVE-2019-13301 at NVDSUSE bug 1140554cpe:/o:suse:sll:7CVE-2019-13304SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
ImportantCVE-2019-13304 at SUSECVE-2019-13304 at NVDSUSE bug 1140547cpe:/o:suse:sll:7CVE-2019-13305SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
ImportantCVE-2019-13305 at SUSECVE-2019-13305 at NVDSUSE bug 1140545cpe:/o:suse:sll:7CVE-2019-13306SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
ModerateCVE-2019-13306 at SUSECVE-2019-13306 at NVDSUSE bug 1140543cpe:/o:suse:sll:7CVE-2019-13307SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
ModerateCVE-2019-13307 at SUSECVE-2019-13307 at NVDSUSE bug 1140538cpe:/o:suse:sll:7CVE-2019-13309SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
LowCVE-2019-13309 at SUSECVE-2019-13309 at NVDSUSE bug 1140501SUSE bug 1140520cpe:/o:suse:sll:7CVE-2019-13310SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
LowCVE-2019-13310 at SUSECVE-2019-13310 at NVDSUSE bug 1140501SUSE bug 1140520cpe:/o:suse:sll:7CVE-2019-13311SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
LowCVE-2019-13311 at SUSECVE-2019-13311 at NVDSUSE bug 1140513SUSE bug 1140554cpe:/o:suse:sll:7CVE-2019-13313SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
LowCVE-2019-13313 at SUSECVE-2019-13313 at NVDSUSE bug 1140749cpe:/o:suse:sll:7CVE-2019-13345SUSE Liberty Linux 7
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
ModerateCVE-2019-13345 at SUSECVE-2019-13345 at NVDSUSE bug 1140738cpe:/o:suse:sll:7CVE-2019-13454SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
ModerateCVE-2019-13454 at SUSECVE-2019-13454 at NVDSUSE bug 1141171cpe:/o:suse:sll:7CVE-2019-13456SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
ModerateCVE-2019-13456 at SUSECVE-2019-13456 at NVDSUSE bug 1144524SUSE bug 1166858cpe:/o:suse:sll:7CVE-2019-13616SUSE Liberty Linux 7
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
ModerateCVE-2019-13616 at SUSECVE-2019-13616 at NVDSUSE bug 1141844cpe:/o:suse:sll:7CVE-2019-13638SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
ImportantCVE-2019-13638 at SUSECVE-2019-13638 at NVDSUSE bug 1088420SUSE bug 1142513SUSE bug 1146398cpe:/o:suse:sll:7CVE-2019-13648SUSE Liberty Linux 7
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.
LowCVE-2019-13648 at SUSECVE-2019-13648 at NVDSUSE bug 1142254SUSE bug 1142265cpe:/o:suse:sll:7CVE-2019-13734SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2019-13734 at SUSECVE-2019-13734 at NVDSUSE bug 1158982cpe:/o:suse:sll:7CVE-2019-1387SUSE Liberty Linux 7
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.
ImportantCVE-2019-1387 at SUSECVE-2019-1387 at NVDSUSE bug 1158785SUSE bug 1158793cpe:/o:suse:sll:7CVE-2019-14283SUSE Liberty Linux 7
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.
ModerateCVE-2019-14283 at SUSECVE-2019-14283 at NVDSUSE bug 1143191cpe:/o:suse:sll:7CVE-2019-14287SUSE Liberty Linux 7
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
ModerateCVE-2019-14287 at SUSECVE-2019-14287 at NVDSUSE bug 1153674SUSE bug 1156093cpe:/o:suse:sll:7CVE-2019-14378SUSE Liberty Linux 7
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
ModerateCVE-2019-14378 at SUSECVE-2019-14378 at NVDSUSE bug 1143794SUSE bug 1143797SUSE bug 1178658cpe:/o:suse:sll:7CVE-2019-14494SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
ModerateCVE-2019-14494 at SUSECVE-2019-14494 at NVDSUSE bug 1143950cpe:/o:suse:sll:7CVE-2019-14744SUSE Liberty Linux 7
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
ImportantCVE-2019-14744 at SUSECVE-2019-14744 at NVDSUSE bug 1144600cpe:/o:suse:sll:7CVE-2019-14811SUSE Liberty Linux 7
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
ModerateCVE-2019-14811 at SUSECVE-2019-14811 at NVDSUSE bug 1146882cpe:/o:suse:sll:7CVE-2019-14812SUSE Liberty Linux 7
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
ModerateCVE-2019-14812 at SUSECVE-2019-14812 at NVDSUSE bug 1146882cpe:/o:suse:sll:7CVE-2019-14813SUSE Liberty Linux 7
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
ModerateCVE-2019-14813 at SUSECVE-2019-14813 at NVDSUSE bug 1146882cpe:/o:suse:sll:7CVE-2019-14816SUSE Liberty Linux 7
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
ModerateCVE-2019-14816 at SUSECVE-2019-14816 at NVDSUSE bug 1146516SUSE bug 1173666cpe:/o:suse:sll:7CVE-2019-14817SUSE Liberty Linux 7
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
ModerateCVE-2019-14817 at SUSECVE-2019-14817 at NVDSUSE bug 1146882SUSE bug 1146884cpe:/o:suse:sll:7CVE-2019-14821SUSE Liberty Linux 7
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
ModerateCVE-2019-14821 at SUSECVE-2019-14821 at NVDSUSE bug 1151350SUSE bug 1218966cpe:/o:suse:sll:7CVE-2019-14822SUSE Liberty Linux 7
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
ImportantCVE-2019-14822 at SUSECVE-2019-14822 at NVDSUSE bug 1150011cpe:/o:suse:sll:7CVE-2019-14823SUSE Liberty Linux 7
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.
ImportantCVE-2019-14823 at SUSECVE-2019-14823 at NVDcpe:/o:suse:sll:7CVE-2019-14824SUSE Liberty Linux 7
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
ModerateCVE-2019-14824 at SUSECVE-2019-14824 at NVDcpe:/o:suse:sll:7CVE-2019-14834SUSE Liberty Linux 7
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
ModerateCVE-2019-14834 at SUSECVE-2019-14834 at NVDSUSE bug 1154849cpe:/o:suse:sll:7CVE-2019-14835SUSE Liberty Linux 7
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
ModerateCVE-2019-14835 at SUSECVE-2019-14835 at NVDSUSE bug 1150112SUSE bug 1151021cpe:/o:suse:sll:7CVE-2019-14850SUSE Liberty Linux 7
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
LowCVE-2019-14850 at SUSECVE-2019-14850 at NVDcpe:/o:suse:sll:7CVE-2019-14857SUSE Liberty Linux 7
A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.
ModerateCVE-2019-14857 at SUSECVE-2019-14857 at NVDSUSE bug 1153666cpe:/o:suse:sll:7CVE-2019-14866SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.
ModerateCVE-2019-14866 at SUSECVE-2019-14866 at NVDSUSE bug 1155199cpe:/o:suse:sll:7CVE-2019-14867SUSE Liberty Linux 7
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
ImportantCVE-2019-14867 at SUSECVE-2019-14867 at NVDcpe:/o:suse:sll:7CVE-2019-14868SUSE Liberty Linux 7
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
ImportantCVE-2019-14868 at SUSECVE-2019-14868 at NVDSUSE bug 1160796cpe:/o:suse:sll:7CVE-2019-14869SUSE Liberty Linux 7
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
ImportantCVE-2019-14869 at SUSECVE-2019-14869 at NVDSUSE bug 1156275cpe:/o:suse:sll:7CVE-2019-14895SUSE Liberty Linux 7
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
ImportantCVE-2019-14895 at SUSECVE-2019-14895 at NVDSUSE bug 1157042SUSE bug 1157158SUSE bug 1173100SUSE bug 1173660cpe:/o:suse:sll:7CVE-2019-14898SUSE Liberty Linux 7
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
ModerateCVE-2019-14898 at SUSECVE-2019-14898 at NVDSUSE bug 1157905cpe:/o:suse:sll:7CVE-2019-14901SUSE Liberty Linux 7
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
ImportantCVE-2019-14901 at SUSECVE-2019-14901 at NVDSUSE bug 1157042SUSE bug 1173661cpe:/o:suse:sll:7CVE-2019-14906SUSE Liberty Linux 7
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
CriticalCVE-2019-14906 at SUSECVE-2019-14906 at NVDcpe:/o:suse:sll:7CVE-2019-14907SUSE Liberty Linux 7
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).
ModerateCVE-2019-14907 at SUSECVE-2019-14907 at NVDSUSE bug 1160888cpe:/o:suse:sll:7CVE-2019-14973SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
ModerateCVE-2019-14973 at SUSECVE-2019-14973 at NVDSUSE bug 1146608cpe:/o:suse:sll:7CVE-2019-14980SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
LowCVE-2019-14980 at SUSECVE-2019-14980 at NVDSUSE bug 1146068cpe:/o:suse:sll:7CVE-2019-14981SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
LowCVE-2019-14981 at SUSECVE-2019-14981 at NVDSUSE bug 1146065cpe:/o:suse:sll:7CVE-2019-15139SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
LowCVE-2019-15139 at SUSECVE-2019-15139 at NVDSUSE bug 1146213cpe:/o:suse:sll:7CVE-2019-15140SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
LowCVE-2019-15140 at SUSECVE-2019-15140 at NVDSUSE bug 1146212cpe:/o:suse:sll:7CVE-2019-15141SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
LowCVE-2019-15141 at SUSECVE-2019-15141 at NVDSUSE bug 1146211cpe:/o:suse:sll:7CVE-2019-15217SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
ModerateCVE-2019-15217 at SUSECVE-2019-15217 at NVDSUSE bug 1146519SUSE bug 1146547SUSE bug 1158381SUSE bug 1158834cpe:/o:suse:sll:7CVE-2019-15239SUSE Liberty Linux 7
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.
ModerateCVE-2019-15239 at SUSECVE-2019-15239 at NVDSUSE bug 1146589SUSE bug 1156317cpe:/o:suse:sll:7CVE-2019-1559SUSE Liberty Linux 7
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
LowCVE-2019-1559 at SUSECVE-2019-1559 at NVDSUSE bug 1127080SUSE bug 1130039SUSE bug 1141798cpe:/o:suse:sll:7CVE-2019-15605SUSE Liberty Linux 7
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
ImportantCVE-2019-15605 at SUSECVE-2019-15605 at NVDSUSE bug 1163102cpe:/o:suse:sll:7CVE-2019-15690SUSE Liberty Linux 7
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
ImportantCVE-2019-15690 at SUSECVE-2019-15690 at NVDSUSE bug 1160471SUSE bug 1170441cpe:/o:suse:sll:7CVE-2019-15691SUSE Liberty Linux 7
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
ImportantCVE-2019-15691 at SUSECVE-2019-15691 at NVDSUSE bug 1159856cpe:/o:suse:sll:7CVE-2019-15692SUSE Liberty Linux 7
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
ImportantCVE-2019-15692 at SUSECVE-2019-15692 at NVDSUSE bug 1160250cpe:/o:suse:sll:7CVE-2019-15693SUSE Liberty Linux 7
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
ImportantCVE-2019-15693 at SUSECVE-2019-15693 at NVDSUSE bug 1159858cpe:/o:suse:sll:7CVE-2019-15694SUSE Liberty Linux 7
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
ImportantCVE-2019-15694 at SUSECVE-2019-15694 at NVDSUSE bug 1160251cpe:/o:suse:sll:7CVE-2019-15695SUSE Liberty Linux 7
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
ImportantCVE-2019-15695 at SUSECVE-2019-15695 at NVDSUSE bug 1159860cpe:/o:suse:sll:7CVE-2019-15807SUSE Liberty Linux 7
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.
ModerateCVE-2019-15807 at SUSECVE-2019-15807 at NVDSUSE bug 1148938cpe:/o:suse:sll:7CVE-2019-15903SUSE Liberty Linux 7
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
ImportantCVE-2019-15903 at SUSECVE-2019-15903 at NVDSUSE bug 1149429SUSE bug 1154738SUSE bug 1154806cpe:/o:suse:sll:7CVE-2019-15916SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
LowCVE-2019-15916 at SUSECVE-2019-15916 at NVDSUSE bug 1149448cpe:/o:suse:sll:7CVE-2019-15917SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
ImportantCVE-2019-15917 at SUSECVE-2019-15917 at NVDSUSE bug 1149539SUSE bug 1156334cpe:/o:suse:sll:7CVE-2019-16056SUSE Liberty Linux 7
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
ModerateCVE-2019-16056 at SUSECVE-2019-16056 at NVDSUSE bug 1149955cpe:/o:suse:sll:7CVE-2019-16231SUSE Liberty Linux 7
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
ModerateCVE-2019-16231 at SUSECVE-2019-16231 at NVDSUSE bug 1150466cpe:/o:suse:sll:7CVE-2019-16233SUSE Liberty Linux 7
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
ModerateCVE-2019-16233 at SUSECVE-2019-16233 at NVDSUSE bug 1150457cpe:/o:suse:sll:7CVE-2019-16707SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
LowCVE-2019-16707 at SUSECVE-2019-16707 at NVDSUSE bug 1151867cpe:/o:suse:sll:7CVE-2019-16708SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
ModerateCVE-2019-16708 at SUSECVE-2019-16708 at NVDSUSE bug 1151781cpe:/o:suse:sll:7CVE-2019-16709SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
ModerateCVE-2019-16709 at SUSECVE-2019-16709 at NVDSUSE bug 1151782cpe:/o:suse:sll:7CVE-2019-16710SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
ModerateCVE-2019-16710 at SUSECVE-2019-16710 at NVDSUSE bug 1151783cpe:/o:suse:sll:7CVE-2019-16711SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
ModerateCVE-2019-16711 at SUSECVE-2019-16711 at NVDSUSE bug 1151784cpe:/o:suse:sll:7CVE-2019-16712SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
ModerateCVE-2019-16712 at SUSECVE-2019-16712 at NVDSUSE bug 1151785cpe:/o:suse:sll:7CVE-2019-16713SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
ModerateCVE-2019-16713 at SUSECVE-2019-16713 at NVDSUSE bug 1151786cpe:/o:suse:sll:7CVE-2019-16746SUSE Liberty Linux 7
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
ModerateCVE-2019-16746 at SUSECVE-2019-16746 at NVDSUSE bug 1152107SUSE bug 1173659cpe:/o:suse:sll:7CVE-2019-16865SUSE Liberty Linux 7
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
ModerateCVE-2019-16865 at SUSECVE-2019-16865 at NVDSUSE bug 1153191cpe:/o:suse:sll:7CVE-2019-16935SUSE Liberty Linux 7
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
ModerateCVE-2019-16935 at SUSECVE-2019-16935 at NVDSUSE bug 1153238cpe:/o:suse:sll:7CVE-2019-16994SUSE Liberty Linux 7
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
ModerateCVE-2019-16994 at SUSECVE-2019-16994 at NVDSUSE bug 1161523cpe:/o:suse:sll:7CVE-2019-17005SUSE Liberty Linux 7
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
ImportantCVE-2019-17005 at SUSECVE-2019-17005 at NVDSUSE bug 1158328cpe:/o:suse:sll:7CVE-2019-17006SUSE Liberty Linux 7
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
ModerateCVE-2019-17006 at SUSECVE-2019-17006 at NVDSUSE bug 1159819cpe:/o:suse:sll:7CVE-2019-17008SUSE Liberty Linux 7
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
ImportantCVE-2019-17008 at SUSECVE-2019-17008 at NVDSUSE bug 1158328cpe:/o:suse:sll:7CVE-2019-17010SUSE Liberty Linux 7
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
ImportantCVE-2019-17010 at SUSECVE-2019-17010 at NVDSUSE bug 1158328cpe:/o:suse:sll:7CVE-2019-17011SUSE Liberty Linux 7
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
ImportantCVE-2019-17011 at SUSECVE-2019-17011 at NVDSUSE bug 1158328cpe:/o:suse:sll:7CVE-2019-17012SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
ImportantCVE-2019-17012 at SUSECVE-2019-17012 at NVDSUSE bug 1158328cpe:/o:suse:sll:7CVE-2019-17016SUSE Liberty Linux 7
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
ImportantCVE-2019-17016 at SUSECVE-2019-17016 at NVDSUSE bug 1160305cpe:/o:suse:sll:7CVE-2019-17017SUSE Liberty Linux 7
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
ImportantCVE-2019-17017 at SUSECVE-2019-17017 at NVDSUSE bug 1160305cpe:/o:suse:sll:7CVE-2019-17022SUSE Liberty Linux 7
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
ImportantCVE-2019-17022 at SUSECVE-2019-17022 at NVDSUSE bug 1160305cpe:/o:suse:sll:7CVE-2019-17023SUSE Liberty Linux 7
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.
ImportantCVE-2019-17023 at SUSECVE-2019-17023 at NVDSUSE bug 1160305cpe:/o:suse:sll:7CVE-2019-17024SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
ImportantCVE-2019-17024 at SUSECVE-2019-17024 at NVDSUSE bug 1160305cpe:/o:suse:sll:7CVE-2019-17026SUSE Liberty Linux 7
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
ImportantCVE-2019-17026 at SUSECVE-2019-17026 at NVDSUSE bug 1160498cpe:/o:suse:sll:7CVE-2019-17041SUSE Liberty Linux 7
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
ModerateCVE-2019-17041 at SUSECVE-2019-17041 at NVDSUSE bug 1153451SUSE bug 1198831cpe:/o:suse:sll:7CVE-2019-17042SUSE Liberty Linux 7
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
ModerateCVE-2019-17042 at SUSECVE-2019-17042 at NVDSUSE bug 1153459SUSE bug 1198831cpe:/o:suse:sll:7CVE-2019-17053SUSE Liberty Linux 7
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
ModerateCVE-2019-17053 at SUSECVE-2019-17053 at NVDSUSE bug 1152789cpe:/o:suse:sll:7CVE-2019-17055SUSE Liberty Linux 7
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
ModerateCVE-2019-17055 at SUSECVE-2019-17055 at NVDSUSE bug 1152782cpe:/o:suse:sll:7CVE-2019-17133SUSE Liberty Linux 7
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
ModerateCVE-2019-17133 at SUSECVE-2019-17133 at NVDSUSE bug 1153158SUSE bug 1153161cpe:/o:suse:sll:7CVE-2019-17185SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
ImportantCVE-2019-17185 at SUSECVE-2019-17185 at NVDSUSE bug 1166847cpe:/o:suse:sll:7CVE-2019-17402SUSE Liberty Linux 7
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
LowCVE-2019-17402 at SUSECVE-2019-17402 at NVDSUSE bug 1153577cpe:/o:suse:sll:7CVE-2019-17498SUSE Liberty Linux 7
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDSUSE bug 1154862SUSE bug 1171566cpe:/o:suse:sll:7CVE-2019-17540SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
ModerateCVE-2019-17540 at SUSECVE-2019-17540 at NVDSUSE bug 1153866cpe:/o:suse:sll:7CVE-2019-17541SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
ModerateCVE-2019-17541 at SUSECVE-2019-17541 at NVDSUSE bug 1153867cpe:/o:suse:sll:7CVE-2019-17546SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
ImportantCVE-2019-17546 at SUSECVE-2019-17546 at NVDSUSE bug 1154365cpe:/o:suse:sll:7CVE-2019-17563SUSE Liberty Linux 7
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
LowCVE-2019-17563 at SUSECVE-2019-17563 at NVDSUSE bug 1159729cpe:/o:suse:sll:7CVE-2019-17626SUSE Liberty Linux 7
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
ImportantCVE-2019-17626 at SUSECVE-2019-17626 at NVDSUSE bug 1154370SUSE bug 1215560cpe:/o:suse:sll:7CVE-2019-17666SUSE Liberty Linux 7
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
ModerateCVE-2019-17666 at SUSECVE-2019-17666 at NVDSUSE bug 1154372cpe:/o:suse:sll:7CVE-2019-18197SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
ImportantCVE-2019-18197 at SUSECVE-2019-18197 at NVDSUSE bug 1154609SUSE bug 1157028SUSE bug 1162833SUSE bug 1169511SUSE bug 1190108cpe:/o:suse:sll:7CVE-2019-18282SUSE Liberty Linux 7
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.
ModerateCVE-2019-18282 at SUSECVE-2019-18282 at NVDSUSE bug 1161121cpe:/o:suse:sll:7CVE-2019-18397SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.
ImportantCVE-2019-18397 at SUSECVE-2019-18397 at NVDSUSE bug 1156260cpe:/o:suse:sll:7CVE-2019-18408SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
ModerateCVE-2019-18408 at SUSECVE-2019-18408 at NVDSUSE bug 1155079cpe:/o:suse:sll:7CVE-2019-18609SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
ImportantCVE-2019-18609 at SUSECVE-2019-18609 at NVDcpe:/o:suse:sll:7CVE-2019-18634SUSE Liberty Linux 7
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
ImportantCVE-2019-18634 at SUSECVE-2019-18634 at NVDSUSE bug 1162202cpe:/o:suse:sll:7CVE-2019-18660SUSE Liberty Linux 7
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
ModerateCVE-2019-18660 at SUSECVE-2019-18660 at NVDSUSE bug 1157038SUSE bug 1157923cpe:/o:suse:sll:7CVE-2019-18808SUSE Liberty Linux 7
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
ModerateCVE-2019-18808 at SUSECVE-2019-18808 at NVDSUSE bug 1156259SUSE bug 1189884SUSE bug 1190534cpe:/o:suse:sll:7CVE-2019-19046SUSE Liberty Linux 7
A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time
ModerateCVE-2019-19046 at SUSECVE-2019-19046 at NVDSUSE bug 1157304cpe:/o:suse:sll:7CVE-2019-19055SUSE Liberty Linux 7
A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred
ImportantCVE-2019-19055 at SUSECVE-2019-19055 at NVDSUSE bug 1157319cpe:/o:suse:sll:7CVE-2019-19058SUSE Liberty Linux 7
A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.
ModerateCVE-2019-19058 at SUSECVE-2019-19058 at NVDSUSE bug 1157145cpe:/o:suse:sll:7CVE-2019-19059SUSE Liberty Linux 7
Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.
ModerateCVE-2019-19059 at SUSECVE-2019-19059 at NVDSUSE bug 1157296cpe:/o:suse:sll:7CVE-2019-19062SUSE Liberty Linux 7
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
ModerateCVE-2019-19062 at SUSECVE-2019-19062 at NVDSUSE bug 1157333cpe:/o:suse:sll:7CVE-2019-19063SUSE Liberty Linux 7
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
ModerateCVE-2019-19063 at SUSECVE-2019-19063 at NVDSUSE bug 1157298cpe:/o:suse:sll:7CVE-2019-19126SUSE Liberty Linux 7
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
LowCVE-2019-19126 at SUSECVE-2019-19126 at NVDSUSE bug 1157292cpe:/o:suse:sll:7CVE-2019-19332SUSE Liberty Linux 7
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
ModerateCVE-2019-19332 at SUSECVE-2019-19332 at NVDSUSE bug 1158827cpe:/o:suse:sll:7CVE-2019-19338SUSE Liberty Linux 7
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.
ModerateCVE-2019-19338 at SUSECVE-2019-19338 at NVDSUSE bug 1158954cpe:/o:suse:sll:7CVE-2019-19447SUSE Liberty Linux 7
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
ImportantCVE-2019-19447 at SUSECVE-2019-19447 at NVDSUSE bug 1158819SUSE bug 1173869cpe:/o:suse:sll:7CVE-2019-19450SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
ImportantCVE-2019-19450 at SUSECVE-2019-19450 at NVDSUSE bug 1215560cpe:/o:suse:sll:7CVE-2019-19523SUSE Liberty Linux 7
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
ModerateCVE-2019-19523 at SUSECVE-2019-19523 at NVDSUSE bug 1158381SUSE bug 1158823SUSE bug 1158834cpe:/o:suse:sll:7CVE-2019-19524SUSE Liberty Linux 7
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
LowCVE-2019-19524 at SUSECVE-2019-19524 at NVDSUSE bug 1158381SUSE bug 1158413SUSE bug 1158834cpe:/o:suse:sll:7CVE-2019-19527SUSE Liberty Linux 7
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
ModerateCVE-2019-19527 at SUSECVE-2019-19527 at NVDSUSE bug 1158381SUSE bug 1158834SUSE bug 1158900cpe:/o:suse:sll:7CVE-2019-19530SUSE Liberty Linux 7
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
ModerateCVE-2019-19530 at SUSECVE-2019-19530 at NVDSUSE bug 1158381SUSE bug 1158410SUSE bug 1158834cpe:/o:suse:sll:7CVE-2019-19532SUSE Liberty Linux 7
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.
ModerateCVE-2019-19532 at SUSECVE-2019-19532 at NVDSUSE bug 1158381SUSE bug 1158823SUSE bug 1158824SUSE bug 1158834cpe:/o:suse:sll:7CVE-2019-19534SUSE Liberty Linux 7
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
LowCVE-2019-19534 at SUSECVE-2019-19534 at NVDSUSE bug 1158381SUSE bug 1158398SUSE bug 1158834cpe:/o:suse:sll:7CVE-2019-19537SUSE Liberty Linux 7
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
ModerateCVE-2019-19537 at SUSECVE-2019-19537 at NVDSUSE bug 1158381SUSE bug 1158834SUSE bug 1158904cpe:/o:suse:sll:7CVE-2019-19767SUSE Liberty Linux 7
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
ModerateCVE-2019-19767 at SUSECVE-2019-19767 at NVDSUSE bug 1159297cpe:/o:suse:sll:7CVE-2019-19768SUSE Liberty Linux 7
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
ModerateCVE-2019-19768 at SUSECVE-2019-19768 at NVDSUSE bug 1159285cpe:/o:suse:sll:7CVE-2019-19807SUSE Liberty Linux 7
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
ImportantCVE-2019-19807 at SUSECVE-2019-19807 at NVDSUSE bug 1159281cpe:/o:suse:sll:7CVE-2019-19948SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
ImportantCVE-2019-19948 at SUSECVE-2019-19948 at NVDSUSE bug 1159861cpe:/o:suse:sll:7CVE-2019-19949SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
ModerateCVE-2019-19949 at SUSECVE-2019-19949 at NVDSUSE bug 1160369cpe:/o:suse:sll:7CVE-2019-19956SUSE Liberty Linux 7
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
ModerateCVE-2019-19956 at SUSECVE-2019-19956 at NVDSUSE bug 1159928SUSE bug 1191860cpe:/o:suse:sll:7CVE-2019-20044SUSE Liberty Linux 7
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
ImportantCVE-2019-20044 at SUSECVE-2019-20044 at NVDSUSE bug 1163882SUSE bug 1200039SUSE bug 1200202SUSE bug 1200209cpe:/o:suse:sll:7CVE-2019-20054SUSE Liberty Linux 7
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
ModerateCVE-2019-20054 at SUSECVE-2019-20054 at NVDSUSE bug 1159910cpe:/o:suse:sll:7CVE-2019-20095SUSE Liberty Linux 7
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
ImportantCVE-2019-20095 at SUSECVE-2019-20095 at NVDSUSE bug 1159909SUSE bug 1159914cpe:/o:suse:sll:7CVE-2019-20382SUSE Liberty Linux 7
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
ModerateCVE-2019-20382 at SUSECVE-2019-20382 at NVDSUSE bug 1165776cpe:/o:suse:sll:7CVE-2019-20386SUSE Liberty Linux 7
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
LowCVE-2019-20386 at SUSECVE-2019-20386 at NVDSUSE bug 1161436cpe:/o:suse:sll:7CVE-2019-20388SUSE Liberty Linux 7
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
LowCVE-2019-20388 at SUSECVE-2019-20388 at NVDSUSE bug 1161521SUSE bug 1191860cpe:/o:suse:sll:7CVE-2019-20479SUSE Liberty Linux 7
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
ModerateCVE-2019-20479 at SUSECVE-2019-20479 at NVDSUSE bug 1164459cpe:/o:suse:sll:7CVE-2019-20485SUSE Liberty Linux 7
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
ModerateCVE-2019-20485 at SUSECVE-2019-20485 at NVDSUSE bug 1165616SUSE bug 1168683cpe:/o:suse:sll:7CVE-2019-20503SUSE Liberty Linux 7
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
ImportantCVE-2019-20503 at SUSECVE-2019-20503 at NVDSUSE bug 1166238SUSE bug 1167090cpe:/o:suse:sll:7CVE-2019-20636SUSE Liberty Linux 7
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
ModerateCVE-2019-20636 at SUSECVE-2019-20636 at NVDSUSE bug 1168075cpe:/o:suse:sll:7CVE-2019-20811SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
ModerateCVE-2019-20811 at SUSECVE-2019-20811 at NVDSUSE bug 1172456cpe:/o:suse:sll:7CVE-2019-20907SUSE Liberty Linux 7
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
ModerateCVE-2019-20907 at SUSECVE-2019-20907 at NVDSUSE bug 1174091cpe:/o:suse:sll:7CVE-2019-20916SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.
ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDSUSE bug 1176262cpe:/o:suse:sll:7CVE-2019-20934SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
ImportantCVE-2019-20934 at SUSECVE-2019-20934 at NVDSUSE bug 1179663SUSE bug 1179666cpe:/o:suse:sll:7CVE-2019-2422SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
ModerateCVE-2019-2422 at SUSECVE-2019-2422 at NVDSUSE bug 1122293cpe:/o:suse:sll:7CVE-2019-25013SUSE Liberty Linux 7
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
ModerateCVE-2019-25013 at SUSECVE-2019-25013 at NVDSUSE bug 1182117SUSE bug 1220988cpe:/o:suse:sll:7CVE-2019-2503SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
ImportantCVE-2019-2503 at SUSECVE-2019-2503 at NVDSUSE bug 1122198cpe:/o:suse:sll:7CVE-2019-2529SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ImportantCVE-2019-2529 at SUSECVE-2019-2529 at NVDSUSE bug 1122198SUSE bug 1136037cpe:/o:suse:sll:7CVE-2019-2602SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2019-2602 at SUSECVE-2019-2602 at NVDSUSE bug 1132728SUSE bug 1134718cpe:/o:suse:sll:7CVE-2019-2614SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
ImportantCVE-2019-2614 at SUSECVE-2019-2614 at NVDSUSE bug 1132826SUSE bug 1136035SUSE bug 1141798cpe:/o:suse:sll:7CVE-2019-2627SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ImportantCVE-2019-2627 at SUSECVE-2019-2627 at NVDSUSE bug 1132826SUSE bug 1136035SUSE bug 1141798cpe:/o:suse:sll:7CVE-2019-2684SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
ModerateCVE-2019-2684 at SUSECVE-2019-2684 at NVDSUSE bug 1132732SUSE bug 1134718SUSE bug 1184734cpe:/o:suse:sll:7CVE-2019-2698SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2019-2698 at SUSECVE-2019-2698 at NVDSUSE bug 1132729SUSE bug 1134718SUSE bug 1163365cpe:/o:suse:sll:7CVE-2019-2737SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2019-2737 at SUSECVE-2019-2737 at NVDSUSE bug 1132826SUSE bug 1141798SUSE bug 1156669cpe:/o:suse:sll:7CVE-2019-2739SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
ModerateCVE-2019-2739 at SUSECVE-2019-2739 at NVDSUSE bug 1132826SUSE bug 1141798SUSE bug 1156669cpe:/o:suse:sll:7CVE-2019-2740SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2019-2740 at SUSECVE-2019-2740 at NVDSUSE bug 1132826SUSE bug 1141798SUSE bug 1156669cpe:/o:suse:sll:7CVE-2019-2745SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2019-2745 at SUSECVE-2019-2745 at NVDSUSE bug 1141784cpe:/o:suse:sll:7CVE-2019-2762SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2762 at SUSECVE-2019-2762 at NVDSUSE bug 1141782SUSE bug 1147021cpe:/o:suse:sll:7CVE-2019-2769SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2769 at SUSECVE-2019-2769 at NVDSUSE bug 1141783SUSE bug 1147021cpe:/o:suse:sll:7CVE-2019-2786SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).
ModerateCVE-2019-2786 at SUSECVE-2019-2786 at NVDSUSE bug 1141787SUSE bug 1147021cpe:/o:suse:sll:7CVE-2019-2805SUSE Liberty Linux 7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2019-2805 at SUSECVE-2019-2805 at NVDSUSE bug 1132826SUSE bug 1141798SUSE bug 1156669cpe:/o:suse:sll:7CVE-2019-2816SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
ModerateCVE-2019-2816 at SUSECVE-2019-2816 at NVDSUSE bug 1141785SUSE bug 1147021cpe:/o:suse:sll:7CVE-2019-2818SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
ModerateCVE-2019-2818 at SUSECVE-2019-2818 at NVDSUSE bug 1141788cpe:/o:suse:sll:7CVE-2019-2821SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).
ModerateCVE-2019-2821 at SUSECVE-2019-2821 at NVDSUSE bug 1141781cpe:/o:suse:sll:7CVE-2019-2842SUSE Liberty Linux 7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2842 at SUSECVE-2019-2842 at NVDSUSE bug 1141786cpe:/o:suse:sll:7CVE-2019-2945SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2945 at SUSECVE-2019-2945 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2949SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2019-2949 at SUSECVE-2019-2949 at NVDSUSE bug 1154212SUSE bug 1172277cpe:/o:suse:sll:7CVE-2019-2962SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2962 at SUSECVE-2019-2962 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2964SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2964 at SUSECVE-2019-2964 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2973SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2973 at SUSECVE-2019-2973 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2974SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2019-2974 at SUSECVE-2019-2974 at NVDSUSE bug 1154162SUSE bug 1156669cpe:/o:suse:sll:7CVE-2019-2975SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).
ModerateCVE-2019-2975 at SUSECVE-2019-2975 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2977SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).
ModerateCVE-2019-2977 at SUSECVE-2019-2977 at NVDSUSE bug 1154212cpe:/o:suse:sll:7CVE-2019-2978SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2978 at SUSECVE-2019-2978 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2981SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2981 at SUSECVE-2019-2981 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2983SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2983 at SUSECVE-2019-2983 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2987SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2987 at SUSECVE-2019-2987 at NVDSUSE bug 1154212cpe:/o:suse:sll:7CVE-2019-2988SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2988 at SUSECVE-2019-2988 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2989SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).
ModerateCVE-2019-2989 at SUSECVE-2019-2989 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2992SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2019-2992 at SUSECVE-2019-2992 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-2999SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
ModerateCVE-2019-2999 at SUSECVE-2019-2999 at NVDSUSE bug 1154212SUSE bug 1158442cpe:/o:suse:sll:7CVE-2019-3459SUSE Liberty Linux 7
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
ModerateCVE-2019-3459 at SUSECVE-2019-3459 at NVDSUSE bug 1120758cpe:/o:suse:sll:7CVE-2019-3460SUSE Liberty Linux 7
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
ModerateCVE-2019-3460 at SUSECVE-2019-3460 at NVDSUSE bug 1120758SUSE bug 1155131cpe:/o:suse:sll:7CVE-2019-3695SUSE Liberty Linux 7
A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
ImportantCVE-2019-3695 at SUSECVE-2019-3695 at NVDSUSE bug 1152533SUSE bug 1152763SUSE bug 1154062cpe:/o:suse:sll:7CVE-2019-3696SUSE Liberty Linux 7
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
ImportantCVE-2019-3696 at SUSECVE-2019-3696 at NVDSUSE bug 1152533SUSE bug 1153921SUSE bug 1154062cpe:/o:suse:sll:7CVE-2019-3811SUSE Liberty Linux 7
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
ModerateCVE-2019-3811 at SUSECVE-2019-3811 at NVDSUSE bug 1121759cpe:/o:suse:sll:7CVE-2019-3813SUSE Liberty Linux 7
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
ImportantCVE-2019-3813 at SUSECVE-2019-3813 at NVDSUSE bug 1122706cpe:/o:suse:sll:7CVE-2019-3814SUSE Liberty Linux 7
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
ImportantCVE-2019-3814 at SUSECVE-2019-3814 at NVDSUSE bug 1123022cpe:/o:suse:sll:7CVE-2019-3815SUSE Liberty Linux 7
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
LowCVE-2019-3815 at SUSECVE-2019-3815 at NVDSUSE bug 1108912SUSE bug 1120323SUSE bug 1122265cpe:/o:suse:sll:7CVE-2019-3816SUSE Liberty Linux 7
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
ImportantCVE-2019-3816 at SUSECVE-2019-3816 at NVDSUSE bug 1122623cpe:/o:suse:sll:7CVE-2019-3820SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
ModerateCVE-2019-3820 at SUSECVE-2019-3820 at NVDSUSE bug 1124493cpe:/o:suse:sll:7CVE-2019-3827SUSE Liberty Linux 7
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
CVE-2019-3827 at SUSECVE-2019-3827 at NVDSUSE bug 1125084cpe:/o:suse:sll:7CVE-2019-3833SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
ImportantCVE-2019-3833 at SUSECVE-2019-3833 at NVDSUSE bug 1122623cpe:/o:suse:sll:7CVE-2019-3835SUSE Liberty Linux 7
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
ImportantCVE-2019-3835 at SUSECVE-2019-3835 at NVDSUSE bug 1129180cpe:/o:suse:sll:7CVE-2019-3838SUSE Liberty Linux 7
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
ImportantCVE-2019-3838 at SUSECVE-2019-3838 at NVDSUSE bug 1018128SUSE bug 1030263SUSE bug 1032135SUSE bug 1038835SUSE bug 1050888SUSE bug 1050889SUSE bug 1106171SUSE bug 1106172SUSE bug 1106173SUSE bug 1107422SUSE bug 1107423SUSE bug 1107581SUSE bug 1111479SUSE bug 1112229SUSE bug 1114495SUSE bug 1117022SUSE bug 1117327SUSE bug 1118318SUSE bug 1129180SUSE bug 1129186SUSE bug 1136756cpe:/o:suse:sll:7CVE-2019-3839SUSE Liberty Linux 7
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
ImportantCVE-2019-3839 at SUSECVE-2019-3839 at NVDSUSE bug 1134156cpe:/o:suse:sll:7CVE-2019-3840SUSE Liberty Linux 7
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
ModerateCVE-2019-3840 at SUSECVE-2019-3840 at NVDSUSE bug 1127458cpe:/o:suse:sll:7CVE-2019-3846SUSE Liberty Linux 7
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
ModerateCVE-2019-3846 at SUSECVE-2019-3846 at NVDSUSE bug 1136424SUSE bug 1136446SUSE bug 1156330cpe:/o:suse:sll:7CVE-2019-3855SUSE Liberty Linux 7
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
ModerateCVE-2019-3855 at SUSECVE-2019-3855 at NVDSUSE bug 1128471SUSE bug 1134329SUSE bug 1135434SUSE bug 1141850cpe:/o:suse:sll:7CVE-2019-3856SUSE Liberty Linux 7
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
ModerateCVE-2019-3856 at SUSECVE-2019-3856 at NVDSUSE bug 1128472SUSE bug 1135434cpe:/o:suse:sll:7CVE-2019-3857SUSE Liberty Linux 7
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
ModerateCVE-2019-3857 at SUSECVE-2019-3857 at NVDSUSE bug 1128474SUSE bug 1135434cpe:/o:suse:sll:7CVE-2019-3858SUSE Liberty Linux 7
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3858 at SUSECVE-2019-3858 at NVDSUSE bug 1128476SUSE bug 1135434cpe:/o:suse:sll:7CVE-2019-3861SUSE Liberty Linux 7
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3861 at SUSECVE-2019-3861 at NVDSUSE bug 1128490SUSE bug 1135434cpe:/o:suse:sll:7CVE-2019-3862SUSE Liberty Linux 7
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
ModerateCVE-2019-3862 at SUSECVE-2019-3862 at NVDSUSE bug 1128492SUSE bug 1135434cpe:/o:suse:sll:7CVE-2019-3863SUSE Liberty Linux 7
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.
ModerateCVE-2019-3863 at SUSECVE-2019-3863 at NVDSUSE bug 1128493SUSE bug 1130103SUSE bug 1135434cpe:/o:suse:sll:7CVE-2019-3877SUSE Liberty Linux 7
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.
ModerateCVE-2019-3877 at SUSECVE-2019-3877 at NVDSUSE bug 1153666cpe:/o:suse:sll:7CVE-2019-3878SUSE Liberty Linux 7
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.
ImportantCVE-2019-3878 at SUSECVE-2019-3878 at NVDcpe:/o:suse:sll:7CVE-2019-3880SUSE Liberty Linux 7
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
ModerateCVE-2019-3880 at SUSECVE-2019-3880 at NVDSUSE bug 1131060SUSE bug 1139519cpe:/o:suse:sll:7CVE-2019-3882SUSE Liberty Linux 7
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
ModerateCVE-2019-3882 at SUSECVE-2019-3882 at NVDSUSE bug 1131416SUSE bug 1131427SUSE bug 1133319cpe:/o:suse:sll:7CVE-2019-3883SUSE Liberty Linux 7
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
ModerateCVE-2019-3883 at SUSECVE-2019-3883 at NVDSUSE bug 1132385cpe:/o:suse:sll:7CVE-2019-3890SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
ModerateCVE-2019-3890 at SUSECVE-2019-3890 at NVDSUSE bug 1131359cpe:/o:suse:sll:7CVE-2019-3900SUSE Liberty Linux 7
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
LowCVE-2019-3900 at SUSECVE-2019-3900 at NVDSUSE bug 1133374cpe:/o:suse:sll:7CVE-2019-3901SUSE Liberty Linux 7
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
LowCVE-2019-3901 at SUSECVE-2019-3901 at NVDSUSE bug 1132374SUSE bug 1133106cpe:/o:suse:sll:7CVE-2019-5010SUSE Liberty Linux 7
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
ModerateCVE-2019-5010 at SUSECVE-2019-5010 at NVDSUSE bug 1122191SUSE bug 1126909cpe:/o:suse:sll:7CVE-2019-5094SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
ModerateCVE-2019-5094 at SUSECVE-2019-5094 at NVDSUSE bug 1152101cpe:/o:suse:sll:7CVE-2019-5188SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
ModerateCVE-2019-5188 at SUSECVE-2019-5188 at NVDSUSE bug 1160571cpe:/o:suse:sll:7CVE-2019-5436SUSE Liberty Linux 7
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
ImportantCVE-2019-5436 at SUSECVE-2019-5436 at NVDSUSE bug 1135170SUSE bug 1149496SUSE bug 1154162SUSE bug 1167096cpe:/o:suse:sll:7CVE-2019-5482SUSE Liberty Linux 7
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
ImportantCVE-2019-5482 at SUSECVE-2019-5482 at NVDSUSE bug 1149496SUSE bug 1156634cpe:/o:suse:sll:7CVE-2019-5489SUSE Liberty Linux 7
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
ModerateCVE-2019-5489 at SUSECVE-2019-5489 at NVDSUSE bug 1120843SUSE bug 1120885cpe:/o:suse:sll:7CVE-2019-5544SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CriticalCVE-2019-5544 at SUSECVE-2019-5544 at NVDSUSE bug 1157869cpe:/o:suse:sll:7CVE-2019-5785SUSE Liberty Linux 7
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
ModerateCVE-2019-5785 at SUSECVE-2019-5785 at NVDSUSE bug 1125330SUSE bug 1125396cpe:/o:suse:sll:7CVE-2019-5798SUSE Liberty Linux 7
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
ModerateCVE-2019-5798 at SUSECVE-2019-5798 at NVDSUSE bug 1129059SUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-5953SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
ImportantCVE-2019-5953 at SUSECVE-2019-5953 at NVDSUSE bug 1131493cpe:/o:suse:sll:7CVE-2019-6109SUSE Liberty Linux 7 LTSS
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
ModerateCVE-2019-6109 at SUSECVE-2019-6109 at NVDSUSE bug 1121571SUSE bug 1121816SUSE bug 1121818SUSE bug 1121821SUSE bug 1138392SUSE bug 1144902SUSE bug 1144903SUSE bug 1148884CVE-2019-6110SUSE Liberty Linux 7 LTSS
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
ModerateCVE-2019-6110 at SUSECVE-2019-6110 at NVDSUSE bug 1121571SUSE bug 1121816SUSE bug 1121818SUSE bug 1121821CVE-2019-6111SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
ModerateCVE-2019-6111 at SUSECVE-2019-6111 at NVDSUSE bug 1121571SUSE bug 1121816SUSE bug 1121818SUSE bug 1121821SUSE bug 1123028SUSE bug 1123220SUSE bug 1131109SUSE bug 1138392SUSE bug 1144902SUSE bug 1144903SUSE bug 1148884SUSE bug 1201840cpe:/o:suse:sll:7CVE-2019-6116SUSE Liberty Linux 7
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
ModerateCVE-2019-6116 at SUSECVE-2019-6116 at NVDSUSE bug 1122319SUSE bug 1129186SUSE bug 1134156cpe:/o:suse:sll:7CVE-2019-6133SUSE Liberty Linux 7
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
ModerateCVE-2019-6133 at SUSECVE-2019-6133 at NVDSUSE bug 1070943SUSE bug 1121826SUSE bug 1121872cpe:/o:suse:sll:7CVE-2019-6237SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-6237 at SUSECVE-2019-6237 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-6251SUSE Liberty Linux 7
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
ImportantCVE-2019-6251 at SUSECVE-2019-6251 at NVDSUSE bug 1121894SUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-6454SUSE Liberty Linux 7
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
ImportantCVE-2019-6454 at SUSECVE-2019-6454 at NVDSUSE bug 1125352cpe:/o:suse:sll:7CVE-2019-6465SUSE Liberty Linux 7
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.
ModerateCVE-2019-6465 at SUSECVE-2019-6465 at NVDSUSE bug 1126069SUSE bug 1141730SUSE bug 1148887cpe:/o:suse:sll:7CVE-2019-6470SUSE Liberty Linux 7
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
ImportantCVE-2019-6470 at SUSECVE-2019-6470 at NVDSUSE bug 1134078cpe:/o:suse:sll:7CVE-2019-6477SUSE Liberty Linux 7
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).
ImportantCVE-2019-6477 at SUSECVE-2019-6477 at NVDSUSE bug 1157051SUSE bug 1197136cpe:/o:suse:sll:7CVE-2019-6778SUSE Liberty Linux 7
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
ImportantCVE-2019-6778 at SUSECVE-2019-6778 at NVDSUSE bug 1123156SUSE bug 1123157SUSE bug 1178658cpe:/o:suse:sll:7CVE-2019-6974SUSE Liberty Linux 7
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
ModerateCVE-2019-6974 at SUSECVE-2019-6974 at NVDSUSE bug 1124728SUSE bug 1124729cpe:/o:suse:sll:7CVE-2019-6978SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
ModerateCVE-2019-6978 at SUSECVE-2019-6978 at NVDSUSE bug 1123522cpe:/o:suse:sll:7CVE-2019-7149SUSE Liberty Linux 7
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
ModerateCVE-2019-7149 at SUSECVE-2019-7149 at NVDSUSE bug 1123559cpe:/o:suse:sll:7CVE-2019-7150SUSE Liberty Linux 7
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
LowCVE-2019-7150 at SUSECVE-2019-7150 at NVDSUSE bug 1123685cpe:/o:suse:sll:7CVE-2019-7175SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
LowCVE-2019-7175 at SUSECVE-2019-7175 at NVDSUSE bug 1128649cpe:/o:suse:sll:7CVE-2019-7221SUSE Liberty Linux 7
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
ModerateCVE-2019-7221 at SUSECVE-2019-7221 at NVDSUSE bug 1124732SUSE bug 1124734cpe:/o:suse:sll:7CVE-2019-7222SUSE Liberty Linux 7
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
LowCVE-2019-7222 at SUSECVE-2019-7222 at NVDSUSE bug 1124735cpe:/o:suse:sll:7CVE-2019-7310SUSE Liberty Linux 7
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
ModerateCVE-2019-7310 at SUSECVE-2019-7310 at NVDSUSE bug 1124150cpe:/o:suse:sll:7CVE-2019-7317SUSE Liberty Linux 7
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
ModerateCVE-2019-7317 at SUSECVE-2019-7317 at NVDSUSE bug 1124211SUSE bug 1135824SUSE bug 1141780SUSE bug 1147021SUSE bug 1165297cpe:/o:suse:sll:7CVE-2019-7397SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
LowCVE-2019-7397 at SUSECVE-2019-7397 at NVDSUSE bug 1124366cpe:/o:suse:sll:7CVE-2019-7398SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
LowCVE-2019-7398 at SUSECVE-2019-7398 at NVDSUSE bug 1124365cpe:/o:suse:sll:7CVE-2019-7524SUSE Liberty Linux 7
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
ModerateCVE-2019-7524 at SUSECVE-2019-7524 at NVDSUSE bug 1130116cpe:/o:suse:sll:7CVE-2019-7572SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
CVE-2019-7572 at SUSECVE-2019-7572 at NVDSUSE bug 1124806cpe:/o:suse:sll:7CVE-2019-7573SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
ModerateCVE-2019-7573 at SUSECVE-2019-7573 at NVDSUSE bug 1124805cpe:/o:suse:sll:7CVE-2019-7574SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
ModerateCVE-2019-7574 at SUSECVE-2019-7574 at NVDSUSE bug 1124803cpe:/o:suse:sll:7CVE-2019-7575SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
ModerateCVE-2019-7575 at SUSECVE-2019-7575 at NVDSUSE bug 1124802cpe:/o:suse:sll:7CVE-2019-7576SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
ModerateCVE-2019-7576 at SUSECVE-2019-7576 at NVDSUSE bug 1124799cpe:/o:suse:sll:7CVE-2019-7577SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
ModerateCVE-2019-7577 at SUSECVE-2019-7577 at NVDSUSE bug 1124800cpe:/o:suse:sll:7CVE-2019-7578SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
ModerateCVE-2019-7578 at SUSECVE-2019-7578 at NVDSUSE bug 1125099cpe:/o:suse:sll:7CVE-2019-7635SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.
ModerateCVE-2019-7635 at SUSECVE-2019-7635 at NVDSUSE bug 1124827cpe:/o:suse:sll:7CVE-2019-7636SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.
ModerateCVE-2019-7636 at SUSECVE-2019-7636 at NVDSUSE bug 1124826cpe:/o:suse:sll:7CVE-2019-7637SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.
ModerateCVE-2019-7637 at SUSECVE-2019-7637 at NVDSUSE bug 1124825SUSE bug 1134135cpe:/o:suse:sll:7CVE-2019-7638SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
ModerateCVE-2019-7638 at SUSECVE-2019-7638 at NVDSUSE bug 1124824cpe:/o:suse:sll:7CVE-2019-7664SUSE Liberty Linux 7
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
LowCVE-2019-7664 at SUSECVE-2019-7664 at NVDSUSE bug 1125008cpe:/o:suse:sll:7CVE-2019-7665SUSE Liberty Linux 7
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
LowCVE-2019-7665 at SUSECVE-2019-7665 at NVDSUSE bug 1125007cpe:/o:suse:sll:7CVE-2019-8308SUSE Liberty Linux 7
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
ImportantCVE-2019-8308 at SUSECVE-2019-8308 at NVDSUSE bug 1125431cpe:/o:suse:sll:7CVE-2019-8322SUSE Liberty Linux 7
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.
ImportantCVE-2019-8322 at SUSECVE-2019-8322 at NVDSUSE bug 1130622cpe:/o:suse:sll:7CVE-2019-8323SUSE Liberty Linux 7
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.
ImportantCVE-2019-8323 at SUSECVE-2019-8323 at NVDSUSE bug 1130620cpe:/o:suse:sll:7CVE-2019-8324SUSE Liberty Linux 7
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.
ImportantCVE-2019-8324 at SUSECVE-2019-8324 at NVDSUSE bug 1130617cpe:/o:suse:sll:7CVE-2019-8325SUSE Liberty Linux 7
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
ImportantCVE-2019-8325 at SUSECVE-2019-8325 at NVDSUSE bug 1130611cpe:/o:suse:sll:7CVE-2019-8331SUSE Liberty Linux 7
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
ModerateCVE-2019-8331 at SUSECVE-2019-8331 at NVDSUSE bug 1247983cpe:/o:suse:sll:7CVE-2019-8379SUSE Liberty Linux 7
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
ImportantCVE-2019-8379 at SUSECVE-2019-8379 at NVDcpe:/o:suse:sll:7CVE-2019-8383SUSE Liberty Linux 7
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
ImportantCVE-2019-8383 at SUSECVE-2019-8383 at NVDcpe:/o:suse:sll:7CVE-2019-8506SUSE Liberty Linux 7
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8506 at SUSECVE-2019-8506 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8524SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8524 at SUSECVE-2019-8524 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8535SUSE Liberty Linux 7
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8535 at SUSECVE-2019-8535 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8536SUSE Liberty Linux 7
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8536 at SUSECVE-2019-8536 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8544SUSE Liberty Linux 7
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8544 at SUSECVE-2019-8544 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8551SUSE Liberty Linux 7
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.
ModerateCVE-2019-8551 at SUSECVE-2019-8551 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8558SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8558 at SUSECVE-2019-8558 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8559SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8559 at SUSECVE-2019-8559 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8563SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8563 at SUSECVE-2019-8563 at NVDSUSE bug 1132256cpe:/o:suse:sll:7CVE-2019-8571SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8571 at SUSECVE-2019-8571 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8583SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8583 at SUSECVE-2019-8583 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8584SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8584 at SUSECVE-2019-8584 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8586SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8586 at SUSECVE-2019-8586 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8587SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8587 at SUSECVE-2019-8587 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8594SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8594 at SUSECVE-2019-8594 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8595SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8595 at SUSECVE-2019-8595 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8596SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8596 at SUSECVE-2019-8596 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8597SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8597 at SUSECVE-2019-8597 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8601SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8601 at SUSECVE-2019-8601 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8607SUSE Liberty Linux 7
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.
LowCVE-2019-8607 at SUSECVE-2019-8607 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8608SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8608 at SUSECVE-2019-8608 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8609SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8609 at SUSECVE-2019-8609 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8610SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8610 at SUSECVE-2019-8610 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8611SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8611 at SUSECVE-2019-8611 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8615SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8615 at SUSECVE-2019-8615 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8619SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8619 at SUSECVE-2019-8619 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8622SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8622 at SUSECVE-2019-8622 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8623SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
LowCVE-2019-8623 at SUSECVE-2019-8623 at NVDSUSE bug 1135715cpe:/o:suse:sll:7CVE-2019-8625SUSE Liberty Linux 7
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2019-8625 at SUSECVE-2019-8625 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8644SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8644 at SUSECVE-2019-8644 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8649SUSE Liberty Linux 7
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
ModerateCVE-2019-8649 at SUSECVE-2019-8649 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8658SUSE Liberty Linux 7
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
ModerateCVE-2019-8658 at SUSECVE-2019-8658 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8666SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8666 at SUSECVE-2019-8666 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8669SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8669 at SUSECVE-2019-8669 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8671SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8671 at SUSECVE-2019-8671 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8672SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8672 at SUSECVE-2019-8672 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8673SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8673 at SUSECVE-2019-8673 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8674SUSE Liberty Linux 7
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2019-8674 at SUSECVE-2019-8674 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8675SUSE Liberty Linux 7
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
ModerateCVE-2019-8675 at SUSECVE-2019-8675 at NVDSUSE bug 1146358SUSE bug 1168422cpe:/o:suse:sll:7CVE-2019-8676SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8676 at SUSECVE-2019-8676 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8677SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8677 at SUSECVE-2019-8677 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8678SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8678 at SUSECVE-2019-8678 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8679SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8679 at SUSECVE-2019-8679 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8680SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8680 at SUSECVE-2019-8680 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8681SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8681 at SUSECVE-2019-8681 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8683SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8683 at SUSECVE-2019-8683 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8684SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8684 at SUSECVE-2019-8684 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8686SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8686 at SUSECVE-2019-8686 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8687SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8687 at SUSECVE-2019-8687 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8688SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8688 at SUSECVE-2019-8688 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8689SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
ModerateCVE-2019-8689 at SUSECVE-2019-8689 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8690SUSE Liberty Linux 7
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
ModerateCVE-2019-8690 at SUSECVE-2019-8690 at NVDSUSE bug 1148931cpe:/o:suse:sll:7CVE-2019-8696SUSE Liberty Linux 7
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.
ModerateCVE-2019-8696 at SUSECVE-2019-8696 at NVDSUSE bug 1146358SUSE bug 1146359cpe:/o:suse:sll:7CVE-2019-8707SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8707 at SUSECVE-2019-8707 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8710SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8710 at SUSECVE-2019-8710 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8719SUSE Liberty Linux 7
A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2019-8719 at SUSECVE-2019-8719 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8720SUSE Liberty Linux 7
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
ImportantCVE-2019-8720 at SUSECVE-2019-8720 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8726SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8726 at SUSECVE-2019-8726 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8733SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8733 at SUSECVE-2019-8733 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8735SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8735 at SUSECVE-2019-8735 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8743SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8743 at SUSECVE-2019-8743 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8763SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8763 at SUSECVE-2019-8763 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8764SUSE Liberty Linux 7
A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2019-8764 at SUSECVE-2019-8764 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8765SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8765 at SUSECVE-2019-8765 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8766SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8766 at SUSECVE-2019-8766 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8768SUSE Liberty Linux 7
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items.
ImportantCVE-2019-8768 at SUSECVE-2019-8768 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8769SUSE Liberty Linux 7
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.
ImportantCVE-2019-8769 at SUSECVE-2019-8769 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8771SUSE Liberty Linux 7
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.
ImportantCVE-2019-8771 at SUSECVE-2019-8771 at NVDSUSE bug 1155321cpe:/o:suse:sll:7CVE-2019-8782SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8782 at SUSECVE-2019-8782 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8783SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8783 at SUSECVE-2019-8783 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8808SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8808 at SUSECVE-2019-8808 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8811SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8811 at SUSECVE-2019-8811 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8812SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8812 at SUSECVE-2019-8812 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8813SUSE Liberty Linux 7
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2019-8813 at SUSECVE-2019-8813 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8814SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8814 at SUSECVE-2019-8814 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8815SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8815 at SUSECVE-2019-8815 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8816SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8816 at SUSECVE-2019-8816 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8819SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8819 at SUSECVE-2019-8819 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8820SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8820 at SUSECVE-2019-8820 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8821SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8821 at SUSECVE-2019-8821 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8822SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8822 at SUSECVE-2019-8822 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8823SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8823 at SUSECVE-2019-8823 at NVDSUSE bug 1156318cpe:/o:suse:sll:7CVE-2019-8835SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8835 at SUSECVE-2019-8835 at NVDSUSE bug 1161719cpe:/o:suse:sll:7CVE-2019-8844SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8844 at SUSECVE-2019-8844 at NVDSUSE bug 1161719cpe:/o:suse:sll:7CVE-2019-8846SUSE Liberty Linux 7
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2019-8846 at SUSECVE-2019-8846 at NVDSUSE bug 1161719cpe:/o:suse:sll:7CVE-2019-9024SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
ModerateCVE-2019-9024 at SUSECVE-2019-9024 at NVDSUSE bug 1126821cpe:/o:suse:sll:7CVE-2019-9200SUSE Liberty Linux 7
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
ImportantCVE-2019-9200 at SUSECVE-2019-9200 at NVDSUSE bug 1127329cpe:/o:suse:sll:7CVE-2019-9210SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
ImportantCVE-2019-9210 at SUSECVE-2019-9210 at NVDcpe:/o:suse:sll:7CVE-2019-9232SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
ModerateCVE-2019-9232 at SUSECVE-2019-9232 at NVDSUSE bug 1160613cpe:/o:suse:sll:7CVE-2019-9278SUSE Liberty Linux 7
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
ImportantCVE-2019-9278 at SUSECVE-2019-9278 at NVDSUSE bug 1160770cpe:/o:suse:sll:7CVE-2019-9433SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
ModerateCVE-2019-9433 at SUSECVE-2019-9433 at NVDSUSE bug 1160614cpe:/o:suse:sll:7CVE-2019-9454SUSE Liberty Linux 7
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
ModerateCVE-2019-9454 at SUSECVE-2019-9454 at NVDSUSE bug 1150023cpe:/o:suse:sll:7CVE-2019-9458SUSE Liberty Linux 7
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
ImportantCVE-2019-9458 at SUSECVE-2019-9458 at NVDSUSE bug 1168295SUSE bug 1173963cpe:/o:suse:sll:7CVE-2019-9500SUSE Liberty Linux 7
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
LowCVE-2019-9500 at SUSECVE-2019-9500 at NVDSUSE bug 1132681cpe:/o:suse:sll:7CVE-2019-9503SUSE Liberty Linux 7
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
ModerateCVE-2019-9503 at SUSECVE-2019-9503 at NVDSUSE bug 1132673SUSE bug 1132828SUSE bug 1133319SUSE bug 1156653cpe:/o:suse:sll:7CVE-2019-9506SUSE Liberty Linux 7
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
ModerateCVE-2019-9506 at SUSECVE-2019-9506 at NVDSUSE bug 1137865SUSE bug 1146042cpe:/o:suse:sll:7CVE-2019-9631SUSE Liberty Linux 7
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
LowCVE-2019-9631 at SUSECVE-2019-9631 at NVDSUSE bug 1129202cpe:/o:suse:sll:7CVE-2019-9636SUSE Liberty Linux 7
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
ModerateCVE-2019-9636 at SUSECVE-2019-9636 at NVDSUSE bug 1129346SUSE bug 1135433SUSE bug 1138459SUSE bug 1145004cpe:/o:suse:sll:7CVE-2019-9740SUSE Liberty Linux 7
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
ModerateCVE-2019-9740 at SUSECVE-2019-9740 at NVDSUSE bug 1129071SUSE bug 1130840SUSE bug 1132663cpe:/o:suse:sll:7CVE-2019-9755SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
ModerateCVE-2019-9755 at SUSECVE-2019-9755 at NVDSUSE bug 1130165cpe:/o:suse:sll:7CVE-2019-9788SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
ImportantCVE-2019-9788 at SUSECVE-2019-9788 at NVDSUSE bug 1129821cpe:/o:suse:sll:7CVE-2019-9790SUSE Liberty Linux 7
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
ImportantCVE-2019-9790 at SUSECVE-2019-9790 at NVDSUSE bug 1129821cpe:/o:suse:sll:7CVE-2019-9791SUSE Liberty Linux 7
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
ImportantCVE-2019-9791 at SUSECVE-2019-9791 at NVDSUSE bug 1129821cpe:/o:suse:sll:7CVE-2019-9792SUSE Liberty Linux 7
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
ImportantCVE-2019-9792 at SUSECVE-2019-9792 at NVDSUSE bug 1129821cpe:/o:suse:sll:7CVE-2019-9793SUSE Liberty Linux 7
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
ImportantCVE-2019-9793 at SUSECVE-2019-9793 at NVDSUSE bug 1129821cpe:/o:suse:sll:7CVE-2019-9795SUSE Liberty Linux 7
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
ImportantCVE-2019-9795 at SUSECVE-2019-9795 at NVDSUSE bug 1129821cpe:/o:suse:sll:7CVE-2019-9796SUSE Liberty Linux 7
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
ImportantCVE-2019-9796 at SUSECVE-2019-9796 at NVDSUSE bug 1129821cpe:/o:suse:sll:7CVE-2019-9797SUSE Liberty Linux 7
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.
ImportantCVE-2019-9797 at SUSECVE-2019-9797 at NVDSUSE bug 1129821SUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-9800SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-9800 at SUSECVE-2019-9800 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-9810SUSE Liberty Linux 7
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
ModerateCVE-2019-9810 at SUSECVE-2019-9810 at NVDSUSE bug 1129821SUSE bug 1130262cpe:/o:suse:sll:7CVE-2019-9811SUSE Liberty Linux 7
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
ImportantCVE-2019-9811 at SUSECVE-2019-9811 at NVDSUSE bug 1140868cpe:/o:suse:sll:7CVE-2019-9812SUSE Liberty Linux 7
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69.
ImportantCVE-2019-9812 at SUSECVE-2019-9812 at NVDSUSE bug 1149294SUSE bug 1149323SUSE bug 1149324cpe:/o:suse:sll:7CVE-2019-9813SUSE Liberty Linux 7
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
ModerateCVE-2019-9813 at SUSECVE-2019-9813 at NVDSUSE bug 1129821SUSE bug 1130262cpe:/o:suse:sll:7CVE-2019-9816SUSE Liberty Linux 7
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-9816 at SUSECVE-2019-9816 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-9817SUSE Liberty Linux 7
Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-9817 at SUSECVE-2019-9817 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-9819SUSE Liberty Linux 7
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-9819 at SUSECVE-2019-9819 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-9820SUSE Liberty Linux 7
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
ImportantCVE-2019-9820 at SUSECVE-2019-9820 at NVDSUSE bug 1135824cpe:/o:suse:sll:7CVE-2019-9824SUSE Liberty Linux 7
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
LowCVE-2019-9824 at SUSECVE-2019-9824 at NVDSUSE bug 1118900SUSE bug 1129622SUSE bug 1129623SUSE bug 1178658cpe:/o:suse:sll:7CVE-2019-9924SUSE Liberty Linux 7
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
ModerateCVE-2019-9924 at SUSECVE-2019-9924 at NVDSUSE bug 1130324cpe:/o:suse:sll:7CVE-2019-9947SUSE Liberty Linux 7
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
ModerateCVE-2019-9947 at SUSECVE-2019-9947 at NVDSUSE bug 1130840SUSE bug 1136184SUSE bug 1155094SUSE bug 1201559cpe:/o:suse:sll:7CVE-2019-9948SUSE Liberty Linux 7
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
LowCVE-2019-9948 at SUSECVE-2019-9948 at NVDSUSE bug 1130847SUSE bug 1135433cpe:/o:suse:sll:7CVE-2019-9956SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
ModerateCVE-2019-9956 at SUSECVE-2019-9956 at NVDSUSE bug 1130330cpe:/o:suse:sll:7CVE-2019-9959SUSE Liberty Linux 7
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
LowCVE-2019-9959 at SUSECVE-2019-9959 at NVDSUSE bug 1142465cpe:/o:suse:sll:7CVE-2020-0034SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770
ModerateCVE-2020-0034 at SUSECVE-2020-0034 at NVDSUSE bug 1166066cpe:/o:suse:sll:7CVE-2020-0093SUSE Liberty Linux 7
In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132
ModerateCVE-2020-0093 at SUSECVE-2020-0093 at NVDSUSE bug 1171847SUSE bug 1172116cpe:/o:suse:sll:7CVE-2020-0182SUSE Liberty Linux 7
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917
ModerateCVE-2020-0182 at SUSECVE-2020-0182 at NVDSUSE bug 1172766cpe:/o:suse:sll:7CVE-2020-0427SUSE Liberty Linux 7
In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171
ModerateCVE-2020-0427 at SUSECVE-2020-0427 at NVDSUSE bug 1176725cpe:/o:suse:sll:7CVE-2020-0452SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731
ImportantCVE-2020-0452 at SUSECVE-2020-0452 at NVDSUSE bug 1178479SUSE bug 1208307cpe:/o:suse:sll:7CVE-2020-0465SUSE Liberty Linux 7
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel
ImportantCVE-2020-0465 at SUSECVE-2020-0465 at NVDSUSE bug 1180029SUSE bug 1180030cpe:/o:suse:sll:7CVE-2020-0466SUSE Liberty Linux 7
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel
ImportantCVE-2020-0466 at SUSECVE-2020-0466 at NVDSUSE bug 1180031SUSE bug 1180032SUSE bug 1199255SUSE bug 1200084cpe:/o:suse:sll:7CVE-2020-0543SUSE Liberty Linux 7
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-0543 at SUSECVE-2020-0543 at NVDSUSE bug 1154824SUSE bug 1172205SUSE bug 1172206SUSE bug 1172207SUSE bug 1172770SUSE bug 1178658SUSE bug 1201877cpe:/o:suse:sll:7CVE-2020-0548SUSE Liberty Linux 7
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-0548 at SUSECVE-2020-0548 at NVDSUSE bug 1156353cpe:/o:suse:sll:7CVE-2020-0549SUSE Liberty Linux 7
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-0549 at SUSECVE-2020-0549 at NVDSUSE bug 1156353cpe:/o:suse:sll:7CVE-2020-0556SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
ModerateCVE-2020-0556 at SUSECVE-2020-0556 at NVDSUSE bug 1166751cpe:/o:suse:sll:7CVE-2020-0569SUSE Liberty Linux 7
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
ImportantCVE-2020-0569 at SUSECVE-2020-0569 at NVDSUSE bug 1161167SUSE bug 1162191cpe:/o:suse:sll:7CVE-2020-0570SUSE Liberty Linux 7
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
ImportantCVE-2020-0570 at SUSECVE-2020-0570 at NVDSUSE bug 1161167SUSE bug 1162191cpe:/o:suse:sll:7CVE-2020-10018SUSE Liberty Linux 7
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
ModerateCVE-2020-10018 at SUSECVE-2020-10018 at NVDSUSE bug 1165528cpe:/o:suse:sll:7CVE-2020-10029SUSE Liberty Linux 7
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
LowCVE-2020-10029 at SUSECVE-2020-10029 at NVDSUSE bug 1165784cpe:/o:suse:sll:7CVE-2020-10108SUSE Liberty Linux 7
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
ImportantCVE-2020-10108 at SUSECVE-2020-10108 at NVDSUSE bug 1166457cpe:/o:suse:sll:7CVE-2020-10109SUSE Liberty Linux 7
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
ImportantCVE-2020-10109 at SUSECVE-2020-10109 at NVDSUSE bug 1166458cpe:/o:suse:sll:7CVE-2020-10188SUSE Liberty Linux 7
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
ImportantCVE-2020-10188 at SUSECVE-2020-10188 at NVDSUSE bug 1165787cpe:/o:suse:sll:7CVE-2020-10531SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
ImportantCVE-2020-10531 at SUSECVE-2020-10531 at NVDSUSE bug 1166844SUSE bug 1175778cpe:/o:suse:sll:7CVE-2020-10543SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
ModerateCVE-2020-10543 at SUSECVE-2020-10543 at NVDSUSE bug 1171863SUSE bug 1225627cpe:/o:suse:sll:7CVE-2020-10690SUSE Liberty Linux 7
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
ModerateCVE-2020-10690 at SUSECVE-2020-10690 at NVDSUSE bug 1170056cpe:/o:suse:sll:7CVE-2020-10703SUSE Liberty Linux 7
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.
ModerateCVE-2020-10703 at SUSECVE-2020-10703 at NVDSUSE bug 1168683cpe:/o:suse:sll:7CVE-2020-10711SUSE Liberty Linux 7
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
ModerateCVE-2020-10711 at SUSECVE-2020-10711 at NVDSUSE bug 1171191cpe:/o:suse:sll:7CVE-2020-10732SUSE Liberty Linux 7
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
LowCVE-2020-10732 at SUSECVE-2020-10732 at NVDSUSE bug 1171220cpe:/o:suse:sll:7CVE-2020-10742SUSE Liberty Linux 7
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.
ModerateCVE-2020-10742 at SUSECVE-2020-10742 at NVDSUSE bug 1171984cpe:/o:suse:sll:7CVE-2020-10751SUSE Liberty Linux 7
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
ModerateCVE-2020-10751 at SUSECVE-2020-10751 at NVDSUSE bug 1171189SUSE bug 1174963cpe:/o:suse:sll:7CVE-2020-10754SUSE Liberty Linux 7
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.
ModerateCVE-2020-10754 at SUSECVE-2020-10754 at NVDSUSE bug 1172457cpe:/o:suse:sll:7CVE-2020-10757SUSE Liberty Linux 7
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
ImportantCVE-2020-10757 at SUSECVE-2020-10757 at NVDSUSE bug 1159281SUSE bug 1172317SUSE bug 1172437cpe:/o:suse:sll:7CVE-2020-10769SUSE Liberty Linux 7
A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.
ModerateCVE-2020-10769 at SUSECVE-2020-10769 at NVDSUSE bug 1173265cpe:/o:suse:sll:7CVE-2020-10772SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.
ImportantCVE-2020-10772 at SUSECVE-2020-10772 at NVDSUSE bug 1171889cpe:/o:suse:sll:7CVE-2020-10878SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
ModerateCVE-2020-10878 at SUSECVE-2020-10878 at NVDSUSE bug 1171864SUSE bug 1225627cpe:/o:suse:sll:7CVE-2020-10942SUSE Liberty Linux 7
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
ModerateCVE-2020-10942 at SUSECVE-2020-10942 at NVDSUSE bug 1167629cpe:/o:suse:sll:7CVE-2020-11008SUSE Liberty Linux 7
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.
ModerateCVE-2020-11008 at SUSECVE-2020-11008 at NVDSUSE bug 1169936SUSE bug 1170741cpe:/o:suse:sll:7CVE-2020-11018SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.
ImportantCVE-2020-11018 at SUSECVE-2020-11018 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11019SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.
ImportantCVE-2020-11019 at SUSECVE-2020-11019 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11022SUSE Liberty Linux 7
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
ModerateCVE-2020-11022 at SUSECVE-2020-11022 at NVDSUSE bug 1173090SUSE bug 1178434SUSE bug 1190663cpe:/o:suse:sll:7CVE-2020-11023SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
ModerateCVE-2020-11023 at SUSECVE-2020-11023 at NVDSUSE bug 1173090SUSE bug 1178434SUSE bug 1190660cpe:/o:suse:sll:7CVE-2020-11038SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
ImportantCVE-2020-11038 at SUSECVE-2020-11038 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11039SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.
ImportantCVE-2020-11039 at SUSECVE-2020-11039 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11040SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.
ImportantCVE-2020-11040 at SUSECVE-2020-11040 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11041SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.
ImportantCVE-2020-11041 at SUSECVE-2020-11041 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11042SUSE Liberty Linux 7
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.
ImportantCVE-2020-11042 at SUSECVE-2020-11042 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11043SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0.
ImportantCVE-2020-11043 at SUSECVE-2020-11043 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11044SUSE Liberty Linux 7
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.
ImportantCVE-2020-11044 at SUSECVE-2020-11044 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11045SUSE Liberty Linux 7
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.
ImportantCVE-2020-11045 at SUSECVE-2020-11045 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11046SUSE Liberty Linux 7
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
ImportantCVE-2020-11046 at SUSECVE-2020-11046 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11047SUSE Liberty Linux 7
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
ImportantCVE-2020-11047 at SUSECVE-2020-11047 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11048SUSE Liberty Linux 7
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.
ImportantCVE-2020-11048 at SUSECVE-2020-11048 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11049SUSE Liberty Linux 7
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
ImportantCVE-2020-11049 at SUSECVE-2020-11049 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11058SUSE Liberty Linux 7
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.
ImportantCVE-2020-11058 at SUSECVE-2020-11058 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11078SUSE Liberty Linux 7
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
ModerateCVE-2020-11078 at SUSECVE-2020-11078 at NVDSUSE bug 1171998cpe:/o:suse:sll:7CVE-2020-11085SUSE Liberty Linux 7
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.
ImportantCVE-2020-11085 at SUSECVE-2020-11085 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11086SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.
ImportantCVE-2020-11086 at SUSECVE-2020-11086 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11087SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.
ImportantCVE-2020-11087 at SUSECVE-2020-11087 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11088SUSE Liberty Linux 7
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.
ImportantCVE-2020-11088 at SUSECVE-2020-11088 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11089SUSE Liberty Linux 7
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.
ImportantCVE-2020-11089 at SUSECVE-2020-11089 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-11522SUSE Liberty Linux 7
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
ModerateCVE-2020-11522 at SUSECVE-2020-11522 at NVDSUSE bug 1169413SUSE bug 1171444cpe:/o:suse:sll:7CVE-2020-11525SUSE Liberty Linux 7
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
LowCVE-2020-11525 at SUSECVE-2020-11525 at NVDSUSE bug 1169413SUSE bug 1171447cpe:/o:suse:sll:7CVE-2020-11526SUSE Liberty Linux 7
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
LowCVE-2020-11526 at SUSECVE-2020-11526 at NVDSUSE bug 1169413SUSE bug 1171674cpe:/o:suse:sll:7CVE-2020-11565SUSE Liberty Linux 7
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”
ModerateCVE-2020-11565 at SUSECVE-2020-11565 at NVDSUSE bug 1168831cpe:/o:suse:sll:7CVE-2020-11668SUSE Liberty Linux 7
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
ImportantCVE-2020-11668 at SUSECVE-2020-11668 at NVDSUSE bug 1168952SUSE bug 1173942cpe:/o:suse:sll:7CVE-2020-11761SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.
LowCVE-2020-11761 at SUSECVE-2020-11761 at NVDSUSE bug 1169578cpe:/o:suse:sll:7CVE-2020-11763SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.
LowCVE-2020-11763 at SUSECVE-2020-11763 at NVDSUSE bug 1169576cpe:/o:suse:sll:7CVE-2020-11764SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
LowCVE-2020-11764 at SUSECVE-2020-11764 at NVDSUSE bug 1169574cpe:/o:suse:sll:7CVE-2020-11793SUSE Liberty Linux 7
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
ModerateCVE-2020-11793 at SUSECVE-2020-11793 at NVDSUSE bug 1169658cpe:/o:suse:sll:7CVE-2020-11868SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
LowCVE-2020-11868 at SUSECVE-2020-11868 at NVDSUSE bug 1169740cpe:/o:suse:sll:7CVE-2020-11945SUSE Liberty Linux 7
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
ImportantCVE-2020-11945 at SUSECVE-2020-11945 at NVDSUSE bug 1170313cpe:/o:suse:sll:7CVE-2020-12049SUSE Liberty Linux 7
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
ModerateCVE-2020-12049 at SUSECVE-2020-12049 at NVDSUSE bug 1172505cpe:/o:suse:sll:7CVE-2020-12100SUSE Liberty Linux 7
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
ImportantCVE-2020-12100 at SUSECVE-2020-12100 at NVDSUSE bug 1174920SUSE bug 1180406cpe:/o:suse:sll:7CVE-2020-12243SUSE Liberty Linux 7
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
ImportantCVE-2020-12243 at SUSECVE-2020-12243 at NVDSUSE bug 1170771cpe:/o:suse:sll:7CVE-2020-12321SUSE Liberty Linux 7
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CriticalCVE-2020-12321 at SUSECVE-2020-12321 at NVDSUSE bug 1178671cpe:/o:suse:sll:7CVE-2020-12362SUSE Liberty Linux 7
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
ImportantCVE-2020-12362 at SUSECVE-2020-12362 at NVDSUSE bug 1181720SUSE bug 1182033SUSE bug 1190859cpe:/o:suse:sll:7CVE-2020-12363SUSE Liberty Linux 7
Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
ModerateCVE-2020-12363 at SUSECVE-2020-12363 at NVDSUSE bug 1181720SUSE bug 1181735cpe:/o:suse:sll:7CVE-2020-12364SUSE Liberty Linux 7
Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.
ModerateCVE-2020-12364 at SUSECVE-2020-12364 at NVDSUSE bug 1181720SUSE bug 1181736cpe:/o:suse:sll:7CVE-2020-12387SUSE Liberty Linux 7
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
ImportantCVE-2020-12387 at SUSECVE-2020-12387 at NVDSUSE bug 1171186cpe:/o:suse:sll:7CVE-2020-12392SUSE Liberty Linux 7
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
ImportantCVE-2020-12392 at SUSECVE-2020-12392 at NVDSUSE bug 1171186cpe:/o:suse:sll:7CVE-2020-12395SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
ImportantCVE-2020-12395 at SUSECVE-2020-12395 at NVDSUSE bug 1171186cpe:/o:suse:sll:7CVE-2020-12397SUSE Liberty Linux 7
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.
ModerateCVE-2020-12397 at SUSECVE-2020-12397 at NVDSUSE bug 1171186cpe:/o:suse:sll:7CVE-2020-12398SUSE Liberty Linux 7
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.
ImportantCVE-2020-12398 at SUSECVE-2020-12398 at NVDSUSE bug 1172402cpe:/o:suse:sll:7CVE-2020-12400SUSE Liberty Linux 7
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
CriticalCVE-2020-12400 at SUSECVE-2020-12400 at NVDSUSE bug 1174763SUSE bug 1175686cpe:/o:suse:sll:7CVE-2020-12401SUSE Liberty Linux 7
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
CriticalCVE-2020-12401 at SUSECVE-2020-12401 at NVDSUSE bug 1174763SUSE bug 1175686cpe:/o:suse:sll:7CVE-2020-12402SUSE Liberty Linux 7
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
ModerateCVE-2020-12402 at SUSECVE-2020-12402 at NVDSUSE bug 1173032SUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12403SUSE Liberty Linux 7
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
CriticalCVE-2020-12403 at SUSECVE-2020-12403 at NVDSUSE bug 1174763cpe:/o:suse:sll:7CVE-2020-12405SUSE Liberty Linux 7
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
ImportantCVE-2020-12405 at SUSECVE-2020-12405 at NVDSUSE bug 1172402cpe:/o:suse:sll:7CVE-2020-12406SUSE Liberty Linux 7
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
ImportantCVE-2020-12406 at SUSECVE-2020-12406 at NVDSUSE bug 1172402cpe:/o:suse:sll:7CVE-2020-12410SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
ImportantCVE-2020-12410 at SUSECVE-2020-12410 at NVDSUSE bug 1172402cpe:/o:suse:sll:7CVE-2020-12417SUSE Liberty Linux 7
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12417 at SUSECVE-2020-12417 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12418SUSE Liberty Linux 7
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12418 at SUSECVE-2020-12418 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12419SUSE Liberty Linux 7
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12419 at SUSECVE-2020-12419 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12420SUSE Liberty Linux 7
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12420 at SUSECVE-2020-12420 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12421SUSE Liberty Linux 7
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
ImportantCVE-2020-12421 at SUSECVE-2020-12421 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12422SUSE Liberty Linux 7
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12422 at SUSECVE-2020-12422 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12424SUSE Liberty Linux 7
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12424 at SUSECVE-2020-12424 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12425SUSE Liberty Linux 7
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.
ImportantCVE-2020-12425 at SUSECVE-2020-12425 at NVDSUSE bug 1173576SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-12653SUSE Liberty Linux 7
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
ImportantCVE-2020-12653 at SUSECVE-2020-12653 at NVDSUSE bug 1159281SUSE bug 1171195SUSE bug 1171254cpe:/o:suse:sll:7CVE-2020-12654SUSE Liberty Linux 7
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
ImportantCVE-2020-12654 at SUSECVE-2020-12654 at NVDSUSE bug 1159281SUSE bug 1171202SUSE bug 1171252cpe:/o:suse:sll:7CVE-2020-12662SUSE Liberty Linux 7
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
ImportantCVE-2020-12662 at SUSECVE-2020-12662 at NVDSUSE bug 1171889cpe:/o:suse:sll:7CVE-2020-12663SUSE Liberty Linux 7
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
ImportantCVE-2020-12663 at SUSECVE-2020-12663 at NVDSUSE bug 1171889cpe:/o:suse:sll:7CVE-2020-12673SUSE Liberty Linux 7
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
ImportantCVE-2020-12673 at SUSECVE-2020-12673 at NVDSUSE bug 1174920SUSE bug 1174922cpe:/o:suse:sll:7CVE-2020-12674SUSE Liberty Linux 7
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
ImportantCVE-2020-12674 at SUSECVE-2020-12674 at NVDSUSE bug 1174920SUSE bug 1174923cpe:/o:suse:sll:7CVE-2020-12723SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
ModerateCVE-2020-12723 at SUSECVE-2020-12723 at NVDSUSE bug 1171866SUSE bug 1225627cpe:/o:suse:sll:7CVE-2020-12767SUSE Liberty Linux 7
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
ModerateCVE-2020-12767 at SUSECVE-2020-12767 at NVDSUSE bug 1171475cpe:/o:suse:sll:7CVE-2020-12770SUSE Liberty Linux 7
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
ModerateCVE-2020-12770 at SUSECVE-2020-12770 at NVDSUSE bug 1171420cpe:/o:suse:sll:7CVE-2020-12825SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
ImportantCVE-2020-12825 at SUSECVE-2020-12825 at NVDSUSE bug 1171685SUSE bug 1203730SUSE bug 1208647cpe:/o:suse:sll:7CVE-2020-12826SUSE Liberty Linux 7
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
ModerateCVE-2020-12826 at SUSECVE-2020-12826 at NVDSUSE bug 1171727SUSE bug 1171985cpe:/o:suse:sll:7CVE-2020-12888SUSE Liberty Linux 7
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
ModerateCVE-2020-12888 at SUSECVE-2020-12888 at NVDSUSE bug 1159281SUSE bug 1171868SUSE bug 1176979SUSE bug 1179612cpe:/o:suse:sll:7CVE-2020-13112SUSE Liberty Linux 7
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
CriticalCVE-2020-13112 at SUSECVE-2020-13112 at NVDSUSE bug 1172116cpe:/o:suse:sll:7CVE-2020-13113SUSE Liberty Linux 7
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
ImportantCVE-2020-13113 at SUSECVE-2020-13113 at NVDSUSE bug 1172105cpe:/o:suse:sll:7CVE-2020-13114SUSE Liberty Linux 7
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
ModerateCVE-2020-13114 at SUSECVE-2020-13114 at NVDSUSE bug 1172121cpe:/o:suse:sll:7CVE-2020-13396SUSE Liberty Linux 7
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
ImportantCVE-2020-13396 at SUSECVE-2020-13396 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-13397SUSE Liberty Linux 7
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
ImportantCVE-2020-13397 at SUSECVE-2020-13397 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-13398SUSE Liberty Linux 7
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
ImportantCVE-2020-13398 at SUSECVE-2020-13398 at NVDSUSE bug 1171441cpe:/o:suse:sll:7CVE-2020-13692SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
ModerateCVE-2020-13692 at SUSECVE-2020-13692 at NVDSUSE bug 1172746cpe:/o:suse:sll:7CVE-2020-13765SUSE Liberty Linux 7
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
ImportantCVE-2020-13765 at SUSECVE-2020-13765 at NVDSUSE bug 1172478cpe:/o:suse:sll:7CVE-2020-13817SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
ModerateCVE-2020-13817 at SUSECVE-2020-13817 at NVDSUSE bug 1172651cpe:/o:suse:sll:7CVE-2020-13867SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
ModerateCVE-2020-13867 at SUSECVE-2020-13867 at NVDSUSE bug 1172743cpe:/o:suse:sll:7CVE-2020-13935SUSE Liberty Linux 7
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
ImportantCVE-2020-13935 at SUSECVE-2020-13935 at NVDSUSE bug 1174117cpe:/o:suse:sll:7CVE-2020-14019SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
ModerateCVE-2020-14019 at SUSECVE-2020-14019 at NVDSUSE bug 1173257cpe:/o:suse:sll:7CVE-2020-14145SUSE Liberty Linux 7 LTSS
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
ModerateCVE-2020-14145 at SUSECVE-2020-14145 at NVDSUSE bug 1173513SUSE bug 1177569SUSE bug 1189078CVE-2020-14305SUSE Liberty Linux 7
An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ModerateCVE-2020-14305 at SUSECVE-2020-14305 at NVDSUSE bug 1173346cpe:/o:suse:sll:7CVE-2020-14314SUSE Liberty Linux 7
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-14314 at SUSECVE-2020-14314 at NVDSUSE bug 1173798cpe:/o:suse:sll:7CVE-2020-14318SUSE Liberty Linux 7
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.
ModerateCVE-2020-14318 at SUSECVE-2020-14318 at NVDSUSE bug 1173902cpe:/o:suse:sll:7CVE-2020-14323SUSE Liberty Linux 7
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
ModerateCVE-2020-14323 at SUSECVE-2020-14323 at NVDSUSE bug 1173994cpe:/o:suse:sll:7CVE-2020-14331SUSE Liberty Linux 7
A flaw was found in the Linux kernel's implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14331 at SUSECVE-2020-14331 at NVDSUSE bug 1174205SUSE bug 1174247cpe:/o:suse:sll:7CVE-2020-14345SUSE Liberty Linux 7
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14345 at SUSECVE-2020-14345 at NVDSUSE bug 1174635SUSE bug 1174638SUSE bug 1174908SUSE bug 1174910SUSE bug 1174913SUSE bug 1177596SUSE bug 1181067cpe:/o:suse:sll:7CVE-2020-14346SUSE Liberty Linux 7
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14346 at SUSECVE-2020-14346 at NVDSUSE bug 1174635SUSE bug 1174638SUSE bug 1174910SUSE bug 1174913cpe:/o:suse:sll:7CVE-2020-14347SUSE Liberty Linux 7
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
ModerateCVE-2020-14347 at SUSECVE-2020-14347 at NVDSUSE bug 1174633cpe:/o:suse:sll:7CVE-2020-14351SUSE Liberty Linux 7
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ModerateCVE-2020-14351 at SUSECVE-2020-14351 at NVDSUSE bug 1177086cpe:/o:suse:sll:7CVE-2020-14352SUSE Liberty Linux 7
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.
ImportantCVE-2020-14352 at SUSECVE-2020-14352 at NVDSUSE bug 1175475cpe:/o:suse:sll:7CVE-2020-14355SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.
ModerateCVE-2020-14355 at SUSECVE-2020-14355 at NVDSUSE bug 1177158cpe:/o:suse:sll:7CVE-2020-14360SUSE Liberty Linux 7
A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14360 at SUSECVE-2020-14360 at NVDSUSE bug 1174908SUSE bug 1177596cpe:/o:suse:sll:7CVE-2020-14361SUSE Liberty Linux 7
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14361 at SUSECVE-2020-14361 at NVDSUSE bug 1174635SUSE bug 1174638SUSE bug 1174910SUSE bug 1174913cpe:/o:suse:sll:7CVE-2020-14362SUSE Liberty Linux 7
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-14362 at SUSECVE-2020-14362 at NVDSUSE bug 1174635SUSE bug 1174638SUSE bug 1174910SUSE bug 1174913cpe:/o:suse:sll:7CVE-2020-14363SUSE Liberty Linux 7
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.
ImportantCVE-2020-14363 at SUSECVE-2020-14363 at NVDSUSE bug 1175239cpe:/o:suse:sll:7CVE-2020-14364SUSE Liberty Linux 7
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
ModerateCVE-2020-14364 at SUSECVE-2020-14364 at NVDSUSE bug 1175441SUSE bug 1175534SUSE bug 1176494SUSE bug 1177130cpe:/o:suse:sll:7CVE-2020-14372SUSE Liberty Linux 7
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
ImportantCVE-2020-14372 at SUSECVE-2020-14372 at NVDSUSE bug 1175970cpe:/o:suse:sll:7CVE-2020-14385SUSE Liberty Linux 7
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-14385 at SUSECVE-2020-14385 at NVDSUSE bug 1176137cpe:/o:suse:sll:7CVE-2020-14422SUSE Liberty Linux 7
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
ImportantCVE-2020-14422 at SUSECVE-2020-14422 at NVDSUSE bug 1173274cpe:/o:suse:sll:7CVE-2020-14556SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
ImportantCVE-2020-14556 at SUSECVE-2020-14556 at NVDSUSE bug 1174157SUSE bug 1175259cpe:/o:suse:sll:7CVE-2020-14562SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-14562 at SUSECVE-2020-14562 at NVDSUSE bug 1174157cpe:/o:suse:sll:7CVE-2020-14573SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ImportantCVE-2020-14573 at SUSECVE-2020-14573 at NVDSUSE bug 1174157cpe:/o:suse:sll:7CVE-2020-14577SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
ImportantCVE-2020-14577 at SUSECVE-2020-14577 at NVDSUSE bug 1174157SUSE bug 1175259cpe:/o:suse:sll:7CVE-2020-14578SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-14578 at SUSECVE-2020-14578 at NVDSUSE bug 1174157SUSE bug 1175259cpe:/o:suse:sll:7CVE-2020-14579SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-14579 at SUSECVE-2020-14579 at NVDSUSE bug 1174157SUSE bug 1175259cpe:/o:suse:sll:7CVE-2020-14583SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2020-14583 at SUSECVE-2020-14583 at NVDSUSE bug 1174157SUSE bug 1175259cpe:/o:suse:sll:7CVE-2020-14593SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).
ImportantCVE-2020-14593 at SUSECVE-2020-14593 at NVDSUSE bug 1174157SUSE bug 1175259cpe:/o:suse:sll:7CVE-2020-14621SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ImportantCVE-2020-14621 at SUSECVE-2020-14621 at NVDSUSE bug 1174157SUSE bug 1175259cpe:/o:suse:sll:7CVE-2020-1472SUSE Liberty Linux 7
Unknown.
CriticalCVE-2020-1472 at SUSECVE-2020-1472 at NVDSUSE bug 1176579cpe:/o:suse:sll:7CVE-2020-14779SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-14779 at SUSECVE-2020-14779 at NVDSUSE bug 1177943SUSE bug 1180063cpe:/o:suse:sll:7CVE-2020-14781SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14781 at SUSECVE-2020-14781 at NVDSUSE bug 1177943SUSE bug 1180063cpe:/o:suse:sll:7CVE-2020-14782SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2020-14782 at SUSECVE-2020-14782 at NVDSUSE bug 1177943SUSE bug 1180063cpe:/o:suse:sll:7CVE-2020-14792SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
ModerateCVE-2020-14792 at SUSECVE-2020-14792 at NVDSUSE bug 1177943SUSE bug 1180063cpe:/o:suse:sll:7CVE-2020-14796SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14796 at SUSECVE-2020-14796 at NVDSUSE bug 1177943SUSE bug 1180063cpe:/o:suse:sll:7CVE-2020-14797SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2020-14797 at SUSECVE-2020-14797 at NVDSUSE bug 1177943SUSE bug 1180063cpe:/o:suse:sll:7CVE-2020-14803SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2020-14803 at SUSECVE-2020-14803 at NVDSUSE bug 1177943SUSE bug 1181239SUSE bug 1182186cpe:/o:suse:sll:7CVE-2020-15049SUSE Liberty Linux 7
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
ImportantCVE-2020-15049 at SUSECVE-2020-15049 at NVDSUSE bug 1173455SUSE bug 1174381cpe:/o:suse:sll:7CVE-2020-15436SUSE Liberty Linux 7
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
ModerateCVE-2020-15436 at SUSECVE-2020-15436 at NVDSUSE bug 1179141cpe:/o:suse:sll:7CVE-2020-15648SUSE Liberty Linux 7
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
ModerateCVE-2020-15648 at SUSECVE-2020-15648 at NVDSUSE bug 1173948SUSE bug 1174230cpe:/o:suse:sll:7CVE-2020-15652SUSE Liberty Linux 7
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
ImportantCVE-2020-15652 at SUSECVE-2020-15652 at NVDSUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-15653SUSE Liberty Linux 7
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15653 at SUSECVE-2020-15653 at NVDSUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-15654SUSE Liberty Linux 7
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15654 at SUSECVE-2020-15654 at NVDSUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-15656SUSE Liberty Linux 7
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15656 at SUSECVE-2020-15656 at NVDSUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-15658SUSE Liberty Linux 7
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
ImportantCVE-2020-15658 at SUSECVE-2020-15658 at NVDSUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-15659SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
ImportantCVE-2020-15659 at SUSECVE-2020-15659 at NVDSUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-15664SUSE Liberty Linux 7
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.
ImportantCVE-2020-15664 at SUSECVE-2020-15664 at NVDSUSE bug 1175686cpe:/o:suse:sll:7CVE-2020-15669SUSE Liberty Linux 7
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.
ImportantCVE-2020-15669 at SUSECVE-2020-15669 at NVDSUSE bug 1175686cpe:/o:suse:sll:7CVE-2020-15673SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15673 at SUSECVE-2020-15673 at NVDSUSE bug 1176756SUSE bug 1176899cpe:/o:suse:sll:7CVE-2020-15676SUSE Liberty Linux 7
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15676 at SUSECVE-2020-15676 at NVDSUSE bug 1176756SUSE bug 1176899cpe:/o:suse:sll:7CVE-2020-15677SUSE Liberty Linux 7
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15677 at SUSECVE-2020-15677 at NVDSUSE bug 1176756SUSE bug 1176899cpe:/o:suse:sll:7CVE-2020-15678SUSE Liberty Linux 7
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
ImportantCVE-2020-15678 at SUSECVE-2020-15678 at NVDSUSE bug 1176756SUSE bug 1176899cpe:/o:suse:sll:7CVE-2020-15683SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
ImportantCVE-2020-15683 at SUSECVE-2020-15683 at NVDSUSE bug 1177872SUSE bug 1177977cpe:/o:suse:sll:7CVE-2020-15685SUSE Liberty Linux 7
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.
ImportantCVE-2020-15685 at SUSECVE-2020-15685 at NVDSUSE bug 1181414cpe:/o:suse:sll:7CVE-2020-15810SUSE Liberty Linux 7
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
CriticalCVE-2020-15810 at SUSECVE-2020-15810 at NVDSUSE bug 1175664cpe:/o:suse:sll:7CVE-2020-15811SUSE Liberty Linux 7
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
CriticalCVE-2020-15811 at SUSECVE-2020-15811 at NVDSUSE bug 1175665cpe:/o:suse:sll:7CVE-2020-15862SUSE Liberty Linux 7
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
ImportantCVE-2020-15862 at SUSECVE-2020-15862 at NVDSUSE bug 1174961SUSE bug 1193875SUSE bug 1196341cpe:/o:suse:sll:7CVE-2020-15969SUSE Liberty Linux 7
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15969 at SUSECVE-2020-15969 at NVDSUSE bug 1177408SUSE bug 1177872SUSE bug 1177977cpe:/o:suse:sll:7CVE-2020-15999SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ImportantCVE-2020-15999 at SUSECVE-2020-15999 at NVDSUSE bug 1177914SUSE bug 1177936SUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-16012SUSE Liberty Linux 7
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
ImportantCVE-2020-16012 at SUSECVE-2020-16012 at NVDSUSE bug 1178824SUSE bug 1178894SUSE bug 1178923cpe:/o:suse:sll:7CVE-2020-16042SUSE Liberty Linux 7
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
ImportantCVE-2020-16042 at SUSECVE-2020-16042 at NVDSUSE bug 1179576SUSE bug 1180039cpe:/o:suse:sll:7CVE-2020-16044SUSE Liberty Linux 7
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
ImportantCVE-2020-16044 at SUSECVE-2020-16044 at NVDSUSE bug 1180623SUSE bug 1181137cpe:/o:suse:sll:7CVE-2020-16092SUSE Liberty Linux 7
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
ModerateCVE-2020-16092 at SUSECVE-2020-16092 at NVDSUSE bug 1174641cpe:/o:suse:sll:7CVE-2020-1721SUSE Liberty Linux 7
A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
ModerateCVE-2020-1721 at SUSECVE-2020-1721 at NVDcpe:/o:suse:sll:7CVE-2020-1722SUSE Liberty Linux 7
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-1722 at SUSECVE-2020-1722 at NVDcpe:/o:suse:sll:7CVE-2020-1749SUSE Liberty Linux 7
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
ImportantCVE-2020-1749 at SUSECVE-2020-1749 at NVDSUSE bug 1165629SUSE bug 1165631SUSE bug 1177511SUSE bug 1177513SUSE bug 1189302cpe:/o:suse:sll:7CVE-2020-17507SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
ImportantCVE-2020-17507 at SUSECVE-2020-17507 at NVDSUSE bug 1176315cpe:/o:suse:sll:7CVE-2020-1927SUSE Liberty Linux 7
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
ModerateCVE-2020-1927 at SUSECVE-2020-1927 at NVDSUSE bug 1145738SUSE bug 1168407SUSE bug 1170718cpe:/o:suse:sll:7CVE-2020-1934SUSE Liberty Linux 7
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
ModerateCVE-2020-1934 at SUSECVE-2020-1934 at NVDSUSE bug 1168404SUSE bug 1170718cpe:/o:suse:sll:7CVE-2020-1935SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
ModerateCVE-2020-1935 at SUSECVE-2020-1935 at NVDSUSE bug 1164860cpe:/o:suse:sll:7CVE-2020-1938SUSE Liberty Linux 7
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
ImportantCVE-2020-1938 at SUSECVE-2020-1938 at NVDSUSE bug 1164692SUSE bug 1166559SUSE bug 1169066SUSE bug 1175170cpe:/o:suse:sll:7CVE-2020-1971SUSE Liberty Linux 7
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
ImportantCVE-2020-1971 at SUSECVE-2020-1971 at NVDSUSE bug 1179491SUSE bug 1196179SUSE bug 1199303cpe:/o:suse:sll:7CVE-2020-1983SUSE Liberty Linux 7
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
ImportantCVE-2020-1983 at SUSECVE-2020-1983 at NVDSUSE bug 1170940cpe:/o:suse:sll:7CVE-2020-22218SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
ImportantCVE-2020-22218 at SUSECVE-2020-22218 at NVDSUSE bug 1214527SUSE bug 1217508SUSE bug 1218318SUSE bug 1218349SUSE bug 1221580cpe:/o:suse:sll:7CVE-2020-24394SUSE Liberty Linux 7
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
ImportantCVE-2020-24394 at SUSECVE-2020-24394 at NVDSUSE bug 1175518SUSE bug 1175992cpe:/o:suse:sll:7CVE-2020-24489SUSE Liberty Linux 7
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
ImportantCVE-2020-24489 at SUSECVE-2020-24489 at NVDSUSE bug 1179839SUSE bug 1192359SUSE bug 1199300SUSE bug 1201731SUSE bug 1225680cpe:/o:suse:sll:7CVE-2020-24511SUSE Liberty Linux 7
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-24511 at SUSECVE-2020-24511 at NVDSUSE bug 1179836SUSE bug 1192360SUSE bug 1199300SUSE bug 1201731cpe:/o:suse:sll:7CVE-2020-24512SUSE Liberty Linux 7
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
LowCVE-2020-24512 at SUSECVE-2020-24512 at NVDSUSE bug 1179837SUSE bug 1192360SUSE bug 1199300SUSE bug 1201731cpe:/o:suse:sll:7CVE-2020-24513SUSE Liberty Linux 7
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-24513 at SUSECVE-2020-24513 at NVDSUSE bug 1179833SUSE bug 1192360SUSE bug 1199300SUSE bug 1201731cpe:/o:suse:sll:7CVE-2020-24606SUSE Liberty Linux 7
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
ImportantCVE-2020-24606 at SUSECVE-2020-24606 at NVDSUSE bug 1175671cpe:/o:suse:sll:7CVE-2020-25097SUSE Liberty Linux 7
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
ImportantCVE-2020-25097 at SUSECVE-2020-25097 at NVDSUSE bug 1183436cpe:/o:suse:sll:7CVE-2020-25211SUSE Liberty Linux 7
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
ModerateCVE-2020-25211 at SUSECVE-2020-25211 at NVDSUSE bug 1176395SUSE bug 1192356cpe:/o:suse:sll:7CVE-2020-25212SUSE Liberty Linux 7
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
ImportantCVE-2020-25212 at SUSECVE-2020-25212 at NVDSUSE bug 1176381SUSE bug 1176382SUSE bug 1177027cpe:/o:suse:sll:7CVE-2020-25632SUSE Liberty Linux 7
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25632 at SUSECVE-2020-25632 at NVDSUSE bug 1176711cpe:/o:suse:sll:7CVE-2020-25637SUSE Liberty Linux 7
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25637 at SUSECVE-2020-25637 at NVDSUSE bug 1174955SUSE bug 1177155cpe:/o:suse:sll:7CVE-2020-25643SUSE Liberty Linux 7
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25643 at SUSECVE-2020-25643 at NVDSUSE bug 1177206SUSE bug 1177226cpe:/o:suse:sll:7CVE-2020-25645SUSE Liberty Linux 7
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
ImportantCVE-2020-25645 at SUSECVE-2020-25645 at NVDSUSE bug 1177511SUSE bug 1177513cpe:/o:suse:sll:7CVE-2020-25647SUSE Liberty Linux 7
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25647 at SUSECVE-2020-25647 at NVDSUSE bug 1177883cpe:/o:suse:sll:7CVE-2020-25648SUSE Liberty Linux 7
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
ImportantCVE-2020-25648 at SUSECVE-2020-25648 at NVDSUSE bug 1177917cpe:/o:suse:sll:7CVE-2020-25654SUSE Liberty Linux 7
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
ImportantCVE-2020-25654 at SUSECVE-2020-25654 at NVDSUSE bug 1173668SUSE bug 1177916SUSE bug 1196165cpe:/o:suse:sll:7CVE-2020-25656SUSE Liberty Linux 7
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
ModerateCVE-2020-25656 at SUSECVE-2020-25656 at NVDSUSE bug 1177766cpe:/o:suse:sll:7CVE-2020-25684SUSE Liberty Linux 7
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
ImportantCVE-2020-25684 at SUSECVE-2020-25684 at NVDSUSE bug 1177077cpe:/o:suse:sll:7CVE-2020-25685SUSE Liberty Linux 7
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
ImportantCVE-2020-25685 at SUSECVE-2020-25685 at NVDSUSE bug 1177077cpe:/o:suse:sll:7CVE-2020-25686SUSE Liberty Linux 7
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
ImportantCVE-2020-25686 at SUSECVE-2020-25686 at NVDSUSE bug 1177077cpe:/o:suse:sll:7CVE-2020-25692SUSE Liberty Linux 7
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
ImportantCVE-2020-25692 at SUSECVE-2020-25692 at NVDSUSE bug 1178387cpe:/o:suse:sll:7CVE-2020-25694SUSE Liberty Linux 7
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ModerateCVE-2020-25694 at SUSECVE-2020-25694 at NVDSUSE bug 1178667SUSE bug 1179870cpe:/o:suse:sll:7CVE-2020-25695SUSE Liberty Linux 7
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25695 at SUSECVE-2020-25695 at NVDSUSE bug 1178666cpe:/o:suse:sll:7CVE-2020-25704SUSE Liberty Linux 7
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
ModerateCVE-2020-25704 at SUSECVE-2020-25704 at NVDSUSE bug 1178393cpe:/o:suse:sll:7CVE-2020-25705SUSE Liberty Linux 7
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
ImportantCVE-2020-25705 at SUSECVE-2020-25705 at NVDSUSE bug 1175721SUSE bug 1178782SUSE bug 1178783SUSE bug 1191790cpe:/o:suse:sll:7CVE-2020-25709SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-25709 at SUSECVE-2020-25709 at NVDSUSE bug 1178909cpe:/o:suse:sll:7CVE-2020-25710SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
ModerateCVE-2020-25710 at SUSECVE-2020-25710 at NVDSUSE bug 1178909cpe:/o:suse:sll:7CVE-2020-25712SUSE Liberty Linux 7
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-25712 at SUSECVE-2020-25712 at NVDSUSE bug 1174908SUSE bug 1177596cpe:/o:suse:sll:7CVE-2020-25715SUSE Liberty Linux 7
A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.
ModerateCVE-2020-25715 at SUSECVE-2020-25715 at NVDcpe:/o:suse:sll:7CVE-2020-25717SUSE Liberty Linux 7
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
ImportantCVE-2020-25717 at SUSECVE-2020-25717 at NVDSUSE bug 1192284SUSE bug 1192505SUSE bug 1192601SUSE bug 1192849SUSE bug 1193011SUSE bug 1194049SUSE bug 1194307SUSE bug 1195815SUSE bug 1196344SUSE bug 1196717SUSE bug 1196920SUSE bug 1205061cpe:/o:suse:sll:7CVE-2020-25719SUSE Liberty Linux 7
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.
ImportantCVE-2020-25719 at SUSECVE-2020-25719 at NVDSUSE bug 1192247cpe:/o:suse:sll:7CVE-2020-2574SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-2574 at SUSECVE-2020-2574 at NVDSUSE bug 1161085SUSE bug 1162388cpe:/o:suse:sll:7CVE-2020-2583SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-2583 at SUSECVE-2020-2583 at NVDSUSE bug 1160968SUSE bug 1162972cpe:/o:suse:sll:7CVE-2020-2590SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2020-2590 at SUSECVE-2020-2590 at NVDSUSE bug 1160968cpe:/o:suse:sll:7CVE-2020-2593SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
ModerateCVE-2020-2593 at SUSECVE-2020-2593 at NVDSUSE bug 1160968SUSE bug 1162972cpe:/o:suse:sll:7CVE-2020-2601SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
ModerateCVE-2020-2601 at SUSECVE-2020-2601 at NVDSUSE bug 1160968cpe:/o:suse:sll:7CVE-2020-2604SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
ImportantCVE-2020-2604 at SUSECVE-2020-2604 at NVDSUSE bug 1160968SUSE bug 1162972SUSE bug 1165863cpe:/o:suse:sll:7CVE-2020-26116SUSE Liberty Linux 7
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
ModerateCVE-2020-26116 at SUSECVE-2020-26116 at NVDSUSE bug 1177120SUSE bug 1177211SUSE bug 1192361cpe:/o:suse:sll:7CVE-2020-26137SUSE Liberty Linux 7
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
ModerateCVE-2020-26137 at SUSECVE-2020-26137 at NVDSUSE bug 1177120SUSE bug 1177211cpe:/o:suse:sll:7CVE-2020-26217SUSE Liberty Linux 7
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
ImportantCVE-2020-26217 at SUSECVE-2020-26217 at NVDSUSE bug 1180994cpe:/o:suse:sll:7CVE-2020-2654SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-2654 at SUSECVE-2020-2654 at NVDSUSE bug 1160968SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2655SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
ModerateCVE-2020-2655 at SUSECVE-2020-2655 at NVDSUSE bug 1160968cpe:/o:suse:sll:7CVE-2020-2659SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2020-2659 at SUSECVE-2020-2659 at NVDSUSE bug 1160968SUSE bug 1162972cpe:/o:suse:sll:7CVE-2020-26950SUSE Liberty Linux 7
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
ImportantCVE-2020-26950 at SUSECVE-2020-26950 at NVDSUSE bug 1177872SUSE bug 1178588SUSE bug 1178611cpe:/o:suse:sll:7CVE-2020-26951SUSE Liberty Linux 7
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26951 at SUSECVE-2020-26951 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26953SUSE Liberty Linux 7
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26953 at SUSECVE-2020-26953 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26956SUSE Liberty Linux 7
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26956 at SUSECVE-2020-26956 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26958SUSE Liberty Linux 7
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26958 at SUSECVE-2020-26958 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26959SUSE Liberty Linux 7
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26959 at SUSECVE-2020-26959 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26960SUSE Liberty Linux 7
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26960 at SUSECVE-2020-26960 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26961SUSE Liberty Linux 7
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26961 at SUSECVE-2020-26961 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26965SUSE Liberty Linux 7
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26965 at SUSECVE-2020-26965 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26968SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
ImportantCVE-2020-26968 at SUSECVE-2020-26968 at NVDSUSE bug 1178824SUSE bug 1178894cpe:/o:suse:sll:7CVE-2020-26970SUSE Liberty Linux 7
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
CriticalCVE-2020-26970 at SUSECVE-2020-26970 at NVDSUSE bug 1179530cpe:/o:suse:sll:7CVE-2020-26971SUSE Liberty Linux 7
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26971 at SUSECVE-2020-26971 at NVDSUSE bug 1180039cpe:/o:suse:sll:7CVE-2020-26973SUSE Liberty Linux 7
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26973 at SUSECVE-2020-26973 at NVDSUSE bug 1180039cpe:/o:suse:sll:7CVE-2020-26974SUSE Liberty Linux 7
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26974 at SUSECVE-2020-26974 at NVDSUSE bug 1180039cpe:/o:suse:sll:7CVE-2020-26976SUSE Liberty Linux 7
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
ImportantCVE-2020-26976 at SUSECVE-2020-26976 at NVDSUSE bug 1180039SUSE bug 1181414cpe:/o:suse:sll:7CVE-2020-26978SUSE Liberty Linux 7
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-26978 at SUSECVE-2020-26978 at NVDSUSE bug 1180039cpe:/o:suse:sll:7CVE-2020-27170SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
ModerateCVE-2020-27170 at SUSECVE-2020-27170 at NVDSUSE bug 1183686SUSE bug 1183775cpe:/o:suse:sll:7CVE-2020-2732SUSE Liberty Linux 7
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
ModerateCVE-2020-2732 at SUSECVE-2020-2732 at NVDSUSE bug 1163971cpe:/o:suse:sll:7CVE-2020-2752SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-2752 at SUSECVE-2020-2752 at NVDSUSE bug 1171550cpe:/o:suse:sll:7CVE-2020-2754SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-2754 at SUSECVE-2020-2754 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2755SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-2755 at SUSECVE-2020-2755 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2756SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-2756 at SUSECVE-2020-2756 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2757SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-2757 at SUSECVE-2020-2757 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2767SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
ImportantCVE-2020-2767 at SUSECVE-2020-2767 at NVDSUSE bug 1169511cpe:/o:suse:sll:7CVE-2020-2773SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-2773 at SUSECVE-2020-2773 at NVDSUSE bug 1169511cpe:/o:suse:sll:7CVE-2020-27749SUSE Liberty Linux 7
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-27749 at SUSECVE-2020-27749 at NVDSUSE bug 1179264cpe:/o:suse:sll:7CVE-2020-27777SUSE Liberty Linux 7
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
ModerateCVE-2020-27777 at SUSECVE-2020-27777 at NVDSUSE bug 1179107SUSE bug 1179419SUSE bug 1200343SUSE bug 1220060cpe:/o:suse:sll:7CVE-2020-27779SUSE Liberty Linux 7
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2020-27779 at SUSECVE-2020-27779 at NVDSUSE bug 1179265cpe:/o:suse:sll:7CVE-2020-2778SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
ImportantCVE-2020-2778 at SUSECVE-2020-2778 at NVDSUSE bug 1169511cpe:/o:suse:sll:7CVE-2020-2780SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-2780 at SUSECVE-2020-2780 at NVDcpe:/o:suse:sll:7CVE-2020-2781SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-2781 at SUSECVE-2020-2781 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2800SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
ImportantCVE-2020-2800 at SUSECVE-2020-2800 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2803SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2020-2803 at SUSECVE-2020-2803 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2805SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ImportantCVE-2020-2805 at SUSECVE-2020-2805 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-2812SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
ModerateCVE-2020-2812 at SUSECVE-2020-2812 at NVDSUSE bug 1171550cpe:/o:suse:sll:7CVE-2020-2816SUSE Liberty Linux 7
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
ImportantCVE-2020-2816 at SUSECVE-2020-2816 at NVDSUSE bug 1169511cpe:/o:suse:sll:7CVE-2020-2830SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ImportantCVE-2020-2830 at SUSECVE-2020-2830 at NVDSUSE bug 1169511SUSE bug 1172277cpe:/o:suse:sll:7CVE-2020-28374SUSE Liberty Linux 7
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
ImportantCVE-2020-28374 at SUSECVE-2020-28374 at NVDSUSE bug 1178372SUSE bug 1178684SUSE bug 1180676cpe:/o:suse:sll:7CVE-2020-28948SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
ImportantCVE-2020-28948 at SUSECVE-2020-28948 at NVDSUSE bug 1193679cpe:/o:suse:sll:7CVE-2020-28949SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
ImportantCVE-2020-28949 at SUSECVE-2020-28949 at NVDSUSE bug 1193680cpe:/o:suse:sll:7CVE-2020-29443SUSE Liberty Linux 7
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
ModerateCVE-2020-29443 at SUSECVE-2020-29443 at NVDSUSE bug 1181108cpe:/o:suse:sll:7CVE-2020-29573SUSE Liberty Linux 7
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
ImportantCVE-2020-29573 at SUSECVE-2020-29573 at NVDSUSE bug 1179721SUSE bug 1220988cpe:/o:suse:sll:7CVE-2020-29599SUSE Liberty Linux 7
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
ImportantCVE-2020-29599 at SUSECVE-2020-29599 at NVDSUSE bug 1179753cpe:/o:suse:sll:7CVE-2020-29661SUSE Liberty Linux 7
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
ImportantCVE-2020-29661 at SUSECVE-2020-29661 at NVDSUSE bug 1179745SUSE bug 1179877SUSE bug 1214268SUSE bug 1218966cpe:/o:suse:sll:7CVE-2020-35111SUSE Liberty Linux 7
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-35111 at SUSECVE-2020-35111 at NVDSUSE bug 1180039cpe:/o:suse:sll:7CVE-2020-35113SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ImportantCVE-2020-35113 at SUSECVE-2020-35113 at NVDSUSE bug 1180039cpe:/o:suse:sll:7CVE-2020-35452SUSE Liberty Linux 7 LTSS
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
ImportantCVE-2020-35452 at SUSECVE-2020-35452 at NVDSUSE bug 1186922SUSE bug 1187933CVE-2020-35513SUSE Liberty Linux 7
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
ModerateCVE-2020-35513 at SUSECVE-2020-35513 at NVDSUSE bug 1181362cpe:/o:suse:sll:7CVE-2020-35518SUSE Liberty Linux 7
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
ModerateCVE-2020-35518 at SUSECVE-2020-35518 at NVDSUSE bug 1181159cpe:/o:suse:sll:7CVE-2020-36193SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
ImportantCVE-2020-36193 at SUSECVE-2020-36193 at NVDSUSE bug 1189591cpe:/o:suse:sll:7CVE-2020-36322SUSE Liberty Linux 7
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
ImportantCVE-2020-36322 at SUSECVE-2020-36322 at NVDSUSE bug 1184211SUSE bug 1184952SUSE bug 1189302cpe:/o:suse:sll:7CVE-2020-36328SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CriticalCVE-2020-36328 at SUSECVE-2020-36328 at NVDSUSE bug 1185688cpe:/o:suse:sll:7CVE-2020-36329SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ModerateCVE-2020-36329 at SUSECVE-2020-36329 at NVDSUSE bug 1185652SUSE bug 1187486cpe:/o:suse:sll:7CVE-2020-36385SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
ImportantCVE-2020-36385 at SUSECVE-2020-36385 at NVDSUSE bug 1187050SUSE bug 1187052SUSE bug 1189302SUSE bug 1196174SUSE bug 1196810SUSE bug 1196914SUSE bug 1200084SUSE bug 1201734cpe:/o:suse:sll:7CVE-2020-36558SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
ImportantCVE-2020-36558 at SUSECVE-2020-36558 at NVDSUSE bug 1200910SUSE bug 1201752SUSE bug 1205313cpe:/o:suse:sll:7CVE-2020-3862SUSE Liberty Linux 7
A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.
ImportantCVE-2020-3862 at SUSECVE-2020-3862 at NVDSUSE bug 1163809cpe:/o:suse:sll:7CVE-2020-3864SUSE Liberty Linux 7
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
ImportantCVE-2020-3864 at SUSECVE-2020-3864 at NVDSUSE bug 1163809cpe:/o:suse:sll:7CVE-2020-3865SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2020-3865 at SUSECVE-2020-3865 at NVDSUSE bug 1163809cpe:/o:suse:sll:7CVE-2020-3867SUSE Liberty Linux 7
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.
ImportantCVE-2020-3867 at SUSECVE-2020-3867 at NVDSUSE bug 1163809cpe:/o:suse:sll:7CVE-2020-3868SUSE Liberty Linux 7
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2020-3868 at SUSECVE-2020-3868 at NVDSUSE bug 1163809cpe:/o:suse:sll:7CVE-2020-3885SUSE Liberty Linux 7
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
ImportantCVE-2020-3885 at SUSECVE-2020-3885 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-3894SUSE Liberty Linux 7
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
ImportantCVE-2020-3894 at SUSECVE-2020-3894 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-3895SUSE Liberty Linux 7
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2020-3895 at SUSECVE-2020-3895 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-3897SUSE Liberty Linux 7
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
ImportantCVE-2020-3897 at SUSECVE-2020-3897 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-3899SUSE Liberty Linux 7
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
ImportantCVE-2020-3899 at SUSECVE-2020-3899 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-3900SUSE Liberty Linux 7
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2020-3900 at SUSECVE-2020-3900 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-3901SUSE Liberty Linux 7
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
ImportantCVE-2020-3901 at SUSECVE-2020-3901 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-3902SUSE Liberty Linux 7
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.
ImportantCVE-2020-3902 at SUSECVE-2020-3902 at NVDSUSE bug 1170643cpe:/o:suse:sll:7CVE-2020-5208SUSE Liberty Linux 7
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
ImportantCVE-2020-5208 at SUSECVE-2020-5208 at NVDSUSE bug 1163026cpe:/o:suse:sll:7CVE-2020-5260SUSE Liberty Linux 7
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.
ImportantCVE-2020-5260 at SUSECVE-2020-5260 at NVDSUSE bug 1168930SUSE bug 1169936SUSE bug 1170741cpe:/o:suse:sll:7CVE-2020-5312SUSE Liberty Linux 7
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
ImportantCVE-2020-5312 at SUSECVE-2020-5312 at NVDSUSE bug 1160152cpe:/o:suse:sll:7CVE-2020-5313SUSE Liberty Linux 7
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
ImportantCVE-2020-5313 at SUSECVE-2020-5313 at NVDSUSE bug 1160153cpe:/o:suse:sll:7CVE-2020-5395SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
ModerateCVE-2020-5395 at SUSECVE-2020-5395 at NVDSUSE bug 1160220SUSE bug 1178308cpe:/o:suse:sll:7CVE-2020-6463SUSE Liberty Linux 7
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ModerateCVE-2020-6463 at SUSECVE-2020-6463 at NVDSUSE bug 1171975SUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-6514SUSE Liberty Linux 7
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
ImportantCVE-2020-6514 at SUSECVE-2020-6514 at NVDSUSE bug 1174189SUSE bug 1174538cpe:/o:suse:sll:7CVE-2020-6792SUSE Liberty Linux 7
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.
ImportantCVE-2020-6792 at SUSECVE-2020-6792 at NVDSUSE bug 1163368cpe:/o:suse:sll:7CVE-2020-6793SUSE Liberty Linux 7
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.
ImportantCVE-2020-6793 at SUSECVE-2020-6793 at NVDSUSE bug 1163368cpe:/o:suse:sll:7CVE-2020-6794SUSE Liberty Linux 7
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.
ImportantCVE-2020-6794 at SUSECVE-2020-6794 at NVDSUSE bug 1163368cpe:/o:suse:sll:7CVE-2020-6795SUSE Liberty Linux 7
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.
ImportantCVE-2020-6795 at SUSECVE-2020-6795 at NVDSUSE bug 1163368cpe:/o:suse:sll:7CVE-2020-6796SUSE Liberty Linux 7
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
ImportantCVE-2020-6796 at SUSECVE-2020-6796 at NVDSUSE bug 1163368cpe:/o:suse:sll:7CVE-2020-6798SUSE Liberty Linux 7
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.
ImportantCVE-2020-6798 at SUSECVE-2020-6798 at NVDSUSE bug 1163368cpe:/o:suse:sll:7CVE-2020-6800SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.
ImportantCVE-2020-6800 at SUSECVE-2020-6800 at NVDSUSE bug 1163368cpe:/o:suse:sll:7CVE-2020-6805SUSE Liberty Linux 7
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
ImportantCVE-2020-6805 at SUSECVE-2020-6805 at NVDSUSE bug 1166238cpe:/o:suse:sll:7CVE-2020-6806SUSE Liberty Linux 7
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
ImportantCVE-2020-6806 at SUSECVE-2020-6806 at NVDSUSE bug 1166238cpe:/o:suse:sll:7CVE-2020-6807SUSE Liberty Linux 7
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
ImportantCVE-2020-6807 at SUSECVE-2020-6807 at NVDSUSE bug 1166238cpe:/o:suse:sll:7CVE-2020-6811SUSE Liberty Linux 7
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
ImportantCVE-2020-6811 at SUSECVE-2020-6811 at NVDSUSE bug 1166238cpe:/o:suse:sll:7CVE-2020-6812SUSE Liberty Linux 7
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
ImportantCVE-2020-6812 at SUSECVE-2020-6812 at NVDSUSE bug 1166238cpe:/o:suse:sll:7CVE-2020-6814SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
ImportantCVE-2020-6814 at SUSECVE-2020-6814 at NVDSUSE bug 1166238cpe:/o:suse:sll:7CVE-2020-6819SUSE Liberty Linux 7
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
ImportantCVE-2020-6819 at SUSECVE-2020-6819 at NVDSUSE bug 1168630SUSE bug 1168874cpe:/o:suse:sll:7CVE-2020-6820SUSE Liberty Linux 7
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
ImportantCVE-2020-6820 at SUSECVE-2020-6820 at NVDSUSE bug 1168630SUSE bug 1168874cpe:/o:suse:sll:7CVE-2020-6821SUSE Liberty Linux 7
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
ImportantCVE-2020-6821 at SUSECVE-2020-6821 at NVDSUSE bug 1168630SUSE bug 1168874cpe:/o:suse:sll:7CVE-2020-6822SUSE Liberty Linux 7
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
ImportantCVE-2020-6822 at SUSECVE-2020-6822 at NVDSUSE bug 1168630SUSE bug 1168874cpe:/o:suse:sll:7CVE-2020-6825SUSE Liberty Linux 7
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
ImportantCVE-2020-6825 at SUSECVE-2020-6825 at NVDSUSE bug 1168630SUSE bug 1168874cpe:/o:suse:sll:7CVE-2020-6829SUSE Liberty Linux 7
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
CriticalCVE-2020-6829 at SUSECVE-2020-6829 at NVDSUSE bug 1174763SUSE bug 1175686cpe:/o:suse:sll:7CVE-2020-6831SUSE Liberty Linux 7
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
ImportantCVE-2020-6831 at SUSECVE-2020-6831 at NVDSUSE bug 1171186SUSE bug 1171247cpe:/o:suse:sll:7CVE-2020-6851SUSE Liberty Linux 7
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
ImportantCVE-2020-6851 at SUSECVE-2020-6851 at NVDSUSE bug 1160782SUSE bug 1162090cpe:/o:suse:sll:7CVE-2020-7039SUSE Liberty Linux 7
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
ImportantCVE-2020-7039 at SUSECVE-2020-7039 at NVDSUSE bug 1161066cpe:/o:suse:sll:7CVE-2020-7053SUSE Liberty Linux 7
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.
ModerateCVE-2020-7053 at SUSECVE-2020-7053 at NVDSUSE bug 1160966cpe:/o:suse:sll:7CVE-2020-7595SUSE Liberty Linux 7
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
ModerateCVE-2020-7595 at SUSECVE-2020-7595 at NVDSUSE bug 1161517SUSE bug 1191860cpe:/o:suse:sll:7CVE-2020-8112SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
ImportantCVE-2020-8112 at SUSECVE-2020-8112 at NVDSUSE bug 1162090cpe:/o:suse:sll:7CVE-2020-8177SUSE Liberty Linux 7
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
ImportantCVE-2020-8177 at SUSECVE-2020-8177 at NVDSUSE bug 1173027SUSE bug 1186108cpe:/o:suse:sll:7CVE-2020-8449SUSE Liberty Linux 7
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
ImportantCVE-2020-8449 at SUSECVE-2020-8449 at NVDSUSE bug 1162687cpe:/o:suse:sll:7CVE-2020-8450SUSE Liberty Linux 7
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
ImportantCVE-2020-8450 at SUSECVE-2020-8450 at NVDSUSE bug 1162687cpe:/o:suse:sll:7CVE-2020-8492SUSE Liberty Linux 7
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
ModerateCVE-2020-8492 at SUSECVE-2020-8492 at NVDSUSE bug 1162367cpe:/o:suse:sll:7CVE-2020-8597SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
ImportantCVE-2020-8597 at SUSECVE-2020-8597 at NVDSUSE bug 1162610cpe:/o:suse:sll:7CVE-2020-8608SUSE Liberty Linux 7
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
ImportantCVE-2020-8608 at SUSECVE-2020-8608 at NVDSUSE bug 1163018SUSE bug 1163019cpe:/o:suse:sll:7CVE-2020-8616SUSE Liberty Linux 7
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
ImportantCVE-2020-8616 at SUSECVE-2020-8616 at NVDSUSE bug 1109160SUSE bug 1171740cpe:/o:suse:sll:7CVE-2020-8617SUSE Liberty Linux 7
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
ImportantCVE-2020-8617 at SUSECVE-2020-8617 at NVDSUSE bug 1109160SUSE bug 1171740cpe:/o:suse:sll:7CVE-2020-8622SUSE Liberty Linux 7
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
ImportantCVE-2020-8622 at SUSECVE-2020-8622 at NVDSUSE bug 1175443SUSE bug 1188888SUSE bug 1191120cpe:/o:suse:sll:7CVE-2020-8623SUSE Liberty Linux 7
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
ImportantCVE-2020-8623 at SUSECVE-2020-8623 at NVDSUSE bug 1175443SUSE bug 1191120cpe:/o:suse:sll:7CVE-2020-8624SUSE Liberty Linux 7
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
ImportantCVE-2020-8624 at SUSECVE-2020-8624 at NVDSUSE bug 1175443SUSE bug 1191120cpe:/o:suse:sll:7CVE-2020-8625SUSE Liberty Linux 7
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
ImportantCVE-2020-8625 at SUSECVE-2020-8625 at NVDSUSE bug 1182246SUSE bug 1182483SUSE bug 1192708SUSE bug 1196172SUSE bug 1218478SUSE bug 1225626cpe:/o:suse:sll:7CVE-2020-8631SUSE Liberty Linux 7
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
ImportantCVE-2020-8631 at SUSECVE-2020-8631 at NVDSUSE bug 1162937cpe:/o:suse:sll:7CVE-2020-8632SUSE Liberty Linux 7
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
ImportantCVE-2020-8632 at SUSECVE-2020-8632 at NVDSUSE bug 1162936cpe:/o:suse:sll:7CVE-2020-8647SUSE Liberty Linux 7
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
ModerateCVE-2020-8647 at SUSECVE-2020-8647 at NVDSUSE bug 1162929SUSE bug 1164078cpe:/o:suse:sll:7CVE-2020-8648SUSE Liberty Linux 7
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
ModerateCVE-2020-8648 at SUSECVE-2020-8648 at NVDSUSE bug 1162928cpe:/o:suse:sll:7CVE-2020-8649SUSE Liberty Linux 7
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
ModerateCVE-2020-8649 at SUSECVE-2020-8649 at NVDSUSE bug 1162929SUSE bug 1162931cpe:/o:suse:sll:7CVE-2020-8695SUSE Liberty Linux 7
Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
ModerateCVE-2020-8695 at SUSECVE-2020-8695 at NVDSUSE bug 1170415SUSE bug 1170446SUSE bug 1178591cpe:/o:suse:sll:7CVE-2020-8696SUSE Liberty Linux 7
Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-8696 at SUSECVE-2020-8696 at NVDSUSE bug 1173592cpe:/o:suse:sll:7CVE-2020-8698SUSE Liberty Linux 7
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2020-8698 at SUSECVE-2020-8698 at NVDSUSE bug 1173594cpe:/o:suse:sll:7CVE-2020-9359SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
ModerateCVE-2020-9359 at SUSECVE-2020-9359 at NVDSUSE bug 1167435cpe:/o:suse:sll:7CVE-2020-9383SUSE Liberty Linux 7
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
ModerateCVE-2020-9383 at SUSECVE-2020-9383 at NVDSUSE bug 1165111cpe:/o:suse:sll:7CVE-2020-9484SUSE Liberty Linux 7
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
ImportantCVE-2020-9484 at SUSECVE-2020-9484 at NVDSUSE bug 1171928SUSE bug 1182909SUSE bug 1195255SUSE bug 1196395SUSE bug 1201081cpe:/o:suse:sll:7CVE-2021-0920SUSE Liberty Linux 7
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel
ImportantCVE-2021-0920 at SUSECVE-2021-0920 at NVDSUSE bug 1193731SUSE bug 1194463SUSE bug 1195939SUSE bug 1199255SUSE bug 1200084cpe:/o:suse:sll:7CVE-2021-20179SUSE Liberty Linux 7
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
ImportantCVE-2021-20179 at SUSECVE-2021-20179 at NVDcpe:/o:suse:sll:7CVE-2021-20225SUSE Liberty Linux 7
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-20225 at SUSECVE-2021-20225 at NVDSUSE bug 1182262cpe:/o:suse:sll:7CVE-2021-20233SUSE Liberty Linux 7
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-20233 at SUSECVE-2021-20233 at NVDSUSE bug 1182263SUSE bug 1183135cpe:/o:suse:sll:7CVE-2021-20254SUSE Liberty Linux 7
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
ImportantCVE-2021-20254 at SUSECVE-2021-20254 at NVDSUSE bug 1184677SUSE bug 1185886SUSE bug 1189860cpe:/o:suse:sll:7CVE-2021-20265SUSE Liberty Linux 7
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-20265 at SUSECVE-2021-20265 at NVDSUSE bug 1183089SUSE bug 1214268SUSE bug 1218966cpe:/o:suse:sll:7CVE-2021-20271SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
LowCVE-2021-20271 at SUSECVE-2021-20271 at NVDSUSE bug 1183545cpe:/o:suse:sll:7CVE-2021-20277SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
ImportantCVE-2021-20277 at SUSECVE-2021-20277 at NVDSUSE bug 1183574cpe:/o:suse:sll:7CVE-2021-20305SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-20305 at SUSECVE-2021-20305 at NVDSUSE bug 1183835SUSE bug 1184401cpe:/o:suse:sll:7CVE-2021-21261SUSE Liberty Linux 7
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0.
ImportantCVE-2021-21261 at SUSECVE-2021-21261 at NVDSUSE bug 1180996cpe:/o:suse:sll:7CVE-2021-21344SUSE Liberty Linux 7
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21344 at SUSECVE-2021-21344 at NVDSUSE bug 1184375cpe:/o:suse:sll:7CVE-2021-21345SUSE Liberty Linux 7
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21345 at SUSECVE-2021-21345 at NVDSUSE bug 1184372cpe:/o:suse:sll:7CVE-2021-21346SUSE Liberty Linux 7
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21346 at SUSECVE-2021-21346 at NVDSUSE bug 1184373cpe:/o:suse:sll:7CVE-2021-21347SUSE Liberty Linux 7
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21347 at SUSECVE-2021-21347 at NVDSUSE bug 1184378cpe:/o:suse:sll:7CVE-2021-21350SUSE Liberty Linux 7
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
ImportantCVE-2021-21350 at SUSECVE-2021-21350 at NVDSUSE bug 1184380cpe:/o:suse:sll:7CVE-2021-21381SUSE Liberty Linux 7
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.
ImportantCVE-2021-21381 at SUSECVE-2021-21381 at NVDSUSE bug 1183459cpe:/o:suse:sll:7CVE-2021-2144SUSE Liberty Linux 7 LTSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
ImportantCVE-2021-2144 at SUSECVE-2021-2144 at NVDCVE-2021-2163SUSE Liberty Linux 7
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
ModerateCVE-2021-2163 at SUSECVE-2021-2163 at NVDSUSE bug 1185055cpe:/o:suse:sll:7CVE-2021-22543SUSE Liberty Linux 7
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
ImportantCVE-2021-22543 at SUSECVE-2021-22543 at NVDSUSE bug 1186482SUSE bug 1186483SUSE bug 1190276SUSE bug 1197660cpe:/o:suse:sll:7CVE-2021-22555SUSE Liberty Linux 7
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
ImportantCVE-2021-22555 at SUSECVE-2021-22555 at NVDSUSE bug 1188116SUSE bug 1188117SUSE bug 1188411cpe:/o:suse:sll:7CVE-2021-2341SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
ModerateCVE-2021-2341 at SUSECVE-2021-2341 at NVDSUSE bug 1188564cpe:/o:suse:sll:7CVE-2021-2369SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
ModerateCVE-2021-2369 at SUSECVE-2021-2369 at NVDSUSE bug 1188565cpe:/o:suse:sll:7CVE-2021-23840SUSE Liberty Linux 7
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
ModerateCVE-2021-23840 at SUSECVE-2021-23840 at NVDSUSE bug 1182333SUSE bug 1187743SUSE bug 1214334SUSE bug 1225628cpe:/o:suse:sll:7CVE-2021-23841SUSE Liberty Linux 7
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
ModerateCVE-2021-23841 at SUSECVE-2021-23841 at NVDSUSE bug 1182331SUSE bug 1187743SUSE bug 1214334cpe:/o:suse:sll:7CVE-2021-2388SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
ImportantCVE-2021-2388 at SUSECVE-2021-2388 at NVDSUSE bug 1188566cpe:/o:suse:sll:7CVE-2021-23953SUSE Liberty Linux 7
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23953 at SUSECVE-2021-23953 at NVDSUSE bug 1181414cpe:/o:suse:sll:7CVE-2021-23954SUSE Liberty Linux 7
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23954 at SUSECVE-2021-23954 at NVDSUSE bug 1181414cpe:/o:suse:sll:7CVE-2021-23960SUSE Liberty Linux 7
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23960 at SUSECVE-2021-23960 at NVDSUSE bug 1181414cpe:/o:suse:sll:7CVE-2021-23961SUSE Liberty Linux 7
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
ImportantCVE-2021-23961 at SUSECVE-2021-23961 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-23964SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
ImportantCVE-2021-23964 at SUSECVE-2021-23964 at NVDSUSE bug 1181414cpe:/o:suse:sll:7CVE-2021-23968SUSE Liberty Linux 7
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ImportantCVE-2021-23968 at SUSECVE-2021-23968 at NVDSUSE bug 1182614cpe:/o:suse:sll:7CVE-2021-23969SUSE Liberty Linux 7
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that's not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ImportantCVE-2021-23969 at SUSECVE-2021-23969 at NVDSUSE bug 1182614cpe:/o:suse:sll:7CVE-2021-23973SUSE Liberty Linux 7
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ImportantCVE-2021-23973 at SUSECVE-2021-23973 at NVDSUSE bug 1182614cpe:/o:suse:sll:7CVE-2021-23978SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
ImportantCVE-2021-23978 at SUSECVE-2021-23978 at NVDSUSE bug 1182614cpe:/o:suse:sll:7CVE-2021-23981SUSE Liberty Linux 7
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23981 at SUSECVE-2021-23981 at NVDSUSE bug 1183942cpe:/o:suse:sll:7CVE-2021-23982SUSE Liberty Linux 7
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23982 at SUSECVE-2021-23982 at NVDSUSE bug 1183942cpe:/o:suse:sll:7CVE-2021-23984SUSE Liberty Linux 7
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23984 at SUSECVE-2021-23984 at NVDSUSE bug 1183942cpe:/o:suse:sll:7CVE-2021-23987SUSE Liberty Linux 7
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
ImportantCVE-2021-23987 at SUSECVE-2021-23987 at NVDSUSE bug 1183942cpe:/o:suse:sll:7CVE-2021-23991SUSE Liberty Linux 7
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.
ModerateCVE-2021-23991 at SUSECVE-2021-23991 at NVDSUSE bug 1184536cpe:/o:suse:sll:7CVE-2021-23992SUSE Liberty Linux 7
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1.
ModerateCVE-2021-23992 at SUSECVE-2021-23992 at NVDSUSE bug 1184536cpe:/o:suse:sll:7CVE-2021-23993SUSE Liberty Linux 7
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.
ModerateCVE-2021-23993 at SUSECVE-2021-23993 at NVDSUSE bug 1184536cpe:/o:suse:sll:7CVE-2021-23994SUSE Liberty Linux 7
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23994 at SUSECVE-2021-23994 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-23995SUSE Liberty Linux 7
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23995 at SUSECVE-2021-23995 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-23998SUSE Liberty Linux 7
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23998 at SUSECVE-2021-23998 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-23999SUSE Liberty Linux 7
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-23999 at SUSECVE-2021-23999 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-24002SUSE Liberty Linux 7
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-24002 at SUSECVE-2021-24002 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-25214SUSE Liberty Linux 7
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
ImportantCVE-2021-25214 at SUSECVE-2021-25214 at NVDSUSE bug 1185345cpe:/o:suse:sll:7CVE-2021-25215SUSE Liberty Linux 7
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
ImportantCVE-2021-25215 at SUSECVE-2021-25215 at NVDSUSE bug 1185345SUSE bug 1189848SUSE bug 1196172SUSE bug 1199298SUSE bug 1225626cpe:/o:suse:sll:7CVE-2021-25217SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
ImportantCVE-2021-25217 at SUSECVE-2021-25217 at NVDSUSE bug 1186382SUSE bug 1189843SUSE bug 1189858SUSE bug 1199299SUSE bug 1214270SUSE bug 1218485SUSE bug 1218969SUSE bug 1225674cpe:/o:suse:sll:7CVE-2021-25220SUSE Liberty Linux 7
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
ModerateCVE-2021-25220 at SUSECVE-2021-25220 at NVDSUSE bug 1197135cpe:/o:suse:sll:7CVE-2021-26401SUSE Liberty Linux 7
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
ModerateCVE-2021-26401 at SUSECVE-2021-26401 at NVDSUSE bug 1191580SUSE bug 1196901SUSE bug 1209630cpe:/o:suse:sll:7CVE-2021-26691SUSE Liberty Linux 7
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
ImportantCVE-2021-26691 at SUSECVE-2021-26691 at NVDSUSE bug 1187017SUSE bug 1187933cpe:/o:suse:sll:7CVE-2021-26937SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
ImportantCVE-2021-26937 at SUSECVE-2021-26937 at NVDSUSE bug 1182092SUSE bug 1184006cpe:/o:suse:sll:7CVE-2021-27135SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
ImportantCVE-2021-27135 at SUSECVE-2021-27135 at NVDSUSE bug 1182091SUSE bug 1189857SUSE bug 1190262SUSE bug 1225632cpe:/o:suse:sll:7CVE-2021-27219SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.
ModerateCVE-2021-27219 at SUSECVE-2021-27219 at NVDSUSE bug 1182362SUSE bug 1194015cpe:/o:suse:sll:7CVE-2021-27363SUSE Liberty Linux 7
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.
ImportantCVE-2021-27363 at SUSECVE-2021-27363 at NVDSUSE bug 1182716SUSE bug 1182717SUSE bug 1183120SUSE bug 1200084cpe:/o:suse:sll:7CVE-2021-27364SUSE Liberty Linux 7
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
ImportantCVE-2021-27364 at SUSECVE-2021-27364 at NVDSUSE bug 1182715SUSE bug 1182716SUSE bug 1182717SUSE bug 1200084SUSE bug 1214268SUSE bug 1218966cpe:/o:suse:sll:7CVE-2021-27365SUSE Liberty Linux 7
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.
ImportantCVE-2021-27365 at SUSECVE-2021-27365 at NVDSUSE bug 1182712SUSE bug 1182715SUSE bug 1183491SUSE bug 1200084SUSE bug 1214268SUSE bug 1218966cpe:/o:suse:sll:7CVE-2021-27803SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
ImportantCVE-2021-27803 at SUSECVE-2021-27803 at NVDSUSE bug 1182805cpe:/o:suse:sll:7CVE-2021-28091SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
ImportantCVE-2021-28091 at SUSECVE-2021-28091 at NVDSUSE bug 1186768cpe:/o:suse:sll:7CVE-2021-29154SUSE Liberty Linux 7
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
ImportantCVE-2021-29154 at SUSECVE-2021-29154 at NVDSUSE bug 1184391SUSE bug 1184710SUSE bug 1186408cpe:/o:suse:sll:7CVE-2021-29505SUSE Liberty Linux 7
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
ImportantCVE-2021-29505 at SUSECVE-2021-29505 at NVDSUSE bug 1186651cpe:/o:suse:sll:7CVE-2021-29650SUSE Liberty Linux 7
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
ModerateCVE-2021-29650 at SUSECVE-2021-29650 at NVDSUSE bug 1184208cpe:/o:suse:sll:7CVE-2021-29945SUSE Liberty Linux 7
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-29945 at SUSECVE-2021-29945 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-29946SUSE Liberty Linux 7
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
ImportantCVE-2021-29946 at SUSECVE-2021-29946 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-29948SUSE Liberty Linux 7
Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.
ImportantCVE-2021-29948 at SUSECVE-2021-29948 at NVDSUSE bug 1184960cpe:/o:suse:sll:7CVE-2021-29956SUSE Liberty Linux 7
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2.
LowCVE-2021-29956 at SUSECVE-2021-29956 at NVDSUSE bug 1186199cpe:/o:suse:sll:7CVE-2021-29957SUSE Liberty Linux 7
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.
LowCVE-2021-29957 at SUSECVE-2021-29957 at NVDSUSE bug 1186198cpe:/o:suse:sll:7CVE-2021-29967SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.
ImportantCVE-2021-29967 at SUSECVE-2021-29967 at NVDSUSE bug 1186696cpe:/o:suse:sll:7CVE-2021-29969SUSE Liberty Linux 7
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.
ImportantCVE-2021-29969 at SUSECVE-2021-29969 at NVDSUSE bug 1188275cpe:/o:suse:sll:7CVE-2021-29970SUSE Liberty Linux 7
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
ImportantCVE-2021-29970 at SUSECVE-2021-29970 at NVDSUSE bug 1188275cpe:/o:suse:sll:7CVE-2021-29976SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
ImportantCVE-2021-29976 at SUSECVE-2021-29976 at NVDSUSE bug 1188275cpe:/o:suse:sll:7CVE-2021-29980SUSE Liberty Linux 7
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29980 at SUSECVE-2021-29980 at NVDSUSE bug 1188891cpe:/o:suse:sll:7CVE-2021-29984SUSE Liberty Linux 7
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29984 at SUSECVE-2021-29984 at NVDSUSE bug 1188891cpe:/o:suse:sll:7CVE-2021-29985SUSE Liberty Linux 7
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29985 at SUSECVE-2021-29985 at NVDSUSE bug 1188891cpe:/o:suse:sll:7CVE-2021-29986SUSE Liberty Linux 7
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29986 at SUSECVE-2021-29986 at NVDSUSE bug 1188891cpe:/o:suse:sll:7CVE-2021-29988SUSE Liberty Linux 7
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29988 at SUSECVE-2021-29988 at NVDSUSE bug 1188891cpe:/o:suse:sll:7CVE-2021-29989SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
ImportantCVE-2021-29989 at SUSECVE-2021-29989 at NVDSUSE bug 1188891cpe:/o:suse:sll:7CVE-2021-30547SUSE Liberty Linux 7
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
ImportantCVE-2021-30547 at SUSECVE-2021-30547 at NVDSUSE bug 1187141SUSE bug 1188275cpe:/o:suse:sll:7CVE-2021-30858SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
ImportantCVE-2021-30858 at SUSECVE-2021-30858 at NVDSUSE bug 1190701SUSE bug 1191298SUSE bug 1191301cpe:/o:suse:sll:7CVE-2021-31291SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29457. Reason: This candidate is a duplicate of CVE-2021-29457. Notes: All CVE users should reference CVE-2021-29457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
ModerateCVE-2021-31291 at SUSECVE-2021-31291 at NVDSUSE bug 1188733cpe:/o:suse:sll:7CVE-2021-31535SUSE Liberty Linux 7
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
ImportantCVE-2021-31535 at SUSECVE-2021-31535 at NVDSUSE bug 1182506SUSE bug 1191879SUSE bug 1205051cpe:/o:suse:sll:7CVE-2021-3156SUSE Liberty Linux 7
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
ImportantCVE-2021-3156 at SUSECVE-2021-3156 at NVDSUSE bug 1180684SUSE bug 1181090SUSE bug 1181506SUSE bug 1181657SUSE bug 1183936SUSE bug 1218863SUSE bug 1225623cpe:/o:suse:sll:7CVE-2021-3177SUSE Liberty Linux 7
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
ModerateCVE-2021-3177 at SUSECVE-2021-3177 at NVDSUSE bug 1181126cpe:/o:suse:sll:7CVE-2021-32027SUSE Liberty Linux 7
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-32027 at SUSECVE-2021-32027 at NVDSUSE bug 1185924cpe:/o:suse:sll:7CVE-2021-32142SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.
ModerateCVE-2021-32142 at SUSECVE-2021-32142 at NVDSUSE bug 1208470cpe:/o:suse:sll:7CVE-2021-32399SUSE Liberty Linux 7
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
ImportantCVE-2021-32399 at SUSECVE-2021-32399 at NVDSUSE bug 1184611SUSE bug 1185898SUSE bug 1185899SUSE bug 1196174SUSE bug 1200084SUSE bug 1201734cpe:/o:suse:sll:7CVE-2021-3246SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
CriticalCVE-2021-3246 at SUSECVE-2021-3246 at NVDSUSE bug 1188540cpe:/o:suse:sll:7CVE-2021-32810SUSE Liberty Linux 7
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
CriticalCVE-2021-32810 at SUSECVE-2021-32810 at NVDSUSE bug 1191332cpe:/o:suse:sll:7CVE-2021-33033SUSE Liberty Linux 7
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
ModerateCVE-2021-33033 at SUSECVE-2021-33033 at NVDSUSE bug 1186109SUSE bug 1186283SUSE bug 1188876cpe:/o:suse:sll:7CVE-2021-33034SUSE Liberty Linux 7
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
ImportantCVE-2021-33034 at SUSECVE-2021-33034 at NVDSUSE bug 1186111SUSE bug 1186285cpe:/o:suse:sll:7CVE-2021-3347SUSE Liberty Linux 7
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
ImportantCVE-2021-3347 at SUSECVE-2021-3347 at NVDSUSE bug 1181349SUSE bug 1181553SUSE bug 1190859cpe:/o:suse:sll:7CVE-2021-33516SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
CriticalCVE-2021-33516 at SUSECVE-2021-33516 at NVDSUSE bug 1186590cpe:/o:suse:sll:7CVE-2021-33909SUSE Liberty Linux 7
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
ImportantCVE-2021-33909 at SUSECVE-2021-33909 at NVDSUSE bug 1188062SUSE bug 1188063SUSE bug 1188257SUSE bug 1189302SUSE bug 1190859cpe:/o:suse:sll:7CVE-2021-3472SUSE Liberty Linux 7
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-3472 at SUSECVE-2021-3472 at NVDSUSE bug 1180128cpe:/o:suse:sll:7CVE-2021-34798SUSE Liberty Linux 7
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
ImportantCVE-2021-34798 at SUSECVE-2021-34798 at NVDSUSE bug 1190669SUSE bug 1191297cpe:/o:suse:sll:7CVE-2021-3480SUSE Liberty Linux 7
A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.
ImportantCVE-2021-3480 at SUSECVE-2021-3480 at NVDcpe:/o:suse:sll:7CVE-2021-3504SUSE Liberty Linux 7
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3504 at SUSECVE-2021-3504 at NVDSUSE bug 1185013cpe:/o:suse:sll:7CVE-2021-35550SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
ModerateCVE-2021-35550 at SUSECVE-2021-35550 at NVDSUSE bug 1191901SUSE bug 1193314cpe:/o:suse:sll:7CVE-2021-35556SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35556 at SUSECVE-2021-35556 at NVDSUSE bug 1191910cpe:/o:suse:sll:7CVE-2021-35559SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35559 at SUSECVE-2021-35559 at NVDSUSE bug 1191911cpe:/o:suse:sll:7CVE-2021-35561SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35561 at SUSECVE-2021-35561 at NVDSUSE bug 1191912cpe:/o:suse:sll:7CVE-2021-35564SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2021-35564 at SUSECVE-2021-35564 at NVDSUSE bug 1191913cpe:/o:suse:sll:7CVE-2021-35565SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35565 at SUSECVE-2021-35565 at NVDSUSE bug 1191909cpe:/o:suse:sll:7CVE-2021-35567SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).
ModerateCVE-2021-35567 at SUSECVE-2021-35567 at NVDSUSE bug 1191903cpe:/o:suse:sll:7CVE-2021-35578SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35578 at SUSECVE-2021-35578 at NVDSUSE bug 1191904cpe:/o:suse:sll:7CVE-2021-35586SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2021-35586 at SUSECVE-2021-35586 at NVDSUSE bug 1191914SUSE bug 1194928cpe:/o:suse:sll:7CVE-2021-35588SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
LowCVE-2021-35588 at SUSECVE-2021-35588 at NVDSUSE bug 1191905cpe:/o:suse:sll:7CVE-2021-35603SUSE Liberty Linux 7
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
LowCVE-2021-35603 at SUSECVE-2021-35603 at NVDSUSE bug 1191906cpe:/o:suse:sll:7CVE-2021-3564SUSE Liberty Linux 7
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
ModerateCVE-2021-3564 at SUSECVE-2021-3564 at NVDSUSE bug 1186207cpe:/o:suse:sll:7CVE-2021-3570SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
ImportantCVE-2021-3570 at SUSECVE-2021-3570 at NVDSUSE bug 1187646cpe:/o:suse:sll:7CVE-2021-3573SUSE Liberty Linux 7
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
ImportantCVE-2021-3573 at SUSECVE-2021-3573 at NVDSUSE bug 1186666SUSE bug 1187054SUSE bug 1188172cpe:/o:suse:sll:7CVE-2021-3621SUSE Liberty Linux 7
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ModerateCVE-2021-3621 at SUSECVE-2021-3621 at NVDSUSE bug 1189492cpe:/o:suse:sll:7CVE-2021-3622SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
ModerateCVE-2021-3622 at SUSECVE-2021-3622 at NVDSUSE bug 1189060cpe:/o:suse:sll:7CVE-2021-3652SUSE Liberty Linux 7
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
ModerateCVE-2021-3652 at SUSECVE-2021-3652 at NVDSUSE bug 1188455cpe:/o:suse:sll:7CVE-2021-3653SUSE Liberty Linux 7
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
ImportantCVE-2021-3653 at SUSECVE-2021-3653 at NVDSUSE bug 1189399SUSE bug 1189420SUSE bug 1196914cpe:/o:suse:sll:7CVE-2021-3656SUSE Liberty Linux 7
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
ImportantCVE-2021-3656 at SUSECVE-2021-3656 at NVDSUSE bug 1189400SUSE bug 1189418cpe:/o:suse:sll:7CVE-2021-3712SUSE Liberty Linux 7
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
ModerateCVE-2021-3712 at SUSECVE-2021-3712 at NVDSUSE bug 1189521SUSE bug 1190129SUSE bug 1191640SUSE bug 1192100SUSE bug 1192787SUSE bug 1194948SUSE bug 1225628cpe:/o:suse:sll:7CVE-2021-3715SUSE Liberty Linux 7
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-3715 at SUSECVE-2021-3715 at NVDSUSE bug 1190349SUSE bug 1190350SUSE bug 1196722cpe:/o:suse:sll:7CVE-2021-3752SUSE Liberty Linux 7
A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ImportantCVE-2021-3752 at SUSECVE-2021-3752 at NVDSUSE bug 1190023SUSE bug 1190432cpe:/o:suse:sll:7CVE-2021-37576SUSE Liberty Linux 7
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
ImportantCVE-2021-37576 at SUSECVE-2021-37576 at NVDSUSE bug 1188838SUSE bug 1188842SUSE bug 1190276cpe:/o:suse:sll:7CVE-2021-37750SUSE Liberty Linux 7
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
ModerateCVE-2021-37750 at SUSECVE-2021-37750 at NVDSUSE bug 1189929cpe:/o:suse:sll:7CVE-2021-38493SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
ImportantCVE-2021-38493 at SUSECVE-2021-38493 at NVDSUSE bug 1190269cpe:/o:suse:sll:7CVE-2021-38496SUSE Liberty Linux 7
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
ImportantCVE-2021-38496 at SUSECVE-2021-38496 at NVDSUSE bug 1191332cpe:/o:suse:sll:7CVE-2021-38497SUSE Liberty Linux 7
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
ImportantCVE-2021-38497 at SUSECVE-2021-38497 at NVDSUSE bug 1191332cpe:/o:suse:sll:7CVE-2021-38498SUSE Liberty Linux 7
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
ImportantCVE-2021-38498 at SUSECVE-2021-38498 at NVDSUSE bug 1191332cpe:/o:suse:sll:7CVE-2021-38500SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
ImportantCVE-2021-38500 at SUSECVE-2021-38500 at NVDSUSE bug 1191332cpe:/o:suse:sll:7CVE-2021-38501SUSE Liberty Linux 7
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
ImportantCVE-2021-38501 at SUSECVE-2021-38501 at NVDSUSE bug 1191332cpe:/o:suse:sll:7CVE-2021-38502SUSE Liberty Linux 7
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
ModerateCVE-2021-38502 at SUSECVE-2021-38502 at NVDcpe:/o:suse:sll:7CVE-2021-38503SUSE Liberty Linux 7
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38503 at SUSECVE-2021-38503 at NVDSUSE bug 1192250cpe:/o:suse:sll:7CVE-2021-38504SUSE Liberty Linux 7
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38504 at SUSECVE-2021-38504 at NVDSUSE bug 1192250cpe:/o:suse:sll:7CVE-2021-38506SUSE Liberty Linux 7
Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38506 at SUSECVE-2021-38506 at NVDSUSE bug 1192250cpe:/o:suse:sll:7CVE-2021-38507SUSE Liberty Linux 7
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38507 at SUSECVE-2021-38507 at NVDSUSE bug 1192250cpe:/o:suse:sll:7CVE-2021-38508SUSE Liberty Linux 7
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38508 at SUSECVE-2021-38508 at NVDSUSE bug 1192250cpe:/o:suse:sll:7CVE-2021-38509SUSE Liberty Linux 7
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
ImportantCVE-2021-38509 at SUSECVE-2021-38509 at NVDSUSE bug 1192250cpe:/o:suse:sll:7CVE-2021-39139SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39139 at SUSECVE-2021-39139 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39140SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39140 at SUSECVE-2021-39140 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39141SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39141 at SUSECVE-2021-39141 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39144SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39144 at SUSECVE-2021-39144 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39145SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39145 at SUSECVE-2021-39145 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39146SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39146 at SUSECVE-2021-39146 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39147SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39147 at SUSECVE-2021-39147 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39148SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39148 at SUSECVE-2021-39148 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39149SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39149 at SUSECVE-2021-39149 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39150SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.
ImportantCVE-2021-39150 at SUSECVE-2021-39150 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39151SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39151 at SUSECVE-2021-39151 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39152SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.
ImportantCVE-2021-39152 at SUSECVE-2021-39152 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39153SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39153 at SUSECVE-2021-39153 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39154SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
ImportantCVE-2021-39154 at SUSECVE-2021-39154 at NVDSUSE bug 1189798cpe:/o:suse:sll:7CVE-2021-39275SUSE Liberty Linux 7
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
ImportantCVE-2021-39275 at SUSECVE-2021-39275 at NVDSUSE bug 1190666cpe:/o:suse:sll:7CVE-2021-4008SUSE Liberty Linux 7
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4008 at SUSECVE-2021-4008 at NVDSUSE bug 1193030SUSE bug 1194308SUSE bug 1196656cpe:/o:suse:sll:7CVE-2021-4009SUSE Liberty Linux 7
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4009 at SUSECVE-2021-4009 at NVDSUSE bug 1190487cpe:/o:suse:sll:7CVE-2021-4010SUSE Liberty Linux 7
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4010 at SUSECVE-2021-4010 at NVDSUSE bug 1190488cpe:/o:suse:sll:7CVE-2021-4011SUSE Liberty Linux 7
A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ImportantCVE-2021-4011 at SUSECVE-2021-4011 at NVDSUSE bug 1190489SUSE bug 1196656cpe:/o:suse:sll:7CVE-2021-40211SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.
ImportantCVE-2021-40211 at SUSECVE-2021-40211 at NVDcpe:/o:suse:sll:7CVE-2021-4028SUSE Liberty Linux 7
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
ImportantCVE-2021-4028 at SUSECVE-2021-4028 at NVDSUSE bug 1193167SUSE bug 1193529cpe:/o:suse:sll:7CVE-2021-4034SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
ImportantCVE-2021-4034 at SUSECVE-2021-4034 at NVDSUSE bug 1194568SUSE bug 1195125SUSE bug 1195136SUSE bug 1195246SUSE bug 1195265SUSE bug 1195278SUSE bug 1195528SUSE bug 1195541SUSE bug 1196165SUSE bug 1196388SUSE bug 1225668cpe:/o:suse:sll:7CVE-2021-40438SUSE Liberty Linux 7
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
ImportantCVE-2021-40438 at SUSECVE-2021-40438 at NVDSUSE bug 1190703cpe:/o:suse:sll:7CVE-2021-4083SUSE Liberty Linux 7
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
ImportantCVE-2021-4083 at SUSECVE-2021-4083 at NVDSUSE bug 1193727SUSE bug 1194460SUSE bug 1196722cpe:/o:suse:sll:7CVE-2021-4091SUSE Liberty Linux 7
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
ModerateCVE-2021-4091 at SUSECVE-2021-4091 at NVDSUSE bug 1195324cpe:/o:suse:sll:7CVE-2021-41133SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.
ImportantCVE-2021-41133 at SUSECVE-2021-41133 at NVDSUSE bug 1191507SUSE bug 1191937cpe:/o:suse:sll:7CVE-2021-41159SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.
ImportantCVE-2021-41159 at SUSECVE-2021-41159 at NVDSUSE bug 1191895cpe:/o:suse:sll:7CVE-2021-41160SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
ImportantCVE-2021-41160 at SUSECVE-2021-41160 at NVDSUSE bug 1191895cpe:/o:suse:sll:7CVE-2021-4140SUSE Liberty Linux 7
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2021-4140 at SUSECVE-2021-4140 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2021-4155SUSE Liberty Linux 7
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
ModerateCVE-2021-4155 at SUSECVE-2021-4155 at NVDSUSE bug 1194272SUSE bug 1199255SUSE bug 1200084cpe:/o:suse:sll:7CVE-2021-41617SUSE Liberty Linux 7
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
ImportantCVE-2021-41617 at SUSECVE-2021-41617 at NVDSUSE bug 1190975SUSE bug 1193497SUSE bug 1196721SUSE bug 1200782SUSE bug 1205056SUSE bug 1212247SUSE bug 1212281cpe:/o:suse:sll:7CVE-2021-42097SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
ModerateCVE-2021-42097 at SUSECVE-2021-42097 at NVDSUSE bug 1191960cpe:/o:suse:sll:7CVE-2021-42574SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.
ImportantCVE-2021-42574 at SUSECVE-2021-42574 at NVDSUSE bug 1191820cpe:/o:suse:sll:7CVE-2021-42739SUSE Liberty Linux 7
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
ImportantCVE-2021-42739 at SUSECVE-2021-42739 at NVDSUSE bug 1184673SUSE bug 1192036SUSE bug 1196722SUSE bug 1196914cpe:/o:suse:sll:7CVE-2021-43527SUSE Liberty Linux 7
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
ImportantCVE-2021-43527 at SUSECVE-2021-43527 at NVDSUSE bug 1193170SUSE bug 1193331SUSE bug 1193378SUSE bug 1194288SUSE bug 1199301SUSE bug 1225630cpe:/o:suse:sll:7CVE-2021-43528SUSE Liberty Linux 7
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.
ImportantCVE-2021-43528 at SUSECVE-2021-43528 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43536SUSE Liberty Linux 7
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43536 at SUSECVE-2021-43536 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43537SUSE Liberty Linux 7
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43537 at SUSECVE-2021-43537 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43538SUSE Liberty Linux 7
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43538 at SUSECVE-2021-43538 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43539SUSE Liberty Linux 7
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43539 at SUSECVE-2021-43539 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43541SUSE Liberty Linux 7
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43541 at SUSECVE-2021-43541 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43542SUSE Liberty Linux 7
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43542 at SUSECVE-2021-43542 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43543SUSE Liberty Linux 7
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43543 at SUSECVE-2021-43543 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43545SUSE Liberty Linux 7
Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43545 at SUSECVE-2021-43545 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-43546SUSE Liberty Linux 7
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
ImportantCVE-2021-43546 at SUSECVE-2021-43546 at NVDSUSE bug 1193485cpe:/o:suse:sll:7CVE-2021-44142SUSE Liberty Linux 7
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
CriticalCVE-2021-44142 at SUSECVE-2021-44142 at NVDSUSE bug 1194859SUSE bug 1195611SUSE bug 1196455SUSE bug 1199646cpe:/o:suse:sll:7CVE-2021-44227SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
ImportantCVE-2021-44227 at SUSECVE-2021-44227 at NVDSUSE bug 1193316cpe:/o:suse:sll:7CVE-2021-44790SUSE Liberty Linux 7
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CriticalCVE-2021-44790 at SUSECVE-2021-44790 at NVDSUSE bug 1193942SUSE bug 1204730cpe:/o:suse:sll:7CVE-2021-45417SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
ImportantCVE-2021-45417 at SUSECVE-2021-45417 at NVDSUSE bug 1194735SUSE bug 1196390SUSE bug 1225074cpe:/o:suse:sll:7CVE-2021-45463SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
ImportantCVE-2021-45463 at SUSECVE-2021-45463 at NVDSUSE bug 1194045cpe:/o:suse:sll:7CVE-2021-45960SUSE Liberty Linux 7
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
ModerateCVE-2021-45960 at SUSECVE-2021-45960 at NVDSUSE bug 1194251cpe:/o:suse:sll:7CVE-2021-46143SUSE Liberty Linux 7
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
ImportantCVE-2021-46143 at SUSECVE-2021-46143 at NVDSUSE bug 1194362SUSE bug 1195327SUSE bug 1196387SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2021-46784SUSE Liberty Linux 7
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
ImportantCVE-2021-46784 at SUSECVE-2021-46784 at NVDSUSE bug 1200907cpe:/o:suse:sll:7CVE-2022-0330SUSE Liberty Linux 7
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
ImportantCVE-2022-0330 at SUSECVE-2022-0330 at NVDSUSE bug 1194880SUSE bug 1195950cpe:/o:suse:sll:7CVE-2022-0492SUSE Liberty Linux 7
A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
ImportantCVE-2022-0492 at SUSECVE-2022-0492 at NVDSUSE bug 1195543SUSE bug 1195908SUSE bug 1196612SUSE bug 1196776SUSE bug 1198615SUSE bug 1199255SUSE bug 1199615SUSE bug 1200084cpe:/o:suse:sll:7CVE-2022-0566SUSE Liberty Linux 7
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.
ImportantCVE-2022-0566 at SUSECVE-2022-0566 at NVDSUSE bug 1196072cpe:/o:suse:sll:7CVE-2022-0778SUSE Liberty Linux 7
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
ImportantCVE-2022-0778 at SUSECVE-2022-0778 at NVDSUSE bug 1196877SUSE bug 1197328SUSE bug 1197340SUSE bug 1199100SUSE bug 1199254SUSE bug 1199303SUSE bug 1199339SUSE bug 1200090SUSE bug 1225670cpe:/o:suse:sll:7CVE-2022-0918SUSE Liberty Linux 7
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
ImportantCVE-2022-0918 at SUSECVE-2022-0918 at NVDSUSE bug 1197275cpe:/o:suse:sll:7CVE-2022-0996SUSE Liberty Linux 7
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
ModerateCVE-2022-0996 at SUSECVE-2022-0996 at NVDSUSE bug 1197345cpe:/o:suse:sll:7CVE-2022-1011SUSE Liberty Linux 7 LTSS
A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
ImportantCVE-2022-1011 at SUSECVE-2022-1011 at NVDSUSE bug 1197343SUSE bug 1197344SUSE bug 1198687SUSE bug 1204132SUSE bug 1212322CVE-2022-1097SUSE Liberty Linux 7
<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
ImportantCVE-2022-1097 at SUSECVE-2022-1097 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-1196SUSE Liberty Linux 7
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.
ImportantCVE-2022-1196 at SUSECVE-2022-1196 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-1197SUSE Liberty Linux 7
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.
ImportantCVE-2022-1197 at SUSECVE-2022-1197 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-1271SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
ImportantCVE-2022-1271 at SUSECVE-2022-1271 at NVDSUSE bug 1198062SUSE bug 1198812SUSE bug 1199107SUSE bug 1199108cpe:/o:suse:sll:7CVE-2022-1520SUSE Liberty Linux 7
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9.
ImportantCVE-2022-1520 at SUSECVE-2022-1520 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-1529SUSE Liberty Linux 7
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
ImportantCVE-2022-1529 at SUSECVE-2022-1529 at NVDSUSE bug 1199768cpe:/o:suse:sll:7CVE-2022-1552SUSE Liberty Linux 7
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
ImportantCVE-2022-1552 at SUSECVE-2022-1552 at NVDSUSE bug 1199475cpe:/o:suse:sll:7CVE-2022-1729SUSE Liberty Linux 7
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
ImportantCVE-2022-1729 at SUSECVE-2022-1729 at NVDSUSE bug 1199507SUSE bug 1199697SUSE bug 1201832cpe:/o:suse:sll:7CVE-2022-1802SUSE Liberty Linux 7
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
ImportantCVE-2022-1802 at SUSECVE-2022-1802 at NVDSUSE bug 1199768cpe:/o:suse:sll:7CVE-2022-1834SUSE Liberty Linux 7
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10.
ImportantCVE-2022-1834 at SUSECVE-2022-1834 at NVDcpe:/o:suse:sll:7CVE-2022-1966SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
ImportantCVE-2022-1966 at SUSECVE-2022-1966 at NVDSUSE bug 1200015SUSE bug 1200268SUSE bug 1200494SUSE bug 1200529cpe:/o:suse:sll:7CVE-2022-21123SUSE Liberty Linux 7
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2022-21123 at SUSECVE-2022-21123 at NVDSUSE bug 1199650SUSE bug 1200549SUSE bug 1209075cpe:/o:suse:sll:7CVE-2022-21125SUSE Liberty Linux 7
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2022-21125 at SUSECVE-2022-21125 at NVDSUSE bug 1199650SUSE bug 1200549SUSE bug 1209074cpe:/o:suse:sll:7CVE-2022-21166SUSE Liberty Linux 7
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2022-21166 at SUSECVE-2022-21166 at NVDSUSE bug 1199650SUSE bug 1200549SUSE bug 1209073cpe:/o:suse:sll:7CVE-2022-21248SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2022-21248 at SUSECVE-2022-21248 at NVDSUSE bug 1194926SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21277SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21277 at SUSECVE-2022-21277 at NVDSUSE bug 1194930SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21282SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2022-21282 at SUSECVE-2022-21282 at NVDSUSE bug 1194933SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21283SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21283 at SUSECVE-2022-21283 at NVDSUSE bug 1194937SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21291SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2022-21291 at SUSECVE-2022-21291 at NVDSUSE bug 1194925SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21293SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21293 at SUSECVE-2022-21293 at NVDSUSE bug 1194935SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21294SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21294 at SUSECVE-2022-21294 at NVDSUSE bug 1194934SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21296SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2022-21296 at SUSECVE-2022-21296 at NVDSUSE bug 1194932SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21299SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21299 at SUSECVE-2022-21299 at NVDSUSE bug 1194931SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21305SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2022-21305 at SUSECVE-2022-21305 at NVDSUSE bug 1194939SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-2132SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
ImportantCVE-2022-2132 at SUSECVE-2022-2132 at NVDSUSE bug 1202903cpe:/o:suse:sll:7CVE-2022-21340SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21340 at SUSECVE-2022-21340 at NVDSUSE bug 1194940SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21341SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21341 at SUSECVE-2022-21341 at NVDSUSE bug 1194941SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21360SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21360 at SUSECVE-2022-21360 at NVDSUSE bug 1194929SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21365SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21365 at SUSECVE-2022-21365 at NVDSUSE bug 1194928SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21366SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21366 at SUSECVE-2022-21366 at NVDSUSE bug 1194927SUSE bug 1197126cpe:/o:suse:sll:7CVE-2022-21426SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21426 at SUSECVE-2022-21426 at NVDSUSE bug 1198672SUSE bug 1201643cpe:/o:suse:sll:7CVE-2022-21434SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2022-21434 at SUSECVE-2022-21434 at NVDSUSE bug 1198674SUSE bug 1201643cpe:/o:suse:sll:7CVE-2022-21443SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
LowCVE-2022-21443 at SUSECVE-2022-21443 at NVDSUSE bug 1198675SUSE bug 1201643cpe:/o:suse:sll:7CVE-2022-21476SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
ImportantCVE-2022-21476 at SUSECVE-2022-21476 at NVDSUSE bug 1198671SUSE bug 1201643cpe:/o:suse:sll:7CVE-2022-21496SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2022-21496 at SUSECVE-2022-21496 at NVDSUSE bug 1198673SUSE bug 1201643cpe:/o:suse:sll:7CVE-2022-21540SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
ModerateCVE-2022-21540 at SUSECVE-2022-21540 at NVDSUSE bug 1201694SUSE bug 1202427cpe:/o:suse:sll:7CVE-2022-21541SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
ModerateCVE-2022-21541 at SUSECVE-2022-21541 at NVDSUSE bug 1201692SUSE bug 1202427cpe:/o:suse:sll:7CVE-2022-21618SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
ModerateCVE-2022-21618 at SUSECVE-2022-21618 at NVDSUSE bug 1204468SUSE bug 1205302cpe:/o:suse:sll:7CVE-2022-21619SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
LowCVE-2022-21619 at SUSECVE-2022-21619 at NVDSUSE bug 1204473SUSE bug 1205302cpe:/o:suse:sll:7CVE-2022-21624SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
LowCVE-2022-21624 at SUSECVE-2022-21624 at NVDSUSE bug 1204475SUSE bug 1205302cpe:/o:suse:sll:7CVE-2022-21626SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21626 at SUSECVE-2022-21626 at NVDSUSE bug 1204471SUSE bug 1205302cpe:/o:suse:sll:7CVE-2022-21628SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
ModerateCVE-2022-21628 at SUSECVE-2022-21628 at NVDSUSE bug 1204472SUSE bug 1205302cpe:/o:suse:sll:7CVE-2022-2200SUSE Liberty Linux 7
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
ImportantCVE-2022-2200 at SUSECVE-2022-2200 at NVDcpe:/o:suse:sll:7CVE-2022-2226SUSE Liberty Linux 7
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
ModerateCVE-2022-2226 at SUSECVE-2022-2226 at NVDcpe:/o:suse:sll:7CVE-2022-22720SUSE Liberty Linux 7
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
ImportantCVE-2022-22720 at SUSECVE-2022-22720 at NVDSUSE bug 1197095SUSE bug 1198430SUSE bug 1198998SUSE bug 1199102SUSE bug 1199495SUSE bug 1204730SUSE bug 1225670cpe:/o:suse:sll:7CVE-2022-22737SUSE Liberty Linux 7
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22737 at SUSECVE-2022-22737 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22738SUSE Liberty Linux 7
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22738 at SUSECVE-2022-22738 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22739SUSE Liberty Linux 7
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22739 at SUSECVE-2022-22739 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22740SUSE Liberty Linux 7
Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22740 at SUSECVE-2022-22740 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22741SUSE Liberty Linux 7
When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22741 at SUSECVE-2022-22741 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22742SUSE Liberty Linux 7
When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22742 at SUSECVE-2022-22742 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22743SUSE Liberty Linux 7
When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22743 at SUSECVE-2022-22743 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22745SUSE Liberty Linux 7
Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22745 at SUSECVE-2022-22745 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22747SUSE Liberty Linux 7
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22747 at SUSECVE-2022-22747 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22748SUSE Liberty Linux 7
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22748 at SUSECVE-2022-22748 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22751SUSE Liberty Linux 7
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
ModerateCVE-2022-22751 at SUSECVE-2022-22751 at NVDSUSE bug 1194547cpe:/o:suse:sll:7CVE-2022-22754SUSE Liberty Linux 7
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CriticalCVE-2022-22754 at SUSECVE-2022-22754 at NVDSUSE bug 1195682cpe:/o:suse:sll:7CVE-2022-22756SUSE Liberty Linux 7
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CriticalCVE-2022-22756 at SUSECVE-2022-22756 at NVDSUSE bug 1195682cpe:/o:suse:sll:7CVE-2022-22759SUSE Liberty Linux 7
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CriticalCVE-2022-22759 at SUSECVE-2022-22759 at NVDSUSE bug 1195682cpe:/o:suse:sll:7CVE-2022-22760SUSE Liberty Linux 7
When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CriticalCVE-2022-22760 at SUSECVE-2022-22760 at NVDSUSE bug 1195682cpe:/o:suse:sll:7CVE-2022-22761SUSE Liberty Linux 7
Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CriticalCVE-2022-22761 at SUSECVE-2022-22761 at NVDSUSE bug 1195682cpe:/o:suse:sll:7CVE-2022-22763SUSE Liberty Linux 7
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.
CriticalCVE-2022-22763 at SUSECVE-2022-22763 at NVDSUSE bug 1195682cpe:/o:suse:sll:7CVE-2022-22764SUSE Liberty Linux 7
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CriticalCVE-2022-22764 at SUSECVE-2022-22764 at NVDSUSE bug 1195682cpe:/o:suse:sll:7CVE-2022-22816SUSE Liberty Linux 7
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
LowCVE-2022-22816 at SUSECVE-2022-22816 at NVDSUSE bug 1194551cpe:/o:suse:sll:7CVE-2022-22817SUSE Liberty Linux 7
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
ModerateCVE-2022-22817 at SUSECVE-2022-22817 at NVDSUSE bug 1194521SUSE bug 1219048cpe:/o:suse:sll:7CVE-2022-22822SUSE Liberty Linux 7
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
ImportantCVE-2022-22822 at SUSECVE-2022-22822 at NVDSUSE bug 1194474SUSE bug 1195327SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2022-22823SUSE Liberty Linux 7
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
ImportantCVE-2022-22823 at SUSECVE-2022-22823 at NVDSUSE bug 1194476SUSE bug 1195327SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2022-22824SUSE Liberty Linux 7
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
ImportantCVE-2022-22824 at SUSECVE-2022-22824 at NVDSUSE bug 1194477SUSE bug 1195327SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2022-22825SUSE Liberty Linux 7
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
ImportantCVE-2022-22825 at SUSECVE-2022-22825 at NVDSUSE bug 1194478SUSE bug 1195327SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2022-22826SUSE Liberty Linux 7
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
ImportantCVE-2022-22826 at SUSECVE-2022-22826 at NVDSUSE bug 1194479SUSE bug 1195327SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2022-22827SUSE Liberty Linux 7
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
ImportantCVE-2022-22827 at SUSECVE-2022-22827 at NVDSUSE bug 1194480SUSE bug 1195327SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2022-22942SUSE Liberty Linux 7
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
ImportantCVE-2022-22942 at SUSECVE-2022-22942 at NVDSUSE bug 1195065SUSE bug 1195951cpe:/o:suse:sll:7CVE-2022-2319SUSE Liberty Linux 7
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
ImportantCVE-2022-2319 at SUSECVE-2022-2319 at NVDSUSE bug 1194179SUSE bug 1204093SUSE bug 1205071SUSE bug 1206243cpe:/o:suse:sll:7CVE-2022-2320SUSE Liberty Linux 7
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
ImportantCVE-2022-2320 at SUSECVE-2022-2320 at NVDSUSE bug 1194181SUSE bug 1201793SUSE bug 1204123SUSE bug 1205071cpe:/o:suse:sll:7CVE-2022-23521SUSE Liberty Linux 7
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.
ImportantCVE-2022-23521 at SUSECVE-2022-23521 at NVDSUSE bug 1207032SUSE bug 1207033SUSE bug 1208650SUSE bug 1209317cpe:/o:suse:sll:7CVE-2022-23816SUSE Liberty Linux 7
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
ModerateCVE-2022-23816 at SUSECVE-2022-23816 at NVDSUSE bug 1201456SUSE bug 1201469cpe:/o:suse:sll:7CVE-2022-23825SUSE Liberty Linux 7
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
ModerateCVE-2022-23825 at SUSECVE-2022-23825 at NVDSUSE bug 1201457SUSE bug 1201469SUSE bug 1205209cpe:/o:suse:sll:7CVE-2022-23852SUSE Liberty Linux 7
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
ImportantCVE-2022-23852 at SUSECVE-2022-23852 at NVDSUSE bug 1195054SUSE bug 1196480SUSE bug 1200038SUSE bug 1200198cpe:/o:suse:sll:7CVE-2022-2393SUSE Liberty Linux 7
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
ImportantCVE-2022-2393 at SUSECVE-2022-2393 at NVDcpe:/o:suse:sll:7CVE-2022-2414SUSE Liberty Linux 7
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
ImportantCVE-2022-2414 at SUSECVE-2022-2414 at NVDcpe:/o:suse:sll:7CVE-2022-24407SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
ImportantCVE-2022-24407 at SUSECVE-2022-24407 at NVDSUSE bug 1196036SUSE bug 1198600SUSE bug 1199112SUSE bug 1199494SUSE bug 1200197SUSE bug 1200200SUSE bug 1225034SUSE bug 1225669cpe:/o:suse:sll:7CVE-2022-24713SUSE Liberty Linux 7
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
ModerateCVE-2022-24713 at SUSECVE-2022-24713 at NVDSUSE bug 1196972SUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-24801SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.
ModerateCVE-2022-24801 at SUSECVE-2022-24801 at NVDSUSE bug 1198086cpe:/o:suse:sll:7CVE-2022-24903SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.
ImportantCVE-2022-24903 at SUSECVE-2022-24903 at NVDSUSE bug 1199061SUSE bug 1201736SUSE bug 1206201SUSE bug 1225528SUSE bug 1225631cpe:/o:suse:sll:7CVE-2022-2505SUSE Liberty Linux 7
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.
ImportantCVE-2022-2505 at SUSECVE-2022-2505 at NVDSUSE bug 1201758cpe:/o:suse:sll:7CVE-2022-25147SUSE Liberty Linux 7
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
CriticalCVE-2022-25147 at SUSECVE-2022-25147 at NVDSUSE bug 1207866SUSE bug 1209320cpe:/o:suse:sll:7CVE-2022-25235SUSE Liberty Linux 7
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
ImportantCVE-2022-25235 at SUSECVE-2022-25235 at NVDSUSE bug 1196026SUSE bug 1197217SUSE bug 1198587SUSE bug 1200038SUSE bug 1200198SUSE bug 1201735cpe:/o:suse:sll:7CVE-2022-25236SUSE Liberty Linux 7
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
ImportantCVE-2022-25236 at SUSECVE-2022-25236 at NVDSUSE bug 1196025SUSE bug 1196784SUSE bug 1197217SUSE bug 1200038SUSE bug 1201735cpe:/o:suse:sll:7CVE-2022-2526SUSE Liberty Linux 7
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
ImportantCVE-2022-2526 at SUSECVE-2022-2526 at NVDSUSE bug 1202574cpe:/o:suse:sll:7CVE-2022-25315SUSE Liberty Linux 7
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
ImportantCVE-2022-25315 at SUSECVE-2022-25315 at NVDSUSE bug 1196171SUSE bug 1197217SUSE bug 1198587SUSE bug 1200038SUSE bug 1200198SUSE bug 1201735cpe:/o:suse:sll:7CVE-2022-2588SUSE Liberty Linux 7
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
ImportantCVE-2022-2588 at SUSECVE-2022-2588 at NVDSUSE bug 1202096SUSE bug 1203613SUSE bug 1204183SUSE bug 1209225cpe:/o:suse:sll:7CVE-2022-2601SUSE Liberty Linux 7
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
ModerateCVE-2022-2601 at SUSECVE-2022-2601 at NVDSUSE bug 1205178cpe:/o:suse:sll:7CVE-2022-26373SUSE Liberty Linux 7
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
ModerateCVE-2022-26373 at SUSECVE-2022-26373 at NVDSUSE bug 1201726SUSE bug 1209619cpe:/o:suse:sll:7CVE-2022-26381SUSE Liberty Linux 7
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CriticalCVE-2022-26381 at SUSECVE-2022-26381 at NVDSUSE bug 1196900cpe:/o:suse:sll:7CVE-2022-26383SUSE Liberty Linux 7
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CriticalCVE-2022-26383 at SUSECVE-2022-26383 at NVDSUSE bug 1196900cpe:/o:suse:sll:7CVE-2022-26384SUSE Liberty Linux 7
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CriticalCVE-2022-26384 at SUSECVE-2022-26384 at NVDSUSE bug 1196900cpe:/o:suse:sll:7CVE-2022-26386SUSE Liberty Linux 7
Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7.
CriticalCVE-2022-26386 at SUSECVE-2022-26386 at NVDSUSE bug 1196900cpe:/o:suse:sll:7CVE-2022-26387SUSE Liberty Linux 7
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CriticalCVE-2022-26387 at SUSECVE-2022-26387 at NVDSUSE bug 1196900cpe:/o:suse:sll:7CVE-2022-26485SUSE Liberty Linux 7
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
ImportantCVE-2022-26485 at SUSECVE-2022-26485 at NVDSUSE bug 1196809cpe:/o:suse:sll:7CVE-2022-26486SUSE Liberty Linux 7
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.
ImportantCVE-2022-26486 at SUSECVE-2022-26486 at NVDSUSE bug 1196809cpe:/o:suse:sll:7CVE-2022-27635SUSE Liberty Linux 7
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2022-27635 at SUSECVE-2022-27635 at NVDcpe:/o:suse:sll:7CVE-2022-2795SUSE Liberty Linux 7
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
ModerateCVE-2022-2795 at SUSECVE-2022-2795 at NVDSUSE bug 1203614SUSE bug 1205842SUSE bug 1209913cpe:/o:suse:sll:7CVE-2022-28281SUSE Liberty Linux 7
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
ImportantCVE-2022-28281 at SUSECVE-2022-28281 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-28282SUSE Liberty Linux 7
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
ImportantCVE-2022-28282 at SUSECVE-2022-28282 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-28285SUSE Liberty Linux 7
When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
ImportantCVE-2022-28285 at SUSECVE-2022-28285 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-28286SUSE Liberty Linux 7
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
ImportantCVE-2022-28286 at SUSECVE-2022-28286 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-28289SUSE Liberty Linux 7
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
ImportantCVE-2022-28289 at SUSECVE-2022-28289 at NVDSUSE bug 1197903cpe:/o:suse:sll:7CVE-2022-2850SUSE Liberty Linux 7
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
ModerateCVE-2022-2850 at SUSECVE-2022-2850 at NVDSUSE bug 1202470cpe:/o:suse:sll:7CVE-2022-28733SUSE Liberty Linux 7
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.
ImportantCVE-2022-28733 at SUSECVE-2022-28733 at NVDSUSE bug 1198460SUSE bug 1203445SUSE bug 1205057SUSE bug 1227915cpe:/o:suse:sll:7CVE-2022-29154SUSE Liberty Linux 7
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
ImportantCVE-2022-29154 at SUSECVE-2022-29154 at NVDSUSE bug 1201840SUSE bug 1202970SUSE bug 1202998SUSE bug 1203401SUSE bug 1203727SUSE bug 1203789SUSE bug 1204119SUSE bug 1205072cpe:/o:suse:sll:7CVE-2022-2964SUSE Liberty Linux 7
A flaw was found in the Linux kernel's driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
ImportantCVE-2022-2964 at SUSECVE-2022-2964 at NVDSUSE bug 1202686SUSE bug 1203008SUSE bug 1208044cpe:/o:suse:sll:7CVE-2022-29900SUSE Liberty Linux 7
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
ModerateCVE-2022-29900 at SUSECVE-2022-29900 at NVDSUSE bug 1199657SUSE bug 1201469SUSE bug 1207894cpe:/o:suse:sll:7CVE-2022-29901SUSE Liberty Linux 7
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
ModerateCVE-2022-29901 at SUSECVE-2022-29901 at NVDSUSE bug 1199657SUSE bug 1201469SUSE bug 1207894cpe:/o:suse:sll:7CVE-2022-29909SUSE Liberty Linux 7
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
ImportantCVE-2022-29909 at SUSECVE-2022-29909 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-29911SUSE Liberty Linux 7
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
ImportantCVE-2022-29911 at SUSECVE-2022-29911 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-29912SUSE Liberty Linux 7
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
ImportantCVE-2022-29912 at SUSECVE-2022-29912 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-29913SUSE Liberty Linux 7
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.
ImportantCVE-2022-29913 at SUSECVE-2022-29913 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-29914SUSE Liberty Linux 7
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
ImportantCVE-2022-29914 at SUSECVE-2022-29914 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-29916SUSE Liberty Linux 7
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
ImportantCVE-2022-29916 at SUSECVE-2022-29916 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-29917SUSE Liberty Linux 7
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
ImportantCVE-2022-29917 at SUSECVE-2022-29917 at NVDSUSE bug 1198970cpe:/o:suse:sll:7CVE-2022-30123SUSE Liberty Linux 7
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
CriticalCVE-2022-30123 at SUSECVE-2022-30123 at NVDSUSE bug 1200750cpe:/o:suse:sll:7CVE-2022-3032SUSE Liberty Linux 7
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
ImportantCVE-2022-3032 at SUSECVE-2022-3032 at NVDSUSE bug 1203007cpe:/o:suse:sll:7CVE-2022-3033SUSE Liberty Linux 7
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>http-equiv="refresh"</code> attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
ImportantCVE-2022-3033 at SUSECVE-2022-3033 at NVDSUSE bug 1203007SUSE bug 1205941cpe:/o:suse:sll:7CVE-2022-3034SUSE Liberty Linux 7
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
ImportantCVE-2022-3034 at SUSECVE-2022-3034 at NVDSUSE bug 1203007cpe:/o:suse:sll:7CVE-2022-31676SUSE Liberty Linux 7
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
ImportantCVE-2022-31676 at SUSECVE-2022-31676 at NVDSUSE bug 1202657SUSE bug 1202733SUSE bug 1202834SUSE bug 1202995SUSE bug 1204044SUSE bug 1205471cpe:/o:suse:sll:7CVE-2022-31736SUSE Liberty Linux 7
A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
ImportantCVE-2022-31736 at SUSECVE-2022-31736 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-31737SUSE Liberty Linux 7
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
ImportantCVE-2022-31737 at SUSECVE-2022-31737 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-31738SUSE Liberty Linux 7
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
ImportantCVE-2022-31738 at SUSECVE-2022-31738 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-31740SUSE Liberty Linux 7
On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
ImportantCVE-2022-31740 at SUSECVE-2022-31740 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-31741SUSE Liberty Linux 7
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
ImportantCVE-2022-31741 at SUSECVE-2022-31741 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-31742SUSE Liberty Linux 7
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
ImportantCVE-2022-31742 at SUSECVE-2022-31742 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-31744SUSE Liberty Linux 7
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
ImportantCVE-2022-31744 at SUSECVE-2022-31744 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-31747SUSE Liberty Linux 7
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
ImportantCVE-2022-31747 at SUSECVE-2022-31747 at NVDSUSE bug 1200027cpe:/o:suse:sll:7CVE-2022-34169SUSE Liberty Linux 7
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
ImportantCVE-2022-34169 at SUSECVE-2022-34169 at NVDSUSE bug 1201684SUSE bug 1202427SUSE bug 1207688cpe:/o:suse:sll:7CVE-2022-34468SUSE Liberty Linux 7
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
ModerateCVE-2022-34468 at SUSECVE-2022-34468 at NVDSUSE bug 1200793cpe:/o:suse:sll:7CVE-2022-34470SUSE Liberty Linux 7
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
ModerateCVE-2022-34470 at SUSECVE-2022-34470 at NVDSUSE bug 1200793cpe:/o:suse:sll:7CVE-2022-34472SUSE Liberty Linux 7
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
ModerateCVE-2022-34472 at SUSECVE-2022-34472 at NVDSUSE bug 1200793cpe:/o:suse:sll:7CVE-2022-34479SUSE Liberty Linux 7
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
ModerateCVE-2022-34479 at SUSECVE-2022-34479 at NVDSUSE bug 1200793cpe:/o:suse:sll:7CVE-2022-34481SUSE Liberty Linux 7
In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
ModerateCVE-2022-34481 at SUSECVE-2022-34481 at NVDSUSE bug 1200793cpe:/o:suse:sll:7CVE-2022-34484SUSE Liberty Linux 7
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
ModerateCVE-2022-34484 at SUSECVE-2022-34484 at NVDSUSE bug 1200793cpe:/o:suse:sll:7CVE-2022-3515SUSE Liberty Linux 7
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
CriticalCVE-2022-3515 at SUSECVE-2022-3515 at NVDSUSE bug 1204357SUSE bug 1204806SUSE bug 1205080SUSE bug 1205592SUSE bug 1205627SUSE bug 1206244cpe:/o:suse:sll:7CVE-2022-3550SUSE Liberty Linux 7
A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.
ImportantCVE-2022-3550 at SUSECVE-2022-3550 at NVDSUSE bug 1204412SUSE bug 1204808SUSE bug 1205071SUSE bug 1206243SUSE bug 1208344SUSE bug 1209331cpe:/o:suse:sll:7CVE-2022-3551SUSE Liberty Linux 7
A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
ModerateCVE-2022-3551 at SUSECVE-2022-3551 at NVDSUSE bug 1204416cpe:/o:suse:sll:7CVE-2022-3560SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
ImportantCVE-2022-3560 at SUSECVE-2022-3560 at NVDSUSE bug 1202933cpe:/o:suse:sll:7CVE-2022-3564SUSE Liberty Linux 7
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
ImportantCVE-2022-3564 at SUSECVE-2022-3564 at NVDSUSE bug 1206073SUSE bug 1206314SUSE bug 1208030SUSE bug 1208044SUSE bug 1208085cpe:/o:suse:sll:7CVE-2022-36059SUSE Liberty Linux 7
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible.
ImportantCVE-2022-36059 at SUSECVE-2022-36059 at NVDSUSE bug 1203007cpe:/o:suse:sll:7CVE-2022-36318SUSE Liberty Linux 7
When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
ImportantCVE-2022-36318 at SUSECVE-2022-36318 at NVDSUSE bug 1201758cpe:/o:suse:sll:7CVE-2022-36319SUSE Liberty Linux 7
When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.
ImportantCVE-2022-36319 at SUSECVE-2022-36319 at NVDSUSE bug 1201758cpe:/o:suse:sll:7CVE-2022-36351SUSE Liberty Linux 7
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
ModerateCVE-2022-36351 at SUSECVE-2022-36351 at NVDcpe:/o:suse:sll:7CVE-2022-3640SUSE Liberty Linux 7 LTSS
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.
ImportantCVE-2022-3640 at SUSECVE-2022-3640 at NVDSUSE bug 1204619SUSE bug 1204624SUSE bug 1209225CVE-2022-37434SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
ImportantCVE-2022-37434 at SUSECVE-2022-37434 at NVDSUSE bug 1202175SUSE bug 1203030SUSE bug 1205074SUSE bug 1205289SUSE bug 1216542SUSE bug 1225671cpe:/o:suse:sll:7CVE-2022-38023SUSE Liberty Linux 7
Unknown.
ImportantCVE-2022-38023 at SUSECVE-2022-38023 at NVDSUSE bug 1206504SUSE bug 1209664SUSE bug 1213694cpe:/o:suse:sll:7CVE-2022-38076SUSE Liberty Linux 7
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
LowCVE-2022-38076 at SUSECVE-2022-38076 at NVDcpe:/o:suse:sll:7CVE-2022-38177SUSE Liberty Linux 7
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
ImportantCVE-2022-38177 at SUSECVE-2022-38177 at NVDSUSE bug 1203619SUSE bug 1204101SUSE bug 1205078SUSE bug 1205219cpe:/o:suse:sll:7CVE-2022-38178SUSE Liberty Linux 7
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
ImportantCVE-2022-38178 at SUSECVE-2022-38178 at NVDSUSE bug 1203620cpe:/o:suse:sll:7CVE-2022-38472SUSE Liberty Linux 7
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
ImportantCVE-2022-38472 at SUSECVE-2022-38472 at NVDSUSE bug 1202645SUSE bug 1205832cpe:/o:suse:sll:7CVE-2022-38473SUSE Liberty Linux 7
A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
ImportantCVE-2022-38473 at SUSECVE-2022-38473 at NVDSUSE bug 1202645cpe:/o:suse:sll:7CVE-2022-38476SUSE Liberty Linux 7
A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.
ImportantCVE-2022-38476 at SUSECVE-2022-38476 at NVDSUSE bug 1202645cpe:/o:suse:sll:7CVE-2022-38477SUSE Liberty Linux 7
Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.
ImportantCVE-2022-38477 at SUSECVE-2022-38477 at NVDSUSE bug 1202645cpe:/o:suse:sll:7CVE-2022-38478SUSE Liberty Linux 7
Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
ImportantCVE-2022-38478 at SUSECVE-2022-38478 at NVDSUSE bug 1202645cpe:/o:suse:sll:7CVE-2022-39236SUSE Liberty Linux 7
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.
ImportantCVE-2022-39236 at SUSECVE-2022-39236 at NVDSUSE bug 1204411cpe:/o:suse:sll:7CVE-2022-39249SUSE Liberty Linux 7
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.
ImportantCVE-2022-39249 at SUSECVE-2022-39249 at NVDSUSE bug 1204411cpe:/o:suse:sll:7CVE-2022-39250SUSE Liberty Linux 7
Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users' identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.
ImportantCVE-2022-39250 at SUSECVE-2022-39250 at NVDSUSE bug 1204411cpe:/o:suse:sll:7CVE-2022-39251SUSE Liberty Linux 7
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.
ImportantCVE-2022-39251 at SUSECVE-2022-39251 at NVDSUSE bug 1204411cpe:/o:suse:sll:7CVE-2022-39399SUSE Liberty Linux 7
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
LowCVE-2022-39399 at SUSECVE-2022-39399 at NVDSUSE bug 1204480SUSE bug 1205302cpe:/o:suse:sll:7CVE-2022-40674SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
ImportantCVE-2022-40674 at SUSECVE-2022-40674 at NVDSUSE bug 1203438SUSE bug 1204099SUSE bug 1204177SUSE bug 1204509SUSE bug 1205077SUSE bug 1205285SUSE bug 1205527SUSE bug 1205598SUSE bug 1208339SUSE bug 1208753cpe:/o:suse:sll:7CVE-2022-40956SUSE Liberty Linux 7
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
ImportantCVE-2022-40956 at SUSECVE-2022-40956 at NVDSUSE bug 1203477cpe:/o:suse:sll:7CVE-2022-40957SUSE Liberty Linux 7
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
ImportantCVE-2022-40957 at SUSECVE-2022-40957 at NVDSUSE bug 1203477cpe:/o:suse:sll:7CVE-2022-40958SUSE Liberty Linux 7
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
ImportantCVE-2022-40958 at SUSECVE-2022-40958 at NVDSUSE bug 1203477cpe:/o:suse:sll:7CVE-2022-40959SUSE Liberty Linux 7
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
ImportantCVE-2022-40959 at SUSECVE-2022-40959 at NVDSUSE bug 1203477cpe:/o:suse:sll:7CVE-2022-40960SUSE Liberty Linux 7
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
ImportantCVE-2022-40960 at SUSECVE-2022-40960 at NVDSUSE bug 1203477cpe:/o:suse:sll:7CVE-2022-40962SUSE Liberty Linux 7
Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
ImportantCVE-2022-40962 at SUSECVE-2022-40962 at NVDSUSE bug 1203477cpe:/o:suse:sll:7CVE-2022-40964SUSE Liberty Linux 7
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2022-40964 at SUSECVE-2022-40964 at NVDcpe:/o:suse:sll:7CVE-2022-40982SUSE Liberty Linux 7
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2022-40982 at SUSECVE-2022-40982 at NVDSUSE bug 1206418SUSE bug 1215674cpe:/o:suse:sll:7CVE-2022-41318SUSE Liberty Linux 7
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
ImportantCVE-2022-41318 at SUSECVE-2022-41318 at NVDSUSE bug 1203680cpe:/o:suse:sll:7CVE-2022-41853SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
ImportantCVE-2022-41853 at SUSECVE-2022-41853 at NVDSUSE bug 1204521cpe:/o:suse:sll:7CVE-2022-41903SUSE Liberty Linux 7
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
ImportantCVE-2022-41903 at SUSECVE-2022-41903 at NVDSUSE bug 1207032SUSE bug 1207033SUSE bug 1208650cpe:/o:suse:sll:7CVE-2022-41974SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
ImportantCVE-2022-41974 at SUSECVE-2022-41974 at NVDSUSE bug 1205472cpe:/o:suse:sll:7CVE-2022-4254SUSE Liberty Linux 7
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
ImportantCVE-2022-4254 at SUSECVE-2022-4254 at NVDSUSE bug 1207474cpe:/o:suse:sll:7CVE-2022-42703SUSE Liberty Linux 7
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
ImportantCVE-2022-42703 at SUSECVE-2022-42703 at NVDSUSE bug 1202096SUSE bug 1204168SUSE bug 1204170SUSE bug 1206463SUSE bug 1208044SUSE bug 1209225cpe:/o:suse:sll:7CVE-2022-4283SUSE Liberty Linux 7
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
ImportantCVE-2022-4283 at SUSECVE-2022-4283 at NVDSUSE bug 1206017SUSE bug 1208344SUSE bug 1208653cpe:/o:suse:sll:7CVE-2022-42896SUSE Liberty Linux 7
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
ModerateCVE-2022-42896 at SUSECVE-2022-42896 at NVDSUSE bug 1205709cpe:/o:suse:sll:7CVE-2022-42898SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
ModerateCVE-2022-42898 at SUSECVE-2022-42898 at NVDSUSE bug 1205126SUSE bug 1205667SUSE bug 1207423SUSE bug 1207690SUSE bug 1211487SUSE bug 1225675cpe:/o:suse:sll:7CVE-2022-42920SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
ImportantCVE-2022-42920 at SUSECVE-2022-42920 at NVDSUSE bug 1205125SUSE bug 1209316cpe:/o:suse:sll:7CVE-2022-42927SUSE Liberty Linux 7
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
ImportantCVE-2022-42927 at SUSECVE-2022-42927 at NVDSUSE bug 1204421cpe:/o:suse:sll:7CVE-2022-42928SUSE Liberty Linux 7
Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
ImportantCVE-2022-42928 at SUSECVE-2022-42928 at NVDSUSE bug 1204421cpe:/o:suse:sll:7CVE-2022-42929SUSE Liberty Linux 7
If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
ImportantCVE-2022-42929 at SUSECVE-2022-42929 at NVDSUSE bug 1204421cpe:/o:suse:sll:7CVE-2022-42932SUSE Liberty Linux 7
Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
ImportantCVE-2022-42932 at SUSECVE-2022-42932 at NVDSUSE bug 1204421cpe:/o:suse:sll:7CVE-2022-43552SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
ModerateCVE-2022-43552 at SUSECVE-2022-43552 at NVDSUSE bug 1206309cpe:/o:suse:sll:7CVE-2022-43750SUSE Liberty Linux 7
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
ModerateCVE-2022-43750 at SUSECVE-2022-43750 at NVDSUSE bug 1204653SUSE bug 1211484cpe:/o:suse:sll:7CVE-2022-4378SUSE Liberty Linux 7
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
ImportantCVE-2022-4378 at SUSECVE-2022-4378 at NVDSUSE bug 1206207SUSE bug 1206228SUSE bug 1208030SUSE bug 1208085SUSE bug 1209225SUSE bug 1211118SUSE bug 1214268SUSE bug 1218483SUSE bug 1218966cpe:/o:suse:sll:7CVE-2022-45403SUSE Liberty Linux 7
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45403 at SUSECVE-2022-45403 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45404SUSE Liberty Linux 7
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45404 at SUSECVE-2022-45404 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45405SUSE Liberty Linux 7
Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45405 at SUSECVE-2022-45405 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45406SUSE Liberty Linux 7
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45406 at SUSECVE-2022-45406 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45408SUSE Liberty Linux 7
Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45408 at SUSECVE-2022-45408 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45409SUSE Liberty Linux 7
The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45409 at SUSECVE-2022-45409 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45410SUSE Liberty Linux 7
When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45410 at SUSECVE-2022-45410 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45411SUSE Liberty Linux 7
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45411 at SUSECVE-2022-45411 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45412SUSE Liberty Linux 7
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45412 at SUSECVE-2022-45412 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45414SUSE Liberty Linux 7
If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.
ModerateCVE-2022-45414 at SUSECVE-2022-45414 at NVDSUSE bug 1205941cpe:/o:suse:sll:7CVE-2022-45416SUSE Liberty Linux 7
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45416 at SUSECVE-2022-45416 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45418SUSE Liberty Linux 7
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45418 at SUSECVE-2022-45418 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45420SUSE Liberty Linux 7
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45420 at SUSECVE-2022-45420 at NVDSUSE bug 1205270cpe:/o:suse:sll:7CVE-2022-45421SUSE Liberty Linux 7
Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CriticalCVE-2022-45421 at SUSECVE-2022-45421 at NVDSUSE bug 1205270SUSE bug 1206343cpe:/o:suse:sll:7CVE-2022-46329SUSE Liberty Linux 7
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2022-46329 at SUSECVE-2022-46329 at NVDcpe:/o:suse:sll:7CVE-2022-46340SUSE Liberty Linux 7
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
ImportantCVE-2022-46340 at SUSECVE-2022-46340 at NVDSUSE bug 1205874SUSE bug 1206822SUSE bug 1208344SUSE bug 1208653cpe:/o:suse:sll:7CVE-2022-46341SUSE Liberty Linux 7
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
ImportantCVE-2022-46341 at SUSECVE-2022-46341 at NVDSUSE bug 1205877SUSE bug 1208653cpe:/o:suse:sll:7CVE-2022-46342SUSE Liberty Linux 7
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
ModerateCVE-2022-46342 at SUSECVE-2022-46342 at NVDSUSE bug 1205879cpe:/o:suse:sll:7CVE-2022-46343SUSE Liberty Linux 7
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
ModerateCVE-2022-46343 at SUSECVE-2022-46343 at NVDSUSE bug 1205878cpe:/o:suse:sll:7CVE-2022-46344SUSE Liberty Linux 7
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
ModerateCVE-2022-46344 at SUSECVE-2022-46344 at NVDSUSE bug 1205876SUSE bug 1217766cpe:/o:suse:sll:7CVE-2022-46871SUSE Liberty Linux 7
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
ImportantCVE-2022-46871 at SUSECVE-2022-46871 at NVDSUSE bug 1206242cpe:/o:suse:sll:7CVE-2022-46872SUSE Liberty Linux 7
An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
ImportantCVE-2022-46872 at SUSECVE-2022-46872 at NVDSUSE bug 1206242cpe:/o:suse:sll:7CVE-2022-46874SUSE Liberty Linux 7
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.
ImportantCVE-2022-46874 at SUSECVE-2022-46874 at NVDSUSE bug 1206242SUSE bug 1206653cpe:/o:suse:sll:7CVE-2022-46877SUSE Liberty Linux 7
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.
ImportantCVE-2022-46877 at SUSECVE-2022-46877 at NVDSUSE bug 1206242cpe:/o:suse:sll:7CVE-2022-46878SUSE Liberty Linux 7
Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
ImportantCVE-2022-46878 at SUSECVE-2022-46878 at NVDSUSE bug 1206242cpe:/o:suse:sll:7CVE-2022-46880SUSE Liberty Linux 7
A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.
ImportantCVE-2022-46880 at SUSECVE-2022-46880 at NVDSUSE bug 1206242cpe:/o:suse:sll:7CVE-2022-46881SUSE Liberty Linux 7
An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.
*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.
ImportantCVE-2022-46881 at SUSECVE-2022-46881 at NVDSUSE bug 1206242cpe:/o:suse:sll:7CVE-2022-46882SUSE Liberty Linux 7
A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.
ImportantCVE-2022-46882 at SUSECVE-2022-46882 at NVDSUSE bug 1206242cpe:/o:suse:sll:7CVE-2022-47629SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
ImportantCVE-2022-47629 at SUSECVE-2022-47629 at NVDSUSE bug 1206579cpe:/o:suse:sll:7CVE-2022-48339SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.
ImportantCVE-2022-48339 at SUSECVE-2022-48339 at NVDSUSE bug 1208512SUSE bug 1211512cpe:/o:suse:sll:7CVE-2022-48701SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and
the number of it's interfaces less than 4, an out-of-bounds read bug occurs
when parsing the interface descriptor for this device.
Fix this by checking the number of interfaces.
LowCVE-2022-48701 at SUSECVE-2022-48701 at NVDSUSE bug 1223921CVE-2022-4883SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.
ImportantCVE-2022-4883 at SUSECVE-2022-4883 at NVDSUSE bug 1207031SUSE bug 1208055SUSE bug 1208351SUSE bug 1208654SUSE bug 1209322SUSE bug 1209940cpe:/o:suse:sll:7CVE-2022-48978SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
HID: core: fix shift-out-of-bounds in hid_report_raw_event
Syzbot reported shift-out-of-bounds in hid_report_raw_event.
microsoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) >
32! (swapper/0)
======================================================================
UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20
shift exponent 127 is too large for 32-bit type 'int'
CPU: 0 PID: 0 Comm: swapper/0 Not tainted
6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS
Google 10/26/2022
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:151 [inline]
__ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322
snto32 drivers/hid/hid-core.c:1323 [inline]
hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]
hid_process_report drivers/hid/hid-core.c:1665 [inline]
hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998
hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066
hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284
__usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671
dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988
call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers+0x76a/0x980 kernel/time/timer.c:1790
run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803
__do_softirq+0x277/0x75b kernel/softirq.c:571
__irq_exit_rcu+0xec/0x170 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107
======================================================================
If the size of the integer (unsigned n) is bigger than 32 in snto32(),
shift exponent will be too large for 32-bit type 'int', resulting in a
shift-out-of-bounds bug.
Fix this by adding a check on the size of the integer (unsigned n) in
snto32(). To add support for n greater than 32 bits, set n to 32, if n
is greater than 32.
ModerateCVE-2022-48978 at SUSECVE-2022-48978 at NVDSUSE bug 1232038CVE-2022-49788SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
`struct vmci_event_qp` allocated by qp_notify_peer() contains padding,
which may carry uninitialized data to the userspace, as observed by
KMSAN:
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121
instrument_copy_to_user ./include/linux/instrumented.h:121
_copy_to_user+0x5f/0xb0 lib/usercopy.c:33
copy_to_user ./include/linux/uaccess.h:169
vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431
vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925
vfs_ioctl fs/ioctl.c:51
...
Uninit was stored to memory at:
kmemdup+0x74/0xb0 mm/util.c:131
dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271
vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339
qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479
qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662
qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750
vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940
vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488
vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927
...
Local variable ev created at:
qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456
qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662
qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750
Bytes 28-31 of 48 are uninitialized
Memory access of size 48 starts at ffff888035155e00
Data copied to user address 0000000020000100
Use memset() to prevent the infoleaks.
Also speculatively fix qp_notify_peer_local(), which may suffer from the
same problem.
ModerateCVE-2022-49788 at SUSECVE-2022-49788 at NVDSUSE bug 1242353CVE-2022-50020SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid resizing to a partial cluster size
This patch avoids an attempt to resize the filesystem to an
unaligned cluster boundary. An online resize to a size that is not
integral to cluster size results in the last iteration attempting to
grow the fs by a negative amount, which trips a BUG_ON and leaves the fs
with a corrupted in-memory superblock.
ModerateCVE-2022-50020 at SUSECVE-2022-50020 at NVDSUSE bug 1245129SUSE bug 1245130CVE-2022-50022SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
drivers:md:fix a potential use-after-free bug
In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and
may cause sh to be released. However, sh is subsequently used in lines
2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an
use-after-free bug.
It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of
the function.
ModerateCVE-2022-50022 at SUSECVE-2022-50022 at NVDSUSE bug 1245131CVE-2022-50066SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net: atlantic: fix aq_vec index out of range error
The final update statement of the for loop exceeds the array range, the
dereference of self->aq_vec[i] is not checked and then leads to the
index out of range error.
Also fixed this kind of coding style in other for loop.
[ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48
[ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]'
[ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2
[ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022
[ 97.937611] Workqueue: events_unbound async_run_entry_fn
[ 97.937616] Call Trace:
[ 97.937617] <TASK>
[ 97.937619] dump_stack_lvl+0x49/0x63
[ 97.937624] dump_stack+0x10/0x16
[ 97.937626] ubsan_epilogue+0x9/0x3f
[ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49
[ 97.937629] ? __scm_send+0x348/0x440
[ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic]
[ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic]
[ 97.937644] aq_suspend_common+0x88/0x90 [atlantic]
[ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic]
[ 97.937653] pci_pm_suspend+0x7e/0x1a0
[ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0
[ 97.937657] dpm_run_callback+0x54/0x190
[ 97.937660] __device_suspend+0x14c/0x4d0
[ 97.937661] async_suspend+0x23/0x70
[ 97.937663] async_run_entry_fn+0x33/0x120
[ 97.937664] process_one_work+0x21f/0x3f0
[ 97.937666] worker_thread+0x4a/0x3c0
[ 97.937668] ? process_one_work+0x3f0/0x3f0
[ 97.937669] kthread+0xf0/0x120
[ 97.937671] ? kthread_complete_and_exit+0x20/0x20
[ 97.937672] ret_from_fork+0x22/0x30
[ 97.937676] </TASK>
v2. fixed "warning: variable 'aq_vec' set but not used"
v3. simplified a for loop
ModerateCVE-2022-50066 at SUSECVE-2022-50066 at NVDSUSE bug 1244985CVE-2022-50211SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
md-raid10: fix KASAN warning
There's a KASAN warning in raid10_remove_disk when running the lvm
test lvconvert-raid-reshape.sh. We fix this warning by verifying that the
value "number" is valid.
BUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10]
Read of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682
CPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
print_report.cold+0x45/0x57a
? __lock_text_start+0x18/0x18
? raid10_remove_disk+0x61/0x2a0 [raid10]
kasan_report+0xa8/0xe0
? raid10_remove_disk+0x61/0x2a0 [raid10]
raid10_remove_disk+0x61/0x2a0 [raid10]
Buffer I/O error on dev dm-76, logical block 15344, async page read
? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0
remove_and_add_spares+0x367/0x8a0 [md_mod]
? super_written+0x1c0/0x1c0 [md_mod]
? mutex_trylock+0xac/0x120
? _raw_spin_lock+0x72/0xc0
? _raw_spin_lock_bh+0xc0/0xc0
md_check_recovery+0x848/0x960 [md_mod]
raid10d+0xcf/0x3360 [raid10]
? sched_clock_cpu+0x185/0x1a0
? rb_erase+0x4d4/0x620
? var_wake_function+0xe0/0xe0
? psi_group_change+0x411/0x500
? preempt_count_sub+0xf/0xc0
? _raw_spin_lock_irqsave+0x78/0xc0
? __lock_text_start+0x18/0x18
? raid10_sync_request+0x36c0/0x36c0 [raid10]
? preempt_count_sub+0xf/0xc0
? _raw_spin_unlock_irqrestore+0x19/0x40
? del_timer_sync+0xa9/0x100
? try_to_del_timer_sync+0xc0/0xc0
? _raw_spin_lock_irqsave+0x78/0xc0
? __lock_text_start+0x18/0x18
? _raw_spin_unlock_irq+0x11/0x24
? __list_del_entry_valid+0x68/0xa0
? finish_wait+0xa3/0x100
md_thread+0x161/0x260 [md_mod]
? unregister_md_personality+0xa0/0xa0 [md_mod]
? _raw_spin_lock_irqsave+0x78/0xc0
? prepare_to_wait_event+0x2c0/0x2c0
? unregister_md_personality+0xa0/0xa0 [md_mod]
kthread+0x148/0x180
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x1f/0x30
</TASK>
Allocated by task 124495:
kasan_save_stack+0x1e/0x40
__kasan_kmalloc+0x80/0xa0
setup_conf+0x140/0x5c0 [raid10]
raid10_run+0x4cd/0x740 [raid10]
md_run+0x6f9/0x1300 [md_mod]
raid_ctr+0x2531/0x4ac0 [dm_raid]
dm_table_add_target+0x2b0/0x620 [dm_mod]
table_load+0x1c8/0x400 [dm_mod]
ctl_ioctl+0x29e/0x560 [dm_mod]
dm_compat_ctl_ioctl+0x7/0x20 [dm_mod]
__do_compat_sys_ioctl+0xfa/0x160
do_syscall_64+0x90/0xc0
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Last potentially related work creation:
kasan_save_stack+0x1e/0x40
__kasan_record_aux_stack+0x9e/0xc0
kvfree_call_rcu+0x84/0x480
timerfd_release+0x82/0x140
L __fput+0xfa/0x400
task_work_run+0x80/0xc0
exit_to_user_mode_prepare+0x155/0x160
syscall_exit_to_user_mode+0x12/0x40
do_syscall_64+0x42/0xc0
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Second to last potentially related work creation:
kasan_save_stack+0x1e/0x40
__kasan_record_aux_stack+0x9e/0xc0
kvfree_call_rcu+0x84/0x480
timerfd_release+0x82/0x140
__fput+0xfa/0x400
task_work_run+0x80/0xc0
exit_to_user_mode_prepare+0x155/0x160
syscall_exit_to_user_mode+0x12/0x40
do_syscall_64+0x42/0xc0
entry_SYSCALL_64_after_hwframe+0x46/0xb0
The buggy address belongs to the object at ffff889108f3d200
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 0 bytes to the right of
256-byte region [ffff889108f3d200, ffff889108f3d300)
The buggy address belongs to the physical page:
page:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c
head:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0
flags: 0x4000000000010200(slab|head|zone=2)
raw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40
raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff889108f3d280: 00 00
---truncated---
ModerateCVE-2022-50211 at SUSECVE-2022-50211 at NVDSUSE bug 1245140SUSE bug 1245141CVE-2022-50229SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ALSA: bcd2000: Fix a UAF bug on the error path of probing
When the driver fails in snd_card_register() at probe time, it will free
the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug.
The following log can reveal it:
[ 50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]
[ 50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0
[ 50.729530] Call Trace:
[ 50.732899] bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]
Fix this by adding usb_kill_urb() before usb_free_urb().
ModerateCVE-2022-50229 at SUSECVE-2022-50229 at NVDSUSE bug 1244856CVE-2022-50341SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix oops during encryption
When running xfstests against Azure the following oops occurred on an
arm64 system
Unable to handle kernel write to read-only memory at virtual address
ffff0001221cf000
Mem abort info:
ESR = 0x9600004f
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x0f: level 3 permission fault
Data abort info:
ISV = 0, ISS = 0x0000004f
CM = 0, WnR = 1
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000294f3000
[ffff0001221cf000] pgd=18000001ffff8003, p4d=18000001ffff8003,
pud=18000001ff82e003, pmd=18000001ff71d003, pte=00600001221cf787
Internal error: Oops: 9600004f [#1] PREEMPT SMP
...
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--)
pc : __memcpy+0x40/0x230
lr : scatterwalk_copychunks+0xe0/0x200
sp : ffff800014e92de0
x29: ffff800014e92de0 x28: ffff000114f9de80 x27: 0000000000000008
x26: 0000000000000008 x25: ffff800014e92e78 x24: 0000000000000008
x23: 0000000000000001 x22: 0000040000000000 x21: ffff000000000000
x20: 0000000000000001 x19: ffff0001037c4488 x18: 0000000000000014
x17: 235e1c0d6efa9661 x16: a435f9576b6edd6c x15: 0000000000000058
x14: 0000000000000001 x13: 0000000000000008 x12: ffff000114f2e590
x11: ffffffffffffffff x10: 0000040000000000 x9 : ffff8000105c3580
x8 : 2e9413b10000001a x7 : 534b4410fb86b005 x6 : 534b4410fb86b005
x5 : ffff0001221cf008 x4 : ffff0001037c4490 x3 : 0000000000000001
x2 : 0000000000000008 x1 : ffff0001037c4488 x0 : ffff0001221cf000
Call trace:
__memcpy+0x40/0x230
scatterwalk_map_and_copy+0x98/0x100
crypto_ccm_encrypt+0x150/0x180
crypto_aead_encrypt+0x2c/0x40
crypt_message+0x750/0x880
smb3_init_transform_rq+0x298/0x340
smb_send_rqst.part.11+0xd8/0x180
smb_send_rqst+0x3c/0x100
compound_send_recv+0x534/0xbc0
smb2_query_info_compound+0x32c/0x440
smb2_set_ea+0x438/0x4c0
cifs_xattr_set+0x5d4/0x7c0
This is because in scatterwalk_copychunks(), we attempted to write to
a buffer (@sign) that was allocated in the stack (vmalloc area) by
crypt_message() and thus accessing its remaining 8 (x2) bytes ended up
crossing a page boundary.
To simply fix it, we could just pass @sign kmalloc'd from
crypt_message() and then we're done. Luckily, we don't seem to pass
any other vmalloc'd buffers in smb_rqst::rq_iov...
Instead, let's map the correct pages and offsets from vmalloc buffers
as well in cifs_sg_set_buf() and then avoiding such oopses.
ModerateCVE-2022-50341 at SUSECVE-2022-50341 at NVDCVE-2022-50356SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net: sched: sfb: fix null pointer access issue when sfb_init() fails
When the default qdisc is sfb, if the qdisc of dev_queue fails to be
inited during mqprio_init(), sfb_reset() is invoked to clear resources.
In this case, the q->qdisc is NULL, and it will cause gpf issue.
The process is as follows:
qdisc_create_dflt()
sfb_init()
tcf_block_get() --->failed, q->qdisc is NULL
...
qdisc_put()
...
sfb_reset()
qdisc_reset(q->qdisc) --->q->qdisc is NULL
ops = qdisc->ops
The following is the Call Trace information:
general protection fault, probably for non-canonical address
0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
RIP: 0010:qdisc_reset+0x2b/0x6f0
Call Trace:
<TASK>
sfb_reset+0x37/0xd0
qdisc_reset+0xed/0x6f0
qdisc_destroy+0x82/0x4c0
qdisc_put+0x9e/0xb0
qdisc_create_dflt+0x2c3/0x4a0
mqprio_init+0xa71/0x1760
qdisc_create+0x3eb/0x1000
tc_modify_qdisc+0x408/0x1720
rtnetlink_rcv_msg+0x38e/0xac0
netlink_rcv_skb+0x12d/0x3a0
netlink_unicast+0x4a2/0x740
netlink_sendmsg+0x826/0xcc0
sock_sendmsg+0xc5/0x100
____sys_sendmsg+0x583/0x690
___sys_sendmsg+0xe8/0x160
__sys_sendmsg+0xbf/0x160
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f2164122d04
</TASK>
ModerateCVE-2022-50356 at SUSECVE-2022-50356 at NVDSUSE bug 1250040CVE-2022-50367SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
fs: fix UAF/GPF bug in nilfs_mdt_destroy
In alloc_inode, inode_init_always() could return -ENOMEM if
security_inode_alloc() fails, which causes inode->i_private
uninitialized. Then nilfs_is_metadata_file_inode() returns
true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),
which frees the uninitialized inode->i_private
and leads to crashes(e.g., UAF/GPF).
Fix this by moving security_inode_alloc just prior to
this_cpu_inc(nr_inodes)
ImportantCVE-2022-50367 at SUSECVE-2022-50367 at NVDSUSE bug 1247374SUSE bug 1250277CVE-2022-50386SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix user-after-free
This uses l2cap_chan_hold_unless_zero() after calling
__l2cap_get_chan_blah() to prevent the following trace:
Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref
*kref)
Bluetooth: chan 0000000023c4974d
Bluetooth: parent 00000000ae861c08
==================================================================
BUG: KASAN: use-after-free in __mutex_waiter_is_first
kernel/locking/mutex.c:191 [inline]
BUG: KASAN: use-after-free in __mutex_lock_common
kernel/locking/mutex.c:671 [inline]
BUG: KASAN: use-after-free in __mutex_lock+0x278/0x400
kernel/locking/mutex.c:729
Read of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389
ImportantCVE-2022-50386 at SUSECVE-2022-50386 at NVDSUSE bug 1247374SUSE bug 1250301SUSE bug 1250302CVE-2022-50403SUSE Liberty Linux 7 LTSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ModerateCVE-2022-50403 at SUSECVE-2022-50403 at NVDSUSE bug 1250143CVE-2022-50406SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
iomap: iomap: fix memory corruption when recording errors during writeback
Every now and then I see this crash on arm64:
Unable to handle kernel NULL pointer dereference at virtual address 00000000000000f8
Buffer I/O error on dev dm-0, logical block 8733687, async page read
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
user pgtable: 64k pages, 42-bit VAs, pgdp=0000000139750000
[00000000000000f8] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000, pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Buffer I/O error on dev dm-0, logical block 8733688, async page read
Dumping ftrace buffer:
Buffer I/O error on dev dm-0, logical block 8733689, async page read
(ftrace buffer empty)
XFS (dm-0): log I/O error -5
Modules linked in: dm_thin_pool dm_persistent_data
XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ec/0x590 [xfs] (fs/xfs/xfs_trans_buf.c:296).
dm_bio_prison
XFS (dm-0): Please unmount the filesystem and rectify the problem(s)
XFS (dm-0): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -5, agno 0
dm_bufio dm_log_writes xfs nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_REJECT
potentially unexpected fatal signal 6.
nf_reject_ipv6
potentially unexpected fatal signal 6.
ipt_REJECT nf_reject_ipv4
CPU: 1 PID: 122166 Comm: fsstress Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7
rpcsec_gss_krb5 auth_rpcgss xt_tcpudp ip_set_hash_ip ip_set_hash_net xt_set nft_compat ip_set_hash_mac ip_set nf_tables
Hardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021
pstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)
ip_tables
pc : 000003fd6d7df200
x_tables
lr : 000003fd6d7df1ec
overlay nfsv4
CPU: 0 PID: 54031 Comm: u4:3 Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7405
Hardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021
Workqueue: writeback wb_workfn
sp : 000003ffd9522fd0
(flush-253:0)
pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : errseq_set+0x1c/0x100
x29: 000003ffd9522fd0 x28: 0000000000000023 x27: 000002acefeb6780
x26: 0000000000000005 x25: 0000000000000001 x24: 0000000000000000
x23: 00000000ffffffff x22: 0000000000000005
lr : __filemap_set_wb_err+0x24/0xe0
x21: 0000000000000006
sp : fffffe000f80f760
x29: fffffe000f80f760 x28: 0000000000000003 x27: fffffe000f80f9f8
x26: 0000000002523000 x25: 00000000fffffffb x24: fffffe000f80f868
x23: fffffe000f80fbb0 x22: fffffc0180c26a78 x21: 0000000002530000
x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000001 x13: 0000000000470af3 x12: fffffc0058f70000
x11: 0000000000000040 x10: 0000000000001b20 x9 : fffffe000836b288
x8 : fffffc00eb9fd480 x7 : 0000000000f83659 x6 : 0000000000000000
x5 : 0000000000000869 x4 : 0000000000000005 x3 : 00000000000000f8
x20: 000003fd6d740020 x19: 000000000001dd36 x18: 0000000000000001
x17: 000003fd6d78704c x16: 0000000000000001 x15: 000002acfac87668
x2 : 0000000000000ffa x1 : 00000000fffffffb x0 : 00000000000000f8
Call trace:
errseq_set+0x1c/0x100
__filemap_set_wb_err+0x24/0xe0
iomap_do_writepage+0x5e4/0xd5c
write_cache_pages+0x208/0x674
iomap_writepages+0x34/0x60
xfs_vm_writepages+0x8c/0xcc [xfs 7a861f39c43631f15d3a5884246ba5035d4ca78b]
x14: 0000000000000000 x13: 2064656e72757465 x12: 0000000000002180
x11: 000003fd6d8a82d0 x10: 0000000000000000 x9 : 000003fd6d8ae288
x8 : 0000000000000083 x7 : 00000000ffffffff x6 : 00000000ffffffee
x5 : 00000000fbad2887 x4 : 000003fd6d9abb58 x3 : 000003fd6d740020
x2 : 0000000000000006 x1 : 000000000001dd36 x0 : 0000000000000000
CPU:
---truncated---
ModerateCVE-2022-50406 at SUSECVE-2022-50406 at NVDSUSE bug 1250165CVE-2022-50408SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
> ret = brcmf_proto_tx_queue_data(drvr, ifp->ifidx, skb);
may be schedule, and then complete before the line
> ndev->stats.tx_bytes += skb->len;
[ 46.912801] ==================================================================
[ 46.920552] BUG: KASAN: use-after-free in brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]
[ 46.928673] Read of size 4 at addr ffffff803f5882e8 by task systemd-resolve/328
[ 46.935991]
[ 46.937514] CPU: 1 PID: 328 Comm: systemd-resolve Tainted: G O 5.4.199-[REDACTED] #1
[ 46.947255] Hardware name: [REDACTED]
[ 46.954568] Call trace:
[ 46.957037] dump_backtrace+0x0/0x2b8
[ 46.960719] show_stack+0x24/0x30
[ 46.964052] dump_stack+0x128/0x194
[ 46.967557] print_address_description.isra.0+0x64/0x380
[ 46.972877] __kasan_report+0x1d4/0x240
[ 46.976723] kasan_report+0xc/0x18
[ 46.980138] __asan_report_load4_noabort+0x18/0x20
[ 46.985027] brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]
[ 46.990613] dev_hard_start_xmit+0x1bc/0xda0
[ 46.994894] sch_direct_xmit+0x198/0xd08
[ 46.998827] __qdisc_run+0x37c/0x1dc0
[ 47.002500] __dev_queue_xmit+0x1528/0x21f8
[ 47.006692] dev_queue_xmit+0x24/0x30
[ 47.010366] neigh_resolve_output+0x37c/0x678
[ 47.014734] ip_finish_output2+0x598/0x2458
[ 47.018927] __ip_finish_output+0x300/0x730
[ 47.023118] ip_output+0x2e0/0x430
[ 47.026530] ip_local_out+0x90/0x140
[ 47.030117] igmpv3_sendpack+0x14c/0x228
[ 47.034049] igmpv3_send_cr+0x384/0x6b8
[ 47.037895] igmp_ifc_timer_expire+0x4c/0x118
[ 47.042262] call_timer_fn+0x1cc/0xbe8
[ 47.046021] __run_timers+0x4d8/0xb28
[ 47.049693] run_timer_softirq+0x24/0x40
[ 47.053626] __do_softirq+0x2c0/0x117c
[ 47.057387] irq_exit+0x2dc/0x388
[ 47.060715] __handle_domain_irq+0xb4/0x158
[ 47.064908] gic_handle_irq+0x58/0xb0
[ 47.068581] el0_irq_naked+0x50/0x5c
[ 47.072162]
[ 47.073665] Allocated by task 328:
[ 47.077083] save_stack+0x24/0xb0
[ 47.080410] __kasan_kmalloc.isra.0+0xc0/0xe0
[ 47.084776] kasan_slab_alloc+0x14/0x20
[ 47.088622] kmem_cache_alloc+0x15c/0x468
[ 47.092643] __alloc_skb+0xa4/0x498
[ 47.096142] igmpv3_newpack+0x158/0xd78
[ 47.099987] add_grhead+0x210/0x288
[ 47.103485] add_grec+0x6b0/0xb70
[ 47.106811] igmpv3_send_cr+0x2e0/0x6b8
[ 47.110657] igmp_ifc_timer_expire+0x4c/0x118
[ 47.115027] call_timer_fn+0x1cc/0xbe8
[ 47.118785] __run_timers+0x4d8/0xb28
[ 47.122457] run_timer_softirq+0x24/0x40
[ 47.126389] __do_softirq+0x2c0/0x117c
[ 47.130142]
[ 47.131643] Freed by task 180:
[ 47.134712] save_stack+0x24/0xb0
[ 47.138041] __kasan_slab_free+0x108/0x180
[ 47.142146] kasan_slab_free+0x10/0x18
[ 47.145904] slab_free_freelist_hook+0xa4/0x1b0
[ 47.150444] kmem_cache_free+0x8c/0x528
[ 47.154292] kfree_skbmem+0x94/0x108
[ 47.157880] consume_skb+0x10c/0x5a8
[ 47.161466] __dev_kfree_skb_any+0x88/0xa0
[ 47.165598] brcmu_pkt_buf_free_skb+0x44/0x68 [brcmutil]
[ 47.171023] brcmf_txfinalize+0xec/0x190 [brcmfmac]
[ 47.176016] brcmf_proto_bcdc_txcomplete+0x1c0/0x210 [brcmfmac]
[ 47.182056] brcmf_sdio_sendfromq+0x8dc/0x1e80 [brcmfmac]
[ 47.187568] brcmf_sdio_dpc+0xb48/0x2108 [brcmfmac]
[ 47.192529] brcmf_sdio_dataworker+0xc8/0x238 [brcmfmac]
[ 47.197859] process_one_work+0x7fc/0x1a80
[ 47.201965] worker_thread+0x31c/0xc40
[ 47.205726] kthread+0x2d8/0x370
[ 47.208967] ret_from_fork+0x10/0x18
[ 47.212546]
[ 47.214051] The buggy address belongs to the object at ffffff803f588280
[ 47.214051] which belongs to the cache skbuff_head_cache of size 208
[ 47.227086] The buggy address is located 104 bytes inside of
[ 47.227086] 208-byte region [ffffff803f588280, ffffff803f588350)
[ 47.238814] The buggy address belongs to the page:
[ 47.243618] page:ffffffff00dd6200 refcount:1 mapcou
---truncated---
ImportantCVE-2022-50408 at SUSECVE-2022-50408 at NVDSUSE bug 1250391SUSE bug 1250419CVE-2022-50410SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Protect against send buffer overflow in NFSv2 READ
Since before the git era, NFSD has conserved the number of pages
held by each nfsd thread by combining the RPC receive and send
buffers into a single array of pages. This works because there are
no cases where an operation needs a large RPC Call message and a
large RPC Reply at the same time.
Once an RPC Call has been received, svc_process() updates
svc_rqst::rq_res to describe the part of rq_pages that can be
used for constructing the Reply. This means that the send buffer
(rq_res) shrinks when the received RPC record containing the RPC
Call is large.
A client can force this shrinkage on TCP by sending a correctly-
formed RPC Call header contained in an RPC record that is
excessively large. The full maximum payload size cannot be
constructed in that case.
ModerateCVE-2022-50410 at SUSECVE-2022-50410 at NVDSUSE bug 1250187CVE-2022-50673SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free in ext4_orphan_cleanup
I caught a issue as follows:
==================================================================
BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0
Read of size 8 at addr ffff88814b13f378 by task mount/710
CPU: 1 PID: 710 Comm: mount Not tainted 6.1.0-rc3-next #370
Call Trace:
<TASK>
dump_stack_lvl+0x73/0x9f
print_report+0x25d/0x759
kasan_report+0xc0/0x120
__asan_load8+0x99/0x140
__list_add_valid+0x28/0x1a0
ext4_orphan_cleanup+0x564/0x9d0 [ext4]
__ext4_fill_super+0x48e2/0x5300 [ext4]
ext4_fill_super+0x19f/0x3a0 [ext4]
get_tree_bdev+0x27b/0x450
ext4_get_tree+0x19/0x30 [ext4]
vfs_get_tree+0x49/0x150
path_mount+0xaae/0x1350
do_mount+0xe2/0x110
__x64_sys_mount+0xf0/0x190
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
</TASK>
[...]
==================================================================
Above issue may happen as follows:
-------------------------------------
ext4_fill_super
ext4_orphan_cleanup
--- loop1: assume last_orphan is 12 ---
list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan)
ext4_truncate --> return 0
ext4_inode_attach_jinode --> return -ENOMEM
iput(inode) --> free inode<12>
--- loop2: last_orphan is still 12 ---
list_add(&EXT4_I(inode)->i_orphan, &EXT4_SB(sb)->s_orphan);
// use inode<12> and trigger UAF
To solve this issue, we need to propagate the return value of
ext4_inode_attach_jinode() appropriately.
ImportantCVE-2022-50673 at SUSECVE-2022-50673 at NVDSUSE bug 1255521SUSE bug 1255522CVE-2023-0286SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
ImportantCVE-2023-0286 at SUSECVE-2023-0286 at NVDSUSE bug 1207533SUSE bug 1207569SUSE bug 1211136SUSE bug 1211503SUSE bug 1213146SUSE bug 1214269SUSE bug 1218477SUSE bug 1218967SUSE bug 1225677cpe:/o:suse:sll:7CVE-2023-0430SUSE Liberty Linux 7
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.
ImportantCVE-2023-0430 at SUSECVE-2023-0430 at NVDSUSE bug 1207858cpe:/o:suse:sll:7CVE-2023-0494SUSE Liberty Linux 7
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
ImportantCVE-2023-0494 at SUSECVE-2023-0494 at NVDSUSE bug 1207783SUSE bug 1208344SUSE bug 1209331SUSE bug 1211551cpe:/o:suse:sll:7CVE-2023-0547SUSE Liberty Linux 7
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.
ModerateCVE-2023-0547 at SUSECVE-2023-0547 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-0616SUSE Liberty Linux 7
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.
CriticalCVE-2023-0616 at SUSECVE-2023-0616 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-0767SUSE Liberty Linux 7
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
ImportantCVE-2023-0767 at SUSECVE-2023-0767 at NVDSUSE bug 1208138SUSE bug 1213200SUSE bug 1213818SUSE bug 1214271SUSE bug 1218481SUSE bug 1218964SUSE bug 1225630cpe:/o:suse:sll:7CVE-2023-1393SUSE Liberty Linux 7
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
ImportantCVE-2023-1393 at SUSECVE-2023-1393 at NVDSUSE bug 1209543SUSE bug 1210895SUSE bug 1211551cpe:/o:suse:sll:7CVE-2023-1945SUSE Liberty Linux 7
Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.
ModerateCVE-2023-1945 at SUSECVE-2023-1945 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-1999SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
ImportantCVE-2023-1999 at SUSECVE-2023-1999 at NVDSUSE bug 1213054SUSE bug 1217159cpe:/o:suse:sll:7CVE-2023-2002SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
ImportantCVE-2023-2002 at SUSECVE-2023-2002 at NVDSUSE bug 1210533SUSE bug 1210566cpe:/o:suse:sll:7CVE-2023-20569SUSE Liberty Linux 7
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
ModerateCVE-2023-20569 at SUSECVE-2023-20569 at NVDSUSE bug 1213287cpe:/o:suse:sll:7CVE-2023-20592SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
ModerateCVE-2023-20592 at SUSECVE-2023-20592 at NVDSUSE bug 1215823cpe:/o:suse:sll:7CVE-2023-20593SUSE Liberty Linux 7
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
ModerateCVE-2023-20593 at SUSECVE-2023-20593 at NVDSUSE bug 1213286SUSE bug 1213616SUSE bug 1215674cpe:/o:suse:sll:7CVE-2023-20867SUSE Liberty Linux 7
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
ModerateCVE-2023-20867 at SUSECVE-2023-20867 at NVDSUSE bug 1212143SUSE bug 1214402cpe:/o:suse:sll:7CVE-2023-20900SUSE Liberty Linux 7
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
ImportantCVE-2023-20900 at SUSECVE-2023-20900 at NVDSUSE bug 1214566SUSE bug 1216432SUSE bug 1216433SUSE bug 1225628SUSE bug 1228309cpe:/o:suse:sll:7CVE-2023-21830SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-21830 at SUSECVE-2023-21830 at NVDSUSE bug 1207249cpe:/o:suse:sll:7CVE-2023-21835SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-21835 at SUSECVE-2023-21835 at NVDSUSE bug 1207246cpe:/o:suse:sll:7CVE-2023-21843SUSE Liberty Linux 7
Unknown.
LowCVE-2023-21843 at SUSECVE-2023-21843 at NVDSUSE bug 1207248cpe:/o:suse:sll:7CVE-2023-21930SUSE Liberty Linux 7
Unknown.
ImportantCVE-2023-21930 at SUSECVE-2023-21930 at NVDSUSE bug 1210628cpe:/o:suse:sll:7CVE-2023-21937SUSE Liberty Linux 7
Unknown.
LowCVE-2023-21937 at SUSECVE-2023-21937 at NVDSUSE bug 1210631cpe:/o:suse:sll:7CVE-2023-21938SUSE Liberty Linux 7
Unknown.
LowCVE-2023-21938 at SUSECVE-2023-21938 at NVDSUSE bug 1210632cpe:/o:suse:sll:7CVE-2023-21939SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-21939 at SUSECVE-2023-21939 at NVDSUSE bug 1210634cpe:/o:suse:sll:7CVE-2023-21954SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-21954 at SUSECVE-2023-21954 at NVDSUSE bug 1210635cpe:/o:suse:sll:7CVE-2023-21967SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-21967 at SUSECVE-2023-21967 at NVDSUSE bug 1210636cpe:/o:suse:sll:7CVE-2023-21968SUSE Liberty Linux 7
Unknown.
LowCVE-2023-21968 at SUSECVE-2023-21968 at NVDSUSE bug 1210637cpe:/o:suse:sll:7CVE-2023-22006SUSE Liberty Linux 7
Unknown.
LowCVE-2023-22006 at SUSECVE-2023-22006 at NVDSUSE bug 1213473cpe:/o:suse:sll:7CVE-2023-22036SUSE Liberty Linux 7
Unknown.
LowCVE-2023-22036 at SUSECVE-2023-22036 at NVDSUSE bug 1213474cpe:/o:suse:sll:7CVE-2023-22041SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-22041 at SUSECVE-2023-22041 at NVDSUSE bug 1213475cpe:/o:suse:sll:7CVE-2023-22045SUSE Liberty Linux 7
Unknown.
LowCVE-2023-22045 at SUSECVE-2023-22045 at NVDSUSE bug 1213481cpe:/o:suse:sll:7CVE-2023-22049SUSE Liberty Linux 7
Unknown.
LowCVE-2023-22049 at SUSECVE-2023-22049 at NVDSUSE bug 1213482cpe:/o:suse:sll:7CVE-2023-22067SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-22067 at SUSECVE-2023-22067 at NVDSUSE bug 1216379cpe:/o:suse:sll:7CVE-2023-22081SUSE Liberty Linux 7
Unknown.
ModerateCVE-2023-22081 at SUSECVE-2023-22081 at NVDSUSE bug 1216374cpe:/o:suse:sll:7CVE-2023-22809SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
ImportantCVE-2023-22809 at SUSECVE-2023-22809 at NVDSUSE bug 1207082SUSE bug 1208053SUSE bug 1209326SUSE bug 1214446SUSE bug 1225623cpe:/o:suse:sll:7CVE-2023-23598SUSE Liberty Linux 7
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
ImportantCVE-2023-23598 at SUSECVE-2023-23598 at NVDSUSE bug 1207119cpe:/o:suse:sll:7CVE-2023-23599SUSE Liberty Linux 7
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
ImportantCVE-2023-23599 at SUSECVE-2023-23599 at NVDSUSE bug 1207119cpe:/o:suse:sll:7CVE-2023-23601SUSE Liberty Linux 7
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
ImportantCVE-2023-23601 at SUSECVE-2023-23601 at NVDSUSE bug 1207119cpe:/o:suse:sll:7CVE-2023-23602SUSE Liberty Linux 7
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
ImportantCVE-2023-23602 at SUSECVE-2023-23602 at NVDSUSE bug 1207119cpe:/o:suse:sll:7CVE-2023-23603SUSE Liberty Linux 7
Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
ImportantCVE-2023-23603 at SUSECVE-2023-23603 at NVDSUSE bug 1207119cpe:/o:suse:sll:7CVE-2023-23605SUSE Liberty Linux 7
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
ImportantCVE-2023-23605 at SUSECVE-2023-23605 at NVDSUSE bug 1207119cpe:/o:suse:sll:7CVE-2023-24329SUSE Liberty Linux 7
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
ImportantCVE-2023-24329 at SUSECVE-2023-24329 at NVDSUSE bug 1208471SUSE bug 1213553SUSE bug 1213554SUSE bug 1213839SUSE bug 1225672cpe:/o:suse:sll:7CVE-2023-25193SUSE Liberty Linux 7
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
ImportantCVE-2023-25193 at SUSECVE-2023-25193 at NVDSUSE bug 1207922SUSE bug 1213939cpe:/o:suse:sll:7CVE-2023-25652SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.
ImportantCVE-2023-25652 at SUSECVE-2023-25652 at NVDSUSE bug 1210686cpe:/o:suse:sll:7CVE-2023-25690SUSE Liberty Linux 7
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/
Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
ImportantCVE-2023-25690 at SUSECVE-2023-25690 at NVDSUSE bug 1209047SUSE bug 1212409SUSE bug 1212865cpe:/o:suse:sll:7CVE-2023-25728SUSE Liberty Linux 7
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25728 at SUSECVE-2023-25728 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25729SUSE Liberty Linux 7
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25729 at SUSECVE-2023-25729 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25730SUSE Liberty Linux 7
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25730 at SUSECVE-2023-25730 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25732SUSE Liberty Linux 7
When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25732 at SUSECVE-2023-25732 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25735SUSE Liberty Linux 7
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25735 at SUSECVE-2023-25735 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25737SUSE Liberty Linux 7
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25737 at SUSECVE-2023-25737 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25739SUSE Liberty Linux 7
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25739 at SUSECVE-2023-25739 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25742SUSE Liberty Linux 7
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CriticalCVE-2023-25742 at SUSECVE-2023-25742 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25743SUSE Liberty Linux 7
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
CriticalCVE-2023-25743 at SUSECVE-2023-25743 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25744SUSE Liberty Linux 7
Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
CriticalCVE-2023-25744 at SUSECVE-2023-25744 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25746SUSE Liberty Linux 7
Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.
CriticalCVE-2023-25746 at SUSECVE-2023-25746 at NVDSUSE bug 1208144cpe:/o:suse:sll:7CVE-2023-25751SUSE Liberty Linux 7
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
ImportantCVE-2023-25751 at SUSECVE-2023-25751 at NVDSUSE bug 1209173cpe:/o:suse:sll:7CVE-2023-25752SUSE Liberty Linux 7
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
ImportantCVE-2023-25752 at SUSECVE-2023-25752 at NVDSUSE bug 1209173cpe:/o:suse:sll:7CVE-2023-25775SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
ModerateCVE-2023-25775 at SUSECVE-2023-25775 at NVDSUSE bug 1216959cpe:/o:suse:sll:7CVE-2023-26604SUSE Liberty Linux 7 LTSS
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
ImportantCVE-2023-26604 at SUSECVE-2023-26604 at NVDSUSE bug 1208958SUSE bug 1210451CVE-2023-28162SUSE Liberty Linux 7
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
ImportantCVE-2023-28162 at SUSECVE-2023-28162 at NVDSUSE bug 1209173cpe:/o:suse:sll:7CVE-2023-28164SUSE Liberty Linux 7
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
ImportantCVE-2023-28164 at SUSECVE-2023-28164 at NVDSUSE bug 1209173cpe:/o:suse:sll:7CVE-2023-28176SUSE Liberty Linux 7
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
ImportantCVE-2023-28176 at SUSECVE-2023-28176 at NVDSUSE bug 1209173cpe:/o:suse:sll:7CVE-2023-2828SUSE Liberty Linux 7
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.
It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.
This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
ImportantCVE-2023-2828 at SUSECVE-2023-2828 at NVDSUSE bug 1212544SUSE bug 1216764cpe:/o:suse:sll:7CVE-2023-28427SUSE Liberty Linux 7
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.
ImportantCVE-2023-28427 at SUSECVE-2023-28427 at NVDSUSE bug 1209953cpe:/o:suse:sll:7CVE-2023-29007SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.
ImportantCVE-2023-29007 at SUSECVE-2023-29007 at NVDSUSE bug 1210686cpe:/o:suse:sll:7CVE-2023-29479SUSE Liberty Linux 7
Ribose RNP before 0.16.3 may hang when the input is malformed.
ModerateCVE-2023-29479 at SUSECVE-2023-29479 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-29533SUSE Liberty Linux 7
A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
ModerateCVE-2023-29533 at SUSECVE-2023-29533 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-29535SUSE Liberty Linux 7
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
ModerateCVE-2023-29535 at SUSECVE-2023-29535 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-29536SUSE Liberty Linux 7
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
ModerateCVE-2023-29536 at SUSECVE-2023-29536 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-29539SUSE Liberty Linux 7
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
ModerateCVE-2023-29539 at SUSECVE-2023-29539 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-29541SUSE Liberty Linux 7
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
ModerateCVE-2023-29541 at SUSECVE-2023-29541 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-29548SUSE Liberty Linux 7
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
ModerateCVE-2023-29548 at SUSECVE-2023-29548 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-29550SUSE Liberty Linux 7
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
ModerateCVE-2023-29550 at SUSECVE-2023-29550 at NVDSUSE bug 1210212cpe:/o:suse:sll:7CVE-2023-31315SUSE Liberty Linux 7 LTSS
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
ImportantCVE-2023-31315 at SUSECVE-2023-31315 at NVDSUSE bug 1229069CVE-2023-31484SUSE Liberty Linux 7 LTSS
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
ImportantCVE-2023-31484 at SUSECVE-2023-31484 at NVDSUSE bug 1210999CVE-2023-32067SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
ImportantCVE-2023-32067 at SUSECVE-2023-32067 at NVDSUSE bug 1211604cpe:/o:suse:sll:7CVE-2023-32205SUSE Liberty Linux 7
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CriticalCVE-2023-32205 at SUSECVE-2023-32205 at NVDSUSE bug 1211175cpe:/o:suse:sll:7CVE-2023-32206SUSE Liberty Linux 7
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CriticalCVE-2023-32206 at SUSECVE-2023-32206 at NVDSUSE bug 1211175cpe:/o:suse:sll:7CVE-2023-32207SUSE Liberty Linux 7
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CriticalCVE-2023-32207 at SUSECVE-2023-32207 at NVDSUSE bug 1211175cpe:/o:suse:sll:7CVE-2023-32211SUSE Liberty Linux 7
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CriticalCVE-2023-32211 at SUSECVE-2023-32211 at NVDSUSE bug 1211175cpe:/o:suse:sll:7CVE-2023-32212SUSE Liberty Linux 7
An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CriticalCVE-2023-32212 at SUSECVE-2023-32212 at NVDSUSE bug 1211175cpe:/o:suse:sll:7CVE-2023-32213SUSE Liberty Linux 7
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CriticalCVE-2023-32213 at SUSECVE-2023-32213 at NVDSUSE bug 1211175cpe:/o:suse:sll:7CVE-2023-32215SUSE Liberty Linux 7
Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CriticalCVE-2023-32215 at SUSECVE-2023-32215 at NVDSUSE bug 1211175cpe:/o:suse:sll:7CVE-2023-32233SUSE Liberty Linux 7
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
ImportantCVE-2023-32233 at SUSECVE-2023-32233 at NVDSUSE bug 1211043SUSE bug 1211187cpe:/o:suse:sll:7CVE-2023-32360SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.
ModerateCVE-2023-32360 at SUSECVE-2023-32360 at NVDSUSE bug 1214254cpe:/o:suse:sll:7CVE-2023-3341SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
ImportantCVE-2023-3341 at SUSECVE-2023-3341 at NVDSUSE bug 1215472SUSE bug 1216764SUSE bug 1217453SUSE bug 1217551SUSE bug 1217600SUSE bug 1221586SUSE bug 1223092cpe:/o:suse:sll:7CVE-2023-34058SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
ImportantCVE-2023-34058 at SUSECVE-2023-34058 at NVDSUSE bug 1216432SUSE bug 1216433SUSE bug 1228309cpe:/o:suse:sll:7CVE-2023-34059SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
ImportantCVE-2023-34059 at SUSECVE-2023-34059 at NVDSUSE bug 1216433SUSE bug 1225967cpe:/o:suse:sll:7CVE-2023-3417SUSE Liberty Linux 7
Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.
ImportantCVE-2023-3417 at SUSECVE-2023-3417 at NVDSUSE bug 1213658cpe:/o:suse:sll:7CVE-2023-34414SUSE Liberty Linux 7
The error page for sites with invalid TLS certificates was missing the
activation-delay Firefox uses to protect prompts and permission dialogs
from attacks that exploit human response time delays. If a malicious
page elicited user clicks in precise locations immediately before
navigating to a site with a certificate error and made the renderer
extremely busy at the same time, it could create a gap between when
the error page was loaded and when the display actually refreshed.
With the right timing the elicited clicks could land in that gap and
activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
ImportantCVE-2023-34414 at SUSECVE-2023-34414 at NVDSUSE bug 1211922cpe:/o:suse:sll:7CVE-2023-34416SUSE Liberty Linux 7
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
ImportantCVE-2023-34416 at SUSECVE-2023-34416 at NVDSUSE bug 1211922cpe:/o:suse:sll:7CVE-2023-34440SUSE Liberty Linux 7 LTSS
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2023-34440 at SUSECVE-2023-34440 at NVDCVE-2023-35001SUSE Liberty Linux 7
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
ImportantCVE-2023-35001 at SUSECVE-2023-35001 at NVDSUSE bug 1213059SUSE bug 1213063SUSE bug 1217531cpe:/o:suse:sll:7CVE-2023-35788SUSE Liberty Linux 7
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
ImportantCVE-2023-35788 at SUSECVE-2023-35788 at NVDSUSE bug 1212504SUSE bug 1212509cpe:/o:suse:sll:7CVE-2023-3600SUSE Liberty Linux 7
During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
ImportantCVE-2023-3600 at SUSECVE-2023-3600 at NVDSUSE bug 1213230cpe:/o:suse:sll:7CVE-2023-3609SUSE Liberty Linux 7
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
ImportantCVE-2023-3609 at SUSECVE-2023-3609 at NVDSUSE bug 1213586SUSE bug 1213587SUSE bug 1217444SUSE bug 1217531cpe:/o:suse:sll:7CVE-2023-3611SUSE Liberty Linux 7
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
ModerateCVE-2023-3611 at SUSECVE-2023-3611 at NVDSUSE bug 1213585SUSE bug 1223091SUSE bug 1223973cpe:/o:suse:sll:7CVE-2023-37201SUSE Liberty Linux 7
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
ImportantCVE-2023-37201 at SUSECVE-2023-37201 at NVDSUSE bug 1212438cpe:/o:suse:sll:7CVE-2023-37202SUSE Liberty Linux 7
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
ImportantCVE-2023-37202 at SUSECVE-2023-37202 at NVDSUSE bug 1212438cpe:/o:suse:sll:7CVE-2023-37207SUSE Liberty Linux 7
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
ImportantCVE-2023-37207 at SUSECVE-2023-37207 at NVDSUSE bug 1212438cpe:/o:suse:sll:7CVE-2023-37208SUSE Liberty Linux 7
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
ImportantCVE-2023-37208 at SUSECVE-2023-37208 at NVDSUSE bug 1212438cpe:/o:suse:sll:7CVE-2023-37211SUSE Liberty Linux 7
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
ImportantCVE-2023-37211 at SUSECVE-2023-37211 at NVDSUSE bug 1212438cpe:/o:suse:sll:7CVE-2023-37460SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
ImportantCVE-2023-37460 at SUSECVE-2023-37460 at NVDSUSE bug 1215973cpe:/o:suse:sll:7CVE-2023-37536SUSE Liberty Linux 7 LTSS
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
ImportantCVE-2023-37536 at SUSECVE-2023-37536 at NVDSUSE bug 1216156SUSE bug 1219472SUSE bug 1219708SUSE bug 1221037CVE-2023-3776SUSE Liberty Linux 7
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
ImportantCVE-2023-3776 at SUSECVE-2023-3776 at NVDSUSE bug 1213588SUSE bug 1215119SUSE bug 1215674SUSE bug 1217444SUSE bug 1217531SUSE bug 1221578SUSE bug 1221598SUSE bug 1223091SUSE bug 1223973cpe:/o:suse:sll:7CVE-2023-38403SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
ImportantCVE-2023-38403 at SUSECVE-2023-38403 at NVDSUSE bug 1213430cpe:/o:suse:sll:7CVE-2023-38408SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
ImportantCVE-2023-38408 at SUSECVE-2023-38408 at NVDSUSE bug 1213504SUSE bug 1217034SUSE bug 1217035SUSE bug 1218970SUSE bug 1225676cpe:/o:suse:sll:7CVE-2023-38409SUSE Liberty Linux 7
An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).
ModerateCVE-2023-38409 at SUSECVE-2023-38409 at NVDSUSE bug 1213417cpe:/o:suse:sll:7CVE-2023-40217SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
ImportantCVE-2023-40217 at SUSECVE-2023-40217 at NVDSUSE bug 1214692SUSE bug 1217524SUSE bug 1218319SUSE bug 1218476SUSE bug 1218965SUSE bug 1219472SUSE bug 1219713SUSE bug 1221582SUSE bug 1224883cpe:/o:suse:sll:7CVE-2023-4045SUSE Liberty Linux 7
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4045 at SUSECVE-2023-4045 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4046SUSE Liberty Linux 7
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4046 at SUSECVE-2023-4046 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4047SUSE Liberty Linux 7
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4047 at SUSECVE-2023-4047 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4048SUSE Liberty Linux 7
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4048 at SUSECVE-2023-4048 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4049SUSE Liberty Linux 7
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4049 at SUSECVE-2023-4049 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4050SUSE Liberty Linux 7
In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4050 at SUSECVE-2023-4050 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4051SUSE Liberty Linux 7
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
ModerateCVE-2023-4051 at SUSECVE-2023-4051 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4053SUSE Liberty Linux 7
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
ModerateCVE-2023-4053 at SUSECVE-2023-4053 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-40546SUSE Liberty Linux 7 LTSS
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
ModerateCVE-2023-40546 at SUSECVE-2023-40546 at NVDSUSE bug 1215099CVE-2023-40547SUSE Liberty Linux 7 LTSS
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
ImportantCVE-2023-40547 at SUSECVE-2023-40547 at NVDSUSE bug 1215098CVE-2023-40548SUSE Liberty Linux 7 LTSS
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.
ModerateCVE-2023-40548 at SUSECVE-2023-40548 at NVDSUSE bug 1215100CVE-2023-40549SUSE Liberty Linux 7 LTSS
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
ModerateCVE-2023-40549 at SUSECVE-2023-40549 at NVDSUSE bug 1215101CVE-2023-4055SUSE Liberty Linux 7
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4055 at SUSECVE-2023-4055 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-40550SUSE Liberty Linux 7 LTSS
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.
ModerateCVE-2023-40550 at SUSECVE-2023-40550 at NVDSUSE bug 1215102CVE-2023-40551SUSE Liberty Linux 7 LTSS
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.
ModerateCVE-2023-40551 at SUSECVE-2023-40551 at NVDSUSE bug 1215103CVE-2023-4056SUSE Liberty Linux 7
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
ModerateCVE-2023-4056 at SUSECVE-2023-4056 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4057SUSE Liberty Linux 7
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
ModerateCVE-2023-4057 at SUSECVE-2023-4057 at NVDSUSE bug 1213746cpe:/o:suse:sll:7CVE-2023-4128SUSE Liberty Linux 7
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
ImportantCVE-2023-4128 at SUSECVE-2023-4128 at NVDSUSE bug 1214149cpe:/o:suse:sll:7CVE-2023-4206SUSE Liberty Linux 7
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.
When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.
We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.
ImportantCVE-2023-4206 at SUSECVE-2023-4206 at NVDSUSE bug 1215110cpe:/o:suse:sll:7CVE-2023-4207SUSE Liberty Linux 7
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.
We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.
ImportantCVE-2023-4207 at SUSECVE-2023-4207 at NVDSUSE bug 1215113cpe:/o:suse:sll:7CVE-2023-4208SUSE Liberty Linux 7
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.
When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.
We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
ImportantCVE-2023-4208 at SUSECVE-2023-4208 at NVDSUSE bug 1215114cpe:/o:suse:sll:7CVE-2023-42753SUSE Liberty Linux 7
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
ImportantCVE-2023-42753 at SUSECVE-2023-42753 at NVDSUSE bug 1215150SUSE bug 1218613cpe:/o:suse:sll:7CVE-2023-43758SUSE Liberty Linux 7 LTSS
Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2023-43758 at SUSECVE-2023-43758 at NVDCVE-2023-4408SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.
This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
ImportantCVE-2023-4408 at SUSECVE-2023-4408 at NVDSUSE bug 1219823SUSE bug 1219851SUSE bug 1221586cpe:/o:suse:sll:7CVE-2023-44271SUSE Liberty Linux 7
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
ImportantCVE-2023-44271 at SUSECVE-2023-44271 at NVDSUSE bug 1216894cpe:/o:suse:sll:7CVE-2023-44446SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299.
ImportantCVE-2023-44446 at SUSECVE-2023-44446 at NVDSUSE bug 1217213cpe:/o:suse:sll:7CVE-2023-44488SUSE Liberty Linux 7
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
ImportantCVE-2023-44488 at SUSECVE-2023-44488 at NVDSUSE bug 1216879SUSE bug 1217559cpe:/o:suse:sll:7CVE-2023-4573SUSE Liberty Linux 7
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
ImportantCVE-2023-4573 at SUSECVE-2023-4573 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4574SUSE Liberty Linux 7
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
ImportantCVE-2023-4574 at SUSECVE-2023-4574 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4575SUSE Liberty Linux 7
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
ImportantCVE-2023-4575 at SUSECVE-2023-4575 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4577SUSE Liberty Linux 7
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
ImportantCVE-2023-4577 at SUSECVE-2023-4577 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4578SUSE Liberty Linux 7
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
ImportantCVE-2023-4578 at SUSECVE-2023-4578 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4580SUSE Liberty Linux 7
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
ImportantCVE-2023-4580 at SUSECVE-2023-4580 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4581SUSE Liberty Linux 7
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
ImportantCVE-2023-4581 at SUSECVE-2023-4581 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4583SUSE Liberty Linux 7
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
ImportantCVE-2023-4583 at SUSECVE-2023-4583 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4584SUSE Liberty Linux 7
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
ImportantCVE-2023-4584 at SUSECVE-2023-4584 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-4585SUSE Liberty Linux 7
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
ImportantCVE-2023-4585 at SUSECVE-2023-4585 at NVDSUSE bug 1214606cpe:/o:suse:sll:7CVE-2023-45871SUSE Liberty Linux 7
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
ModerateCVE-2023-45871 at SUSECVE-2023-45871 at NVDSUSE bug 1216259cpe:/o:suse:sll:7CVE-2023-4622SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.
The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.
We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
ImportantCVE-2023-4622 at SUSECVE-2023-4622 at NVDSUSE bug 1215117SUSE bug 1215442SUSE bug 1217531SUSE bug 1219699cpe:/o:suse:sll:7CVE-2023-4623SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
ImportantCVE-2023-4623 at SUSECVE-2023-4623 at NVDSUSE bug 1215115SUSE bug 1215440SUSE bug 1217444SUSE bug 1217531SUSE bug 1219698SUSE bug 1221578SUSE bug 1221598cpe:/o:suse:sll:7CVE-2023-46724SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
ImportantCVE-2023-46724 at SUSECVE-2023-46724 at NVDSUSE bug 1216803cpe:/o:suse:sll:7CVE-2023-46728SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
ImportantCVE-2023-46728 at SUSECVE-2023-46728 at NVDSUSE bug 1216926cpe:/o:suse:sll:7CVE-2023-46847SUSE Liberty Linux 7
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
ImportantCVE-2023-46847 at SUSECVE-2023-46847 at NVDSUSE bug 1216495cpe:/o:suse:sll:7CVE-2023-4727SUSE Liberty Linux 7 LTSS
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
ImportantCVE-2023-4727 at SUSECVE-2023-4727 at NVDCVE-2023-4863SUSE Liberty Linux 7
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
ImportantCVE-2023-4863 at SUSECVE-2023-4863 at NVDSUSE bug 1215231SUSE bug 1217115SUSE bug 1217117cpe:/o:suse:sll:7CVE-2023-4921SUSE Liberty Linux 7
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.
ImportantCVE-2023-4921 at SUSECVE-2023-4921 at NVDSUSE bug 1215275SUSE bug 1215300SUSE bug 1217444SUSE bug 1217531SUSE bug 1220906SUSE bug 1223091SUSE bug 1224418cpe:/o:suse:sll:7CVE-2023-49285SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
ImportantCVE-2023-49285 at SUSECVE-2023-49285 at NVDSUSE bug 1217813cpe:/o:suse:sll:7CVE-2023-49286SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
ImportantCVE-2023-49286 at SUSECVE-2023-49286 at NVDSUSE bug 1217815cpe:/o:suse:sll:7CVE-2023-50269SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
ImportantCVE-2023-50269 at SUSECVE-2023-50269 at NVDSUSE bug 1217654cpe:/o:suse:sll:7CVE-2023-50387SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
ImportantCVE-2023-50387 at SUSECVE-2023-50387 at NVDSUSE bug 1219823SUSE bug 1220717SUSE bug 1221586cpe:/o:suse:sll:7CVE-2023-50447SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
ImportantCVE-2023-50447 at SUSECVE-2023-50447 at NVDSUSE bug 1219048cpe:/o:suse:sll:7CVE-2023-50761SUSE Liberty Linux 7
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
ImportantCVE-2023-50761 at SUSECVE-2023-50761 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-50762SUSE Liberty Linux 7
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
ImportantCVE-2023-50762 at SUSECVE-2023-50762 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-50868SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.
ImportantCVE-2023-50868 at SUSECVE-2023-50868 at NVDSUSE bug 1219823SUSE bug 1219826SUSE bug 1221586cpe:/o:suse:sll:7CVE-2023-5169SUSE Liberty Linux 7
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
CriticalCVE-2023-5169 at SUSECVE-2023-5169 at NVDSUSE bug 1215575cpe:/o:suse:sll:7CVE-2023-5171SUSE Liberty Linux 7
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
CriticalCVE-2023-5171 at SUSECVE-2023-5171 at NVDSUSE bug 1215575cpe:/o:suse:sll:7CVE-2023-5176SUSE Liberty Linux 7
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
CriticalCVE-2023-5176 at SUSECVE-2023-5176 at NVDSUSE bug 1215575cpe:/o:suse:sll:7CVE-2023-5217SUSE Liberty Linux 7
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
ImportantCVE-2023-5217 at SUSECVE-2023-5217 at NVDSUSE bug 1215776SUSE bug 1215778SUSE bug 1215814SUSE bug 1217559cpe:/o:suse:sll:7CVE-2023-52922SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Fix UAF in bcm_proc_show()
BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80
Read of size 8 at addr ffff888155846230 by task cat/7862
CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xd5/0x150
print_report+0xc1/0x5e0
kasan_report+0xba/0xf0
bcm_proc_show+0x969/0xa80
seq_read_iter+0x4f6/0x1260
seq_read+0x165/0x210
proc_reg_read+0x227/0x300
vfs_read+0x1d5/0x8d0
ksys_read+0x11e/0x240
do_syscall_64+0x35/0xb0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Allocated by task 7846:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
__kasan_kmalloc+0x9e/0xa0
bcm_sendmsg+0x264b/0x44e0
sock_sendmsg+0xda/0x180
____sys_sendmsg+0x735/0x920
___sys_sendmsg+0x11d/0x1b0
__sys_sendmsg+0xfa/0x1d0
do_syscall_64+0x35/0xb0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Freed by task 7846:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
kasan_save_free_info+0x27/0x40
____kasan_slab_free+0x161/0x1c0
slab_free_freelist_hook+0x119/0x220
__kmem_cache_free+0xb4/0x2e0
rcu_core+0x809/0x1bd0
bcm_op is freed before procfs entry be removed in bcm_release(),
this lead to bcm_proc_show() may read the freed bcm_op.
ModerateCVE-2023-52922 at SUSECVE-2023-52922 at NVDSUSE bug 1233977CVE-2023-53125SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net: usb: smsc75xx: Limit packet length to skb->len
Packet length retrieved from skb data may be larger than
the actual socket buffer length (up to 9026 bytes). In such
case the cloned skb passed up the network stack will leak
kernel memory contents.
ModerateCVE-2023-53125 at SUSECVE-2023-53125 at NVDSUSE bug 1242285CVE-2023-53178SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
mm: fix zswap writeback race condition
The zswap writeback mechanism can cause a race condition resulting in
memory corruption, where a swapped out page gets swapped in with data that
was written to a different page.
The race unfolds like this:
1. a page with data A and swap offset X is stored in zswap
2. page A is removed off the LRU by zpool driver for writeback in
zswap-shrink work, data for A is mapped by zpool driver
3. user space program faults and invalidates page entry A, offset X is
considered free
4. kswapd stores page B at offset X in zswap (zswap could also be
full, if so, page B would then be IOed to X, then skip step 5.)
5. entry A is replaced by B in tree->rbroot, this doesn't affect the
local reference held by zswap-shrink work
6. zswap-shrink work writes back A at X, and frees zswap entry A
7. swapin of slot X brings A in memory instead of B
The fix:
Once the swap page cache has been allocated (case ZSWAP_SWAPCACHE_NEW),
zswap-shrink work just checks that the local zswap_entry reference is
still the same as the one in the tree. If it's not the same it means that
it's either been invalidated or replaced, in both cases the writeback is
aborted because the local entry contains stale data.
Reproducer:
I originally found this by running `stress` overnight to validate my work
on the zswap writeback mechanism, it manifested after hours on my test
machine. The key to make it happen is having zswap writebacks, so
whatever setup pumps /sys/kernel/debug/zswap/written_back_pages should do
the trick.
In order to reproduce this faster on a vm, I setup a system with ~100M of
available memory and a 500M swap file, then running `stress --vm 1
--vm-bytes 300000000 --vm-stride 4000` makes it happen in matter of tens
of minutes. One can speed things up even more by swinging
/sys/module/zswap/parameters/max_pool_percent up and down between, say, 20
and 1; this makes it reproduce in tens of seconds. It's crucial to set
`--vm-stride` to something other than 4096 otherwise `stress` won't
realize that memory has been corrupted because all pages would have the
same data.
ModerateCVE-2023-53178 at SUSECVE-2023-53178 at NVDSUSE bug 1249827CVE-2023-53297SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
conn->chan_lock isn't acquired before l2cap_get_chan_by_scid,
if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance'
is triggered.
ImportantCVE-2023-53297 at SUSECVE-2023-53297 at NVDSUSE bug 1250322SUSE bug 1250728CVE-2023-53305SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: Fix use-after-free
Fix potential use-after-free in l2cap_le_command_rej.
ModerateCVE-2023-53305 at SUSECVE-2023-53305 at NVDSUSE bug 1250049CVE-2023-53322SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Wait for io return on terminate rport
System crash due to use after free.
Current code allows terminate_rport_io to exit before making
sure all IOs has returned. For FCP-2 device, IO's can hang
on in HW because driver has not tear down the session in FW at
first sign of cable pull. When dev_loss_tmo timer pops,
terminate_rport_io is called and upper layer is about to
free various resources. Terminate_rport_io trigger qla to do
the final cleanup, but the cleanup might not be fast enough where it
leave qla still holding on to the same resource.
Wait for IO's to return to upper layer before resources are freed.
ModerateCVE-2023-53322 at SUSECVE-2023-53322 at NVDSUSE bug 1250323CVE-2023-53365SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
skbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4
head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:192!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:skb_panic+0x152/0x1d0
Call Trace:
<TASK>
skb_push+0xc4/0xe0
ip6mr_cache_report+0xd69/0x19b0
reg_vif_xmit+0x406/0x690
dev_hard_start_xmit+0x17e/0x6e0
__dev_queue_xmit+0x2d6a/0x3d20
vlan_dev_hard_start_xmit+0x3ab/0x5c0
dev_hard_start_xmit+0x17e/0x6e0
__dev_queue_xmit+0x2d6a/0x3d20
neigh_connected_output+0x3ed/0x570
ip6_finish_output2+0x5b5/0x1950
ip6_finish_output+0x693/0x11c0
ip6_output+0x24b/0x880
NF_HOOK.constprop.0+0xfd/0x530
ndisc_send_skb+0x9db/0x1400
ndisc_send_rs+0x12a/0x6c0
addrconf_dad_completed+0x3c9/0xea0
addrconf_dad_work+0x849/0x1420
process_one_work+0xa22/0x16e0
worker_thread+0x679/0x10c0
ret_from_fork+0x28/0x60
ret_from_fork_asm+0x11/0x20
When setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().
reg_vif_xmit()
ip6mr_cache_report()
skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4
And skb_push declared as:
void *skb_push(struct sk_buff *skb, unsigned int len);
skb->data -= len;
//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850
skb->data is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.
ModerateCVE-2023-53365 at SUSECVE-2023-53365 at NVDSUSE bug 1249988CVE-2023-53373SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
crypto: seqiv - Handle EBUSY correctly
As it is seqiv only handles the special return value of EINPROGERSS,
which means that in all other cases it will free data related to the
request.
However, as the caller of seqiv may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way. Otherwise backlogged
requests will trigger a use-after-free.
ModerateCVE-2023-53373 at SUSECVE-2023-53373 at NVDSUSE bug 1250137CVE-2023-5367SUSE Liberty Linux 7
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
ImportantCVE-2023-5367 at SUSECVE-2023-5367 at NVDSUSE bug 1216135SUSE bug 1217447SUSE bug 1221590cpe:/o:suse:sll:7CVE-2023-53675SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
Sanitize possible desc_ptr out-of-bounds accesses in
ses_enclosure_data_process().
ModerateCVE-2023-53675 at SUSECVE-2023-53675 at NVDSUSE bug 1251325CVE-2023-53705SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
optlen is fetched without checking whether there is more than one byte to parse.
It can lead to out-of-bounds access.
Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.
ModerateCVE-2023-53705 at SUSECVE-2023-53705 at NVDSUSE bug 1252554CVE-2023-5380SUSE Liberty Linux 7
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
ModerateCVE-2023-5380 at SUSECVE-2023-5380 at NVDSUSE bug 1216133cpe:/o:suse:sll:7CVE-2023-5388SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
ModerateCVE-2023-5388 at SUSECVE-2023-5388 at NVDSUSE bug 1216198SUSE bug 1221327cpe:/o:suse:sll:7CVE-2023-5455SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.
ModerateCVE-2023-5455 at SUSECVE-2023-5455 at NVDcpe:/o:suse:sll:7CVE-2023-5721SUSE Liberty Linux 7
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
ImportantCVE-2023-5721 at SUSECVE-2023-5721 at NVDSUSE bug 1216338cpe:/o:suse:sll:7CVE-2023-5724SUSE Liberty Linux 7
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
ImportantCVE-2023-5724 at SUSECVE-2023-5724 at NVDSUSE bug 1216338cpe:/o:suse:sll:7CVE-2023-5725SUSE Liberty Linux 7
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
ImportantCVE-2023-5725 at SUSECVE-2023-5725 at NVDSUSE bug 1216338cpe:/o:suse:sll:7CVE-2023-5728SUSE Liberty Linux 7
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
ImportantCVE-2023-5728 at SUSECVE-2023-5728 at NVDSUSE bug 1216338cpe:/o:suse:sll:7CVE-2023-5730SUSE Liberty Linux 7
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
ImportantCVE-2023-5730 at SUSECVE-2023-5730 at NVDSUSE bug 1216338cpe:/o:suse:sll:7CVE-2023-5732SUSE Liberty Linux 7
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
ImportantCVE-2023-5732 at SUSECVE-2023-5732 at NVDSUSE bug 1216338cpe:/o:suse:sll:7CVE-2023-5869SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
CriticalCVE-2023-5869 at SUSECVE-2023-5869 at NVDSUSE bug 1216961cpe:/o:suse:sll:7CVE-2023-6204SUSE Liberty Linux 7
On some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
ImportantCVE-2023-6204 at SUSECVE-2023-6204 at NVDSUSE bug 1217230cpe:/o:suse:sll:7CVE-2023-6205SUSE Liberty Linux 7
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
ImportantCVE-2023-6205 at SUSECVE-2023-6205 at NVDSUSE bug 1217230cpe:/o:suse:sll:7CVE-2023-6206SUSE Liberty Linux 7
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
ImportantCVE-2023-6206 at SUSECVE-2023-6206 at NVDSUSE bug 1217230cpe:/o:suse:sll:7CVE-2023-6207SUSE Liberty Linux 7
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
ImportantCVE-2023-6207 at SUSECVE-2023-6207 at NVDSUSE bug 1217230cpe:/o:suse:sll:7CVE-2023-6208SUSE Liberty Linux 7
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.
*This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
ImportantCVE-2023-6208 at SUSECVE-2023-6208 at NVDSUSE bug 1217230cpe:/o:suse:sll:7CVE-2023-6209SUSE Liberty Linux 7
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
ImportantCVE-2023-6209 at SUSECVE-2023-6209 at NVDSUSE bug 1217230cpe:/o:suse:sll:7CVE-2023-6212SUSE Liberty Linux 7
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
ImportantCVE-2023-6212 at SUSECVE-2023-6212 at NVDSUSE bug 1217230cpe:/o:suse:sll:7CVE-2023-6377SUSE Liberty Linux 7
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
ImportantCVE-2023-6377 at SUSECVE-2023-6377 at NVDSUSE bug 1217765SUSE bug 1221590cpe:/o:suse:sll:7CVE-2023-6478SUSE Liberty Linux 7
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
ImportantCVE-2023-6478 at SUSECVE-2023-6478 at NVDSUSE bug 1217766SUSE bug 1222096cpe:/o:suse:sll:7CVE-2023-6816SUSE Liberty Linux 7
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
ImportantCVE-2023-6816 at SUSECVE-2023-6816 at NVDSUSE bug 1218582SUSE bug 1221590cpe:/o:suse:sll:7CVE-2023-6856SUSE Liberty Linux 7
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6856 at SUSECVE-2023-6856 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6857SUSE Liberty Linux 7
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
*This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6857 at SUSECVE-2023-6857 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6858SUSE Liberty Linux 7
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6858 at SUSECVE-2023-6858 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6859SUSE Liberty Linux 7
A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6859 at SUSECVE-2023-6859 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6860SUSE Liberty Linux 7
The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6860 at SUSECVE-2023-6860 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6861SUSE Liberty Linux 7
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6861 at SUSECVE-2023-6861 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6862SUSE Liberty Linux 7
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
ImportantCVE-2023-6862 at SUSECVE-2023-6862 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6863SUSE Liberty Linux 7
The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6863 at SUSECVE-2023-6863 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6864SUSE Liberty Linux 7
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
ImportantCVE-2023-6864 at SUSECVE-2023-6864 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6865SUSE Liberty Linux 7
`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
ImportantCVE-2023-6865 at SUSECVE-2023-6865 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2023-6867SUSE Liberty Linux 7
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
ImportantCVE-2023-6867 at SUSECVE-2023-6867 at NVDSUSE bug 1217974cpe:/o:suse:sll:7CVE-2024-0229SUSE Liberty Linux 7
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
ImportantCVE-2024-0229 at SUSECVE-2024-0229 at NVDSUSE bug 1218583SUSE bug 1221590cpe:/o:suse:sll:7CVE-2024-0408SUSE Liberty Linux 7
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
ModerateCVE-2024-0408 at SUSECVE-2024-0408 at NVDSUSE bug 1218845cpe:/o:suse:sll:7CVE-2024-0409SUSE Liberty Linux 7
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.
ModerateCVE-2024-0409 at SUSECVE-2024-0409 at NVDSUSE bug 1218846cpe:/o:suse:sll:7CVE-2024-0741SUSE Liberty Linux 7
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0741 at SUSECVE-2024-0741 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0742SUSE Liberty Linux 7
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0742 at SUSECVE-2024-0742 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0743SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
ImportantCVE-2024-0743 at SUSECVE-2024-0743 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0746SUSE Liberty Linux 7
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0746 at SUSECVE-2024-0746 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0747SUSE Liberty Linux 7
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0747 at SUSECVE-2024-0747 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0749SUSE Liberty Linux 7
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.
ImportantCVE-2024-0749 at SUSECVE-2024-0749 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0750SUSE Liberty Linux 7
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0750 at SUSECVE-2024-0750 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0751SUSE Liberty Linux 7
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0751 at SUSECVE-2024-0751 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0753SUSE Liberty Linux 7
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0753 at SUSECVE-2024-0753 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-0755SUSE Liberty Linux 7
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
ImportantCVE-2024-0755 at SUSECVE-2024-0755 at NVDSUSE bug 1218955cpe:/o:suse:sll:7CVE-2024-1086SUSE Liberty Linux 7
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
ImportantCVE-2024-1086 at SUSECVE-2024-1086 at NVDSUSE bug 1219434SUSE bug 1219435SUSE bug 1224298SUSE bug 1224878SUSE bug 1226066cpe:/o:suse:sll:7CVE-2024-10979SUSE Liberty Linux 7 LTSS
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
ImportantCVE-2024-10979 at SUSECVE-2024-10979 at NVDSUSE bug 1233327CVE-2024-11187SUSE Liberty Linux 7 LTSS
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
ImportantCVE-2024-11187 at SUSECVE-2024-11187 at NVDSUSE bug 1236596CVE-2024-12085SUSE Liberty Linux 7 LTSS
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
ModerateCVE-2024-12085 at SUSECVE-2024-12085 at NVDSUSE bug 1233760SUSE bug 1234101CVE-2024-12087SUSE Liberty Linux 7 LTSS
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
ImportantCVE-2024-12087 at SUSECVE-2024-12087 at NVDSUSE bug 1233760SUSE bug 1234103CVE-2024-1546SUSE Liberty Linux 7
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1546 at SUSECVE-2024-1546 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1547SUSE Liberty Linux 7
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1547 at SUSECVE-2024-1547 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1548SUSE Liberty Linux 7
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1548 at SUSECVE-2024-1548 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1549SUSE Liberty Linux 7
If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1549 at SUSECVE-2024-1549 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1550SUSE Liberty Linux 7
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1550 at SUSECVE-2024-1550 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1551SUSE Liberty Linux 7
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1551 at SUSECVE-2024-1551 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1552SUSE Liberty Linux 7
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1552 at SUSECVE-2024-1552 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1553SUSE Liberty Linux 7
Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CriticalCVE-2024-1553 at SUSECVE-2024-1553 at NVDSUSE bug 1220048cpe:/o:suse:sll:7CVE-2024-1737SUSE Liberty Linux 7 LTSS
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
ImportantCVE-2024-1737 at SUSECVE-2024-1737 at NVDSUSE bug 1228256CVE-2024-1936SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
ImportantCVE-2024-1936 at SUSECVE-2024-1936 at NVDSUSE bug 1221054cpe:/o:suse:sll:7CVE-2024-1975SUSE Liberty Linux 7 LTSS
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
ImportantCVE-2024-1975 at SUSECVE-2024-1975 at NVDSUSE bug 1228257CVE-2024-20918SUSE Liberty Linux 7
Unknown.
ImportantCVE-2024-20918 at SUSECVE-2024-20918 at NVDSUSE bug 1218907SUSE bug 1219843cpe:/o:suse:sll:7CVE-2024-20919SUSE Liberty Linux 7
Unknown.
ModerateCVE-2024-20919 at SUSECVE-2024-20919 at NVDSUSE bug 1218903SUSE bug 1219843cpe:/o:suse:sll:7CVE-2024-20921SUSE Liberty Linux 7
Unknown.
ModerateCVE-2024-20921 at SUSECVE-2024-20921 at NVDSUSE bug 1218905SUSE bug 1219843cpe:/o:suse:sll:7CVE-2024-20926SUSE Liberty Linux 7
Unknown.
ModerateCVE-2024-20926 at SUSECVE-2024-20926 at NVDSUSE bug 1218906SUSE bug 1219843cpe:/o:suse:sll:7CVE-2024-20945SUSE Liberty Linux 7
Unknown.
ModerateCVE-2024-20945 at SUSECVE-2024-20945 at NVDSUSE bug 1218909SUSE bug 1219843cpe:/o:suse:sll:7CVE-2024-20952SUSE Liberty Linux 7
Unknown.
ImportantCVE-2024-20952 at SUSECVE-2024-20952 at NVDSUSE bug 1218911SUSE bug 1219843cpe:/o:suse:sll:7CVE-2024-21011SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unknown.
LowCVE-2024-21011 at SUSECVE-2024-21011 at NVDSUSE bug 1222979cpe:/o:suse:sll:7CVE-2024-21012SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unknown.
LowCVE-2024-21012 at SUSECVE-2024-21012 at NVDSUSE bug 1222987cpe:/o:suse:sll:7CVE-2024-21068SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unknown.
LowCVE-2024-21068 at SUSECVE-2024-21068 at NVDSUSE bug 1222983cpe:/o:suse:sll:7CVE-2024-21085SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unknown.
LowCVE-2024-21085 at SUSECVE-2024-21085 at NVDSUSE bug 1222984cpe:/o:suse:sll:7CVE-2024-21094SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Unknown.
LowCVE-2024-21094 at SUSECVE-2024-21094 at NVDSUSE bug 1222986cpe:/o:suse:sll:7CVE-2024-21131SUSE Liberty Linux 7 LTSS
Unknown.
LowCVE-2024-21131 at SUSECVE-2024-21131 at NVDSUSE bug 1228046CVE-2024-21138SUSE Liberty Linux 7 LTSS
Unknown.
LowCVE-2024-21138 at SUSECVE-2024-21138 at NVDSUSE bug 1228047CVE-2024-21140SUSE Liberty Linux 7 LTSS
Unknown.
ModerateCVE-2024-21140 at SUSECVE-2024-21140 at NVDSUSE bug 1228048CVE-2024-21144SUSE Liberty Linux 7 LTSS
Unknown.
ModerateCVE-2024-21144 at SUSECVE-2024-21144 at NVDSUSE bug 1228050CVE-2024-21145SUSE Liberty Linux 7 LTSS
Unknown.
ModerateCVE-2024-21145 at SUSECVE-2024-21145 at NVDSUSE bug 1228051CVE-2024-21147SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2024-21147 at SUSECVE-2024-21147 at NVDSUSE bug 1228052CVE-2024-21626SUSE Liberty Linux 7 LTSS
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
ImportantCVE-2024-21626 at SUSECVE-2024-21626 at NVDSUSE bug 1218894CVE-2024-21885SUSE Liberty Linux 7
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
ImportantCVE-2024-21885 at SUSECVE-2024-21885 at NVDSUSE bug 1218584SUSE bug 1221590cpe:/o:suse:sll:7CVE-2024-21886SUSE Liberty Linux 7
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
ImportantCVE-2024-21886 at SUSECVE-2024-21886 at NVDSUSE bug 1218585SUSE bug 1221590cpe:/o:suse:sll:7CVE-2024-2199SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
ModerateCVE-2024-2199 at SUSECVE-2024-2199 at NVDSUSE bug 1225507cpe:/o:suse:sll:7CVE-2024-2201SUSE Liberty Linux 7 LTSS
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
ModerateCVE-2024-2201 at SUSECVE-2024-2201 at NVDSUSE bug 1212111SUSE bug 1217339CVE-2024-24582SUSE Liberty Linux 7 LTSS
Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2024-24582 at SUSECVE-2024-24582 at NVDCVE-2024-25617SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2
ImportantCVE-2024-25617 at SUSECVE-2024-25617 at NVDSUSE bug 1219960cpe:/o:suse:sll:7CVE-2024-2607SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
ImportantCVE-2024-2607 at SUSECVE-2024-2607 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-2608SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
ImportantCVE-2024-2608 at SUSECVE-2024-2608 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-2609SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-2609 at SUSECVE-2024-2609 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-2610SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
ImportantCVE-2024-2610 at SUSECVE-2024-2610 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-2611SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
ImportantCVE-2024-2611 at SUSECVE-2024-2611 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-2612SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
ImportantCVE-2024-2612 at SUSECVE-2024-2612 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-2614SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
ImportantCVE-2024-2614 at SUSECVE-2024-2614 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-2616SUSE Liberty Linux 7
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.
ImportantCVE-2024-2616 at SUSECVE-2024-2616 at NVDSUSE bug 1221327cpe:/o:suse:sll:7CVE-2024-26602SUSE Liberty Linux 7
In the Linux kernel, the following vulnerability has been resolved:
sched/membarrier: reduce the ability to hammer on sys_membarrier
On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to
serialize the accesses to prevent the ability for this to be called at
too high of a frequency and saturate the machine.
ModerateCVE-2024-26602 at SUSECVE-2024-26602 at NVDSUSE bug 1220398cpe:/o:suse:sll:7CVE-2024-28127SUSE Liberty Linux 7 LTSS
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2024-28127 at SUSECVE-2024-28127 at NVDCVE-2024-28956SUSE Liberty Linux 7 LTSS
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2024-28956 at SUSECVE-2024-28956 at NVDSUSE bug 1242006CVE-2024-29214SUSE Liberty Linux 7 LTSS
Improper input validation in UEFI firmware CseVariableStorageSmm for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
ImportantCVE-2024-29214 at SUSECVE-2024-29214 at NVDCVE-2024-2961SUSE Liberty Linux 7
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
ImportantCVE-2024-2961 at SUSECVE-2024-2961 at NVDSUSE bug 1222992SUSE bug 1223019cpe:/o:suse:sll:7CVE-2024-29944SUSE Liberty Linux 7
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
ImportantCVE-2024-29944 at SUSECVE-2024-29944 at NVDSUSE bug 1221850cpe:/o:suse:sll:7CVE-2024-31080SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
ImportantCVE-2024-31080 at SUSECVE-2024-31080 at NVDSUSE bug 1222309SUSE bug 1222312cpe:/o:suse:sll:7CVE-2024-31081SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
ImportantCVE-2024-31081 at SUSECVE-2024-31081 at NVDSUSE bug 1222310SUSE bug 1222312cpe:/o:suse:sll:7CVE-2024-31083SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
ImportantCVE-2024-31083 at SUSECVE-2024-31083 at NVDSUSE bug 1222312cpe:/o:suse:sll:7CVE-2024-3183SUSE Liberty Linux 7
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user's password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal's password).
ImportantCVE-2024-3183 at SUSECVE-2024-3183 at NVDcpe:/o:suse:sll:7CVE-2024-32462SUSE Liberty Linux 7
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.
ImportantCVE-2024-32462 at SUSECVE-2024-32462 at NVDSUSE bug 1223110cpe:/o:suse:sll:7CVE-2024-32487SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
ImportantCVE-2024-32487 at SUSECVE-2024-32487 at NVDSUSE bug 1222849cpe:/o:suse:sll:7CVE-2024-3302SUSE Liberty Linux 7 LTSS
There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-3302 at SUSECVE-2024-3302 at NVDSUSE bug 1222535CVE-2024-33599SUSE Liberty Linux 7
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
ImportantCVE-2024-33599 at SUSECVE-2024-33599 at NVDSUSE bug 1223423SUSE bug 1223530cpe:/o:suse:sll:7CVE-2024-33600SUSE Liberty Linux 7
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.
This vulnerability is only present in the nscd binary.
ImportantCVE-2024-33600 at SUSECVE-2024-33600 at NVDSUSE bug 1222992SUSE bug 1223424SUSE bug 1223589cpe:/o:suse:sll:7CVE-2024-33601SUSE Liberty Linux 7
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
ModerateCVE-2024-33601 at SUSECVE-2024-33601 at NVDSUSE bug 1223426cpe:/o:suse:sll:7CVE-2024-33602SUSE Liberty Linux 7
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
ModerateCVE-2024-33602 at SUSECVE-2024-33602 at NVDSUSE bug 1223425cpe:/o:suse:sll:7CVE-2024-33871SUSE Liberty Linux 7 LTSS
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
ImportantCVE-2024-33871 at SUSECVE-2024-33871 at NVDSUSE bug 1225491CVE-2024-3596SUSE Liberty Linux 7 LTSS
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
ImportantCVE-2024-3596 at SUSECVE-2024-3596 at NVDSUSE bug 1223414CVE-2024-3651SUSE Liberty Linux 7 LTSS
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
ModerateCVE-2024-3651 at SUSECVE-2024-3651 at NVDSUSE bug 1222842CVE-2024-3657SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
ImportantCVE-2024-3657 at SUSECVE-2024-3657 at NVDSUSE bug 1225512cpe:/o:suse:sll:7CVE-2024-36971SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.
RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).
Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.
Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.
Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.
Many thanks to Clement Lecigne for tracking this issue.
This old bug became visible after the blamed commit, using UDP sockets.
ImportantCVE-2024-36971 at SUSECVE-2024-36971 at NVDSUSE bug 1226145SUSE bug 1226324CVE-2024-37370SUSE Liberty Linux 7 LTSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
ImportantCVE-2024-37370 at SUSECVE-2024-37370 at NVDSUSE bug 1227186SUSE bug 1227187CVE-2024-37371SUSE Liberty Linux 7 LTSS
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
ModerateCVE-2024-37371 at SUSECVE-2024-37371 at NVDSUSE bug 1227186SUSE bug 1227187CVE-2024-38474SUSE Liberty Linux 7 LTSS
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
ImportantCVE-2024-38474 at SUSECVE-2024-38474 at NVDSUSE bug 1227278CVE-2024-38475SUSE Liberty Linux 7 LTSS
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
ImportantCVE-2024-38475 at SUSECVE-2024-38475 at NVDSUSE bug 1227268CVE-2024-38476SUSE Liberty Linux 7 LTSS
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
ImportantCVE-2024-38476 at SUSECVE-2024-38476 at NVDSUSE bug 1227269CVE-2024-38477SUSE Liberty Linux 7 LTSS
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
ImportantCVE-2024-38477 at SUSECVE-2024-38477 at NVDSUSE bug 1227270CVE-2024-3852SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-3852 at SUSECVE-2024-3852 at NVDSUSE bug 1222535cpe:/o:suse:sll:7CVE-2024-3854SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-3854 at SUSECVE-2024-3854 at NVDSUSE bug 1222535cpe:/o:suse:sll:7CVE-2024-3857SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-3857 at SUSECVE-2024-3857 at NVDSUSE bug 1222535cpe:/o:suse:sll:7CVE-2024-3859SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-3859 at SUSECVE-2024-3859 at NVDSUSE bug 1222535cpe:/o:suse:sll:7CVE-2024-3861SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-3861 at SUSECVE-2024-3861 at NVDSUSE bug 1222535cpe:/o:suse:sll:7CVE-2024-3864SUSE Liberty Linux 7SUSE Liberty Linux 7 LTSS
Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
ImportantCVE-2024-3864 at SUSECVE-2024-3864 at NVDSUSE bug 1222535cpe:/o:suse:sll:7CVE-2024-39936SUSE Liberty Linux 7 LTSS
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed..
ImportantCVE-2024-39936 at SUSECVE-2024-39936 at NVDSUSE bug 1227426CVE-2024-41071SUSE Liberty Linux 7 LTSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ModerateCVE-2024-41071 at SUSECVE-2024-41071 at NVDSUSE bug 1228625CVE-2024-42472SUSE Liberty Linux 7 LTSS
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality.
When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access.
However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox.
Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code.
For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.
ImportantCVE-2024-42472 at SUSECVE-2024-42472 at NVDSUSE bug 1229157CVE-2024-43420SUSE Liberty Linux 7 LTSS
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2024-43420 at SUSECVE-2024-43420 at NVDSUSE bug 1242006SUSE bug 1243451CVE-2024-4367SUSE Liberty Linux 7
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ImportantCVE-2024-4367 at SUSECVE-2024-4367 at NVDSUSE bug 1224056cpe:/o:suse:sll:7CVE-2024-45332SUSE Liberty Linux 7 LTSS
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2024-45332 at SUSECVE-2024-45332 at NVDSUSE bug 1242006SUSE bug 1243180CVE-2024-45781SUSE Liberty Linux 7 LTSS
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
ModerateCVE-2024-45781 at SUSECVE-2024-45781 at NVDSUSE bug 1233617CVE-2024-45782SUSE Liberty Linux 7 LTSS
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.
ModerateCVE-2024-45782 at SUSECVE-2024-45782 at NVDSUSE bug 1233615CVE-2024-45802SUSE Liberty Linux 7 LTSS
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
ModerateCVE-2024-45802 at SUSECVE-2024-45802 at NVDSUSE bug 1232485CVE-2024-47076SUSE Liberty Linux 7 LTSS
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
ImportantCVE-2024-47076 at SUSECVE-2024-47076 at NVDSUSE bug 1230932SUSE bug 1230937CVE-2024-47175SUSE Liberty Linux 7 LTSS
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
ImportantCVE-2024-47175 at SUSECVE-2024-47175 at NVDSUSE bug 1230932CVE-2024-47176SUSE Liberty Linux 7 LTSS
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
ImportantCVE-2024-47176 at SUSECVE-2024-47176 at NVDSUSE bug 1230932SUSE bug 1230939CVE-2024-47252SUSE Liberty Linux 7 LTSS
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.
In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.
ModerateCVE-2024-47252 at SUSECVE-2024-47252 at NVDSUSE bug 1246303CVE-2024-4767SUSE Liberty Linux 7
If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ImportantCVE-2024-4767 at SUSECVE-2024-4767 at NVDSUSE bug 1224056cpe:/o:suse:sll:7CVE-2024-4768SUSE Liberty Linux 7
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ImportantCVE-2024-4768 at SUSECVE-2024-4768 at NVDSUSE bug 1224056cpe:/o:suse:sll:7CVE-2024-4769SUSE Liberty Linux 7
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ImportantCVE-2024-4769 at SUSECVE-2024-4769 at NVDSUSE bug 1224056cpe:/o:suse:sll:7CVE-2024-4770SUSE Liberty Linux 7
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ImportantCVE-2024-4770 at SUSECVE-2024-4770 at NVDSUSE bug 1224056cpe:/o:suse:sll:7CVE-2024-4777SUSE Liberty Linux 7
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ImportantCVE-2024-4777 at SUSECVE-2024-4777 at NVDSUSE bug 1224056cpe:/o:suse:sll:7CVE-2024-47850SUSE Liberty Linux 7 LTSS
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
ModerateCVE-2024-47850 at SUSECVE-2024-47850 at NVDSUSE bug 1231294CVE-2024-50302SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
ImportantCVE-2024-50302 at SUSECVE-2024-50302 at NVDSUSE bug 1233491SUSE bug 1233679CVE-2024-52337SUSE Liberty Linux 7 LTSS
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
ModerateCVE-2024-52337 at SUSECVE-2024-52337 at NVDSUSE bug 1233807CVE-2024-52530SUSE Liberty Linux 7 LTSS
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
ImportantCVE-2024-52530 at SUSECVE-2024-52530 at NVDSUSE bug 1233285CVE-2024-53104SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
ImportantCVE-2024-53104 at SUSECVE-2024-53104 at NVDSUSE bug 1234025SUSE bug 1236783CVE-2024-53141SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: add missing range check in bitmap_ip_uadt
When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
the values of ip and ip_to are slightly swapped. Therefore, the range check
for ip should be done later, but this part is missing and it seems that the
vulnerability occurs.
So we should add missing range checks and remove unnecessary range checks.
ImportantCVE-2024-53141 at SUSECVE-2024-53141 at NVDSUSE bug 1234381SUSE bug 1245778CVE-2024-53150SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.
For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it's skipped in the loop.
For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at its tail, hence those
have to be checked in addition to the sizeof() check.
ModerateCVE-2024-53150 at SUSECVE-2024-53150 at NVDSUSE bug 1234834CVE-2024-53197SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
A bogus device can provide a bNumConfigurations value that exceeds the
initial value used in usb_get_configuration for allocating dev->config.
This can lead to out-of-bounds accesses later, e.g. in
usb_destroy_configuration.
ModerateCVE-2024-53197 at SUSECVE-2024-53197 at NVDSUSE bug 1235464CVE-2024-53580SUSE Liberty Linux 7 LTSS
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
ModerateCVE-2024-53580 at SUSECVE-2024-53580 at NVDSUSE bug 1234705CVE-2024-53899SUSE Liberty Linux 7 LTSS
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
ImportantCVE-2024-53899 at SUSECVE-2024-53899 at NVDSUSE bug 1233706CVE-2024-55549SUSE Liberty Linux 7 LTSS
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
ImportantCVE-2024-55549 at SUSECVE-2024-55549 at NVDSUSE bug 1239637CVE-2024-5564SUSE Liberty Linux 7 LTSS
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
ImportantCVE-2024-5564 at SUSECVE-2024-5564 at NVDSUSE bug 1225771CVE-2024-56171SUSE Liberty Linux 7 LTSS
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
ImportantCVE-2024-56171 at SUSECVE-2024-56171 at NVDSUSE bug 1237363CVE-2024-56326SUSE Liberty Linux 7 LTSS
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.
ImportantCVE-2024-56326 at SUSECVE-2024-56326 at NVDSUSE bug 1234809CVE-2024-56737SUSE Liberty Linux 7 LTSS
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
ImportantCVE-2024-56737 at SUSECVE-2024-56737 at NVDSUSE bug 1234958CVE-2024-5688SUSE Liberty Linux 7
If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CriticalCVE-2024-5688 at SUSECVE-2024-5688 at NVDSUSE bug 1226027cpe:/o:suse:sll:7CVE-2024-5690SUSE Liberty Linux 7
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CriticalCVE-2024-5690 at SUSECVE-2024-5690 at NVDSUSE bug 1226027cpe:/o:suse:sll:7CVE-2024-5691SUSE Liberty Linux 7
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CriticalCVE-2024-5691 at SUSECVE-2024-5691 at NVDSUSE bug 1226027cpe:/o:suse:sll:7CVE-2024-5693SUSE Liberty Linux 7
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CriticalCVE-2024-5693 at SUSECVE-2024-5693 at NVDSUSE bug 1226027cpe:/o:suse:sll:7CVE-2024-5696SUSE Liberty Linux 7
By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CriticalCVE-2024-5696 at SUSECVE-2024-5696 at NVDSUSE bug 1226027cpe:/o:suse:sll:7CVE-2024-5700SUSE Liberty Linux 7
Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CriticalCVE-2024-5700 at SUSECVE-2024-5700 at NVDSUSE bug 1226027cpe:/o:suse:sll:7CVE-2024-5702SUSE Liberty Linux 7
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.
CriticalCVE-2024-5702 at SUSECVE-2024-5702 at NVDSUSE bug 1226027cpe:/o:suse:sll:7CVE-2024-57656SUSE Liberty Linux 7 LTSS
An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
ImportantCVE-2024-57656 at SUSECVE-2024-57656 at NVDCVE-2024-57823SUSE Liberty Linux 7 LTSS
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
ModerateCVE-2024-57823 at SUSECVE-2024-57823 at NVDSUSE bug 1235673CVE-2024-57980SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Fix double free in error path
If the uvc_status_init() function fails to allocate the int_urb, it will
free the dev->status pointer but doesn't reset the pointer to NULL. This
results in the kfree() call in uvc_status_cleanup() trying to
double-free the memory. Fix it by resetting the dev->status pointer to
NULL after freeing it.
Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
ModerateCVE-2024-57980 at SUSECVE-2024-57980 at NVDSUSE bug 1237911CVE-2024-5953SUSE Liberty Linux 7 LTSS
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
ModerateCVE-2024-5953 at SUSECVE-2024-5953 at NVDSUSE bug 1226277CVE-2024-6345SUSE Liberty Linux 7 LTSS
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
ImportantCVE-2024-6345 at SUSECVE-2024-6345 at NVDSUSE bug 1228105CVE-2024-7348SUSE Liberty Linux 7 LTSS
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.
ImportantCVE-2024-7348 at SUSECVE-2024-7348 at NVDSUSE bug 1229013CVE-2024-8445SUSE Liberty Linux 7 LTSS
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.
ModerateCVE-2024-8445 at SUSECVE-2024-8445 at NVDSUSE bug 1230210CVE-2024-9050SUSE Liberty Linux 7 LTSS
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
ImportantCVE-2024-9050 at SUSECVE-2024-9050 at NVDSUSE bug 1231331SUSE bug 1232040CVE-2024-9632SUSE Liberty Linux 7 LTSS
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
ImportantCVE-2024-9632 at SUSECVE-2024-9632 at NVDSUSE bug 1231565CVE-2025-0624SUSE Liberty Linux 7 LTSS
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.
ImportantCVE-2025-0624 at SUSECVE-2025-0624 at NVDSUSE bug 1236316CVE-2025-1094SUSE Liberty Linux 7 LTSS
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
ImportantCVE-2025-1094 at SUSECVE-2025-1094 at NVDSUSE bug 1237093CVE-2025-11561SUSE Liberty Linux 7 LTSS
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
ImportantCVE-2025-11561 at SUSECVE-2025-11561 at NVDSUSE bug 1251827CVE-2025-12084SUSE Liberty Linux 7 LTSS
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
ModerateCVE-2025-12084 at SUSECVE-2025-12084 at NVDSUSE bug 1254997CVE-2025-1244SUSE Liberty Linux 7 LTSS
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.
ImportantCVE-2025-1244 at SUSECVE-2025-1244 at NVDSUSE bug 1237091CVE-2025-13601SUSE Liberty Linux 7 LTSS
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
ImportantCVE-2025-13601 at SUSECVE-2025-13601 at NVDSUSE bug 1254297CVE-2025-15366SUSE Liberty Linux 7 LTSS
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
ModerateCVE-2025-15366 at SUSECVE-2025-15366 at NVDSUSE bug 1257044CVE-2025-15367SUSE Liberty Linux 7 LTSS
The poplib module, when passed a user-controlled command, can have
additional commands injected using newlines. Mitigation rejects commands
containing control characters.
ModerateCVE-2025-15367 at SUSECVE-2025-15367 at NVDSUSE bug 1257041CVE-2025-20012SUSE Liberty Linux 7 LTSS
Incorrect behavior order for some Intel(R) Core(tm) Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
ModerateCVE-2025-20012 at SUSECVE-2025-20012 at NVDSUSE bug 1242006SUSE bug 1243123CVE-2025-20623SUSE Liberty Linux 7 LTSS
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core(tm) processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2025-20623 at SUSECVE-2025-20623 at NVDSUSE bug 1242006SUSE bug 1243454CVE-2025-21587SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-21587 at SUSECVE-2025-21587 at NVDSUSE bug 1241274CVE-2025-21928SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
The system can experience a random crash a few minutes after the driver is
removed. This issue occurs due to improper handling of memory freeing in
the ishtp_hid_remove() function.
The function currently frees the `driver_data` directly within the loop
that destroys the HID devices, which can lead to accessing freed memory.
Specifically, `hid_destroy_device()` uses `driver_data` when it calls
`hid_ishtp_set_feature()` to power off the sensor, so freeing
`driver_data` beforehand can result in accessing invalid memory.
This patch resolves the issue by storing the `driver_data` in a temporary
variable before calling `hid_destroy_device()`, and then freeing the
`driver_data` after the device is destroyed.
ModerateCVE-2025-21928 at SUSECVE-2025-21928 at NVDSUSE bug 1240722CVE-2025-22004SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net: atm: fix use after free in lec_send()
The ->send() operation frees skb so save the length before calling
->send() to avoid a use after free.
ImportantCVE-2025-22004 at SUSECVE-2025-22004 at NVDSUSE bug 1240835SUSE bug 1241090CVE-2025-22026SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
nfsd: don't ignore the return code of svc_proc_register()
Currently, nfsd_proc_stat_init() ignores the return value of
svc_proc_register(). If the procfile creation fails, then the kernel
will WARN when it tries to remove the entry later.
Fix nfsd_proc_stat_init() to return the same type of pointer as
svc_proc_register(), and fix up nfsd_net_init() to check that and fail
the nfsd_net construction if it occurs.
svc_proc_register() can fail if the dentry can't be allocated, or if an
identical dentry already exists. The second case is pretty unlikely in
the nfsd_net construction codepath, so if this happens, return -ENOMEM.
ModerateCVE-2025-22026 at SUSECVE-2025-22026 at NVDSUSE bug 1241349CVE-2025-23150SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix off-by-one error in do_split
Syzkaller detected a use-after-free issue in ext4_insert_dentry that was
caused by out-of-bounds access due to incorrect splitting in do_split.
BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109
Write of size 251 at addr ffff888074572f14 by task syz-executor335/5847
CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
__asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106
ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109
add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154
make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351
ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455
ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796
ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431
vfs_symlink+0x137/0x2e0 fs/namei.c:4615
do_symlinkat+0x222/0x3a0 fs/namei.c:4641
__do_sys_symlink fs/namei.c:4662 [inline]
__se_sys_symlink fs/namei.c:4660 [inline]
__x64_sys_symlink+0x7a/0x90 fs/namei.c:4660
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
</TASK>
The following loop is located right above 'if' statement.
for (i = count-1; i >= 0; i--) {
/* is more than half of this entry in 2nd half of the block? */
if (size + map[i].size/2 > blocksize/2)
break;
size += map[i].size;
move++;
}
'i' in this case could go down to -1, in which case sum of active entries
wouldn't exceed half the block size, but previous behaviour would also do
split in half if sum would exceed at the very last block, which in case of
having too many long name files in a single block could lead to
out-of-bounds access and following use-after-free.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
ModerateCVE-2025-23150 at SUSECVE-2025-23150 at NVDSUSE bug 1242513CVE-2025-24495SUSE Liberty Linux 7 LTSS
Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core(tm) Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
ModerateCVE-2025-24495 at SUSECVE-2025-24495 at NVDSUSE bug 1242006SUSE bug 1243123CVE-2025-24528SUSE Liberty Linux 7 LTSS
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
ModerateCVE-2025-24528 at SUSECVE-2025-24528 at NVDSUSE bug 1236619CVE-2025-24855SUSE Liberty Linux 7 LTSS
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
ImportantCVE-2025-24855 at SUSECVE-2025-24855 at NVDSUSE bug 1239625CVE-2025-24928SUSE Liberty Linux 7 LTSS
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
ModerateCVE-2025-24928 at SUSECVE-2025-24928 at NVDSUSE bug 1237370CVE-2025-26594SUSE Liberty Linux 7 LTSS
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
ImportantCVE-2025-26594 at SUSECVE-2025-26594 at NVDSUSE bug 1237427CVE-2025-26595SUSE Liberty Linux 7 LTSS
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.
ModerateCVE-2025-26595 at SUSECVE-2025-26595 at NVDSUSE bug 1237429CVE-2025-26596SUSE Liberty Linux 7 LTSS
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.
ModerateCVE-2025-26596 at SUSECVE-2025-26596 at NVDSUSE bug 1237430CVE-2025-26597SUSE Liberty Linux 7 LTSS
A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.
ModerateCVE-2025-26597 at SUSECVE-2025-26597 at NVDSUSE bug 1237431CVE-2025-26598SUSE Liberty Linux 7 LTSS
An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access.
ModerateCVE-2025-26598 at SUSECVE-2025-26598 at NVDSUSE bug 1237432CVE-2025-26599SUSE Liberty Linux 7 LTSS
An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later.
ModerateCVE-2025-26599 at SUSECVE-2025-26599 at NVDSUSE bug 1237433CVE-2025-26600SUSE Liberty Linux 7 LTSS
A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.
ImportantCVE-2025-26600 at SUSECVE-2025-26600 at NVDSUSE bug 1237434CVE-2025-26601SUSE Liberty Linux 7 LTSS
A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.
ImportantCVE-2025-26601 at SUSECVE-2025-26601 at NVDSUSE bug 1237435CVE-2025-27363SUSE Liberty Linux 7 LTSS
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
ImportantCVE-2025-27363 at SUSECVE-2025-27363 at NVDSUSE bug 1239465CVE-2025-2784SUSE Liberty Linux 7 LTSS
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
ImportantCVE-2025-2784 at SUSECVE-2025-2784 at NVDSUSE bug 1240750CVE-2025-30691SUSE Liberty Linux 7 LTSS
Unknown.
ModerateCVE-2025-30691 at SUSECVE-2025-30691 at NVDSUSE bug 1241275CVE-2025-30698SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-30698 at SUSECVE-2025-30698 at NVDSUSE bug 1241274SUSE bug 1241276CVE-2025-30749SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-30749 at SUSECVE-2025-30749 at NVDSUSE bug 1246595CVE-2025-30754SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-30754 at SUSECVE-2025-30754 at NVDSUSE bug 1246595SUSE bug 1246598CVE-2025-30761SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-30761 at SUSECVE-2025-30761 at NVDSUSE bug 1246580SUSE bug 1246595CVE-2025-32049SUSE Liberty Linux 7 LTSS
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
ImportantCVE-2025-32049 at SUSECVE-2025-32049 at NVDSUSE bug 1240751SUSE bug 1250562CVE-2025-32414SUSE Liberty Linux 7 LTSS
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
ModerateCVE-2025-32414 at SUSECVE-2025-32414 at NVDSUSE bug 1241551CVE-2025-32415SUSE Liberty Linux 7 LTSS
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
LowCVE-2025-32415 at SUSECVE-2025-32415 at NVDSUSE bug 1241453CVE-2025-32462SUSE Liberty Linux 7 LTSS
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
ImportantCVE-2025-32462 at SUSECVE-2025-32462 at NVDSUSE bug 1245274CVE-2025-32906SUSE Liberty Linux 7 LTSS
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.
ImportantCVE-2025-32906 at SUSECVE-2025-32906 at NVDSUSE bug 1241263SUSE bug 1250562CVE-2025-32911SUSE Liberty Linux 7 LTSS
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
ImportantCVE-2025-32911 at SUSECVE-2025-32911 at NVDSUSE bug 1241238SUSE bug 1250562CVE-2025-32913SUSE Liberty Linux 7 LTSS
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.
ImportantCVE-2025-32913 at SUSECVE-2025-32913 at NVDSUSE bug 1241162CVE-2025-32914SUSE Liberty Linux 7 LTSS
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
ImportantCVE-2025-32914 at SUSECVE-2025-32914 at NVDSUSE bug 1241164CVE-2025-37797SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net_sched: hfsc: Fix a UAF vulnerability in class handling
This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class
handling. The issue occurs due to a time-of-check/time-of-use condition
in hfsc_change_class() when working with certain child qdiscs like netem
or codel.
The vulnerability works as follows:
1. hfsc_change_class() checks if a class has packets (q.qlen != 0)
2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,
codel, netem) might drop packets and empty the queue
3. The code continues assuming the queue is still non-empty, adding
the class to vttree
4. This breaks HFSC scheduler assumptions that only non-empty classes
are in vttree
5. Later, when the class is destroyed, this can lead to a Use-After-Free
The fix adds a second queue length check after qdisc_peek_len() to verify
the queue wasn't emptied.
ImportantCVE-2025-37797 at SUSECVE-2025-37797 at NVDSUSE bug 1242417SUSE bug 1245793CVE-2025-37823SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
Similarly to the previous patch, we need to safe guard hfsc_dequeue()
too. But for this one, we don't have a reliable reproducer.
ModerateCVE-2025-37823 at SUSECVE-2025-37823 at NVDSUSE bug 1242924CVE-2025-38000SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the
child qdisc's peek() operation before incrementing sch->q.qlen and
sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may
trigger an immediate dequeue and potential packet drop. In such cases,
qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog
have not yet been updated, leading to inconsistent queue accounting. This
can leave an empty HFSC class in the active list, causing further
consequences like use-after-free.
This patch fixes the bug by moving the increment of sch->q.qlen and
sch->qstats.backlog before the call to the child qdisc's peek() operation.
This ensures that queue length and backlog are always accurate when packet
drops or dequeues are triggered during the peek.
ImportantCVE-2025-38000 at SUSECVE-2025-38000 at NVDSUSE bug 1244277SUSE bug 1245775CVE-2025-38079SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_hash - fix double free in hash_accept
If accept(2) is called on socket type algif_hash with
MSG_MORE flag set and crypto_ahash_import fails,
sk2 is freed. However, it is also freed in af_alg_release,
leading to slab-use-after-free error.
ImportantCVE-2025-38079 at SUSECVE-2025-38079 at NVDSUSE bug 1245217SUSE bug 1245218CVE-2025-38177SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: make hfsc_qlen_notify() idempotent
hfsc_qlen_notify() is not idempotent either and not friendly
to its callers, like fq_codel_dequeue(). Let's make it idempotent
to ease qdisc_tree_reduce_backlog() callers' life:
1. update_vf() decreases cl->cl_nactive, so we can check whether it is
non-zero before calling it.
2. eltree_remove() always removes RB node cl->el_node, but we can use
RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.
ImportantCVE-2025-38177 at SUSECVE-2025-38177 at NVDSUSE bug 1237312SUSE bug 1245986SUSE bug 1246356SUSE bug 1247374CVE-2025-38200SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
When the device sends a specific input, an integer underflow can occur, leading
to MMIO write access to an invalid page.
Prevent the integer underflow by changing the type of related variables.
ModerateCVE-2025-38200 at SUSECVE-2025-38200 at NVDSUSE bug 1246045SUSE bug 1246046CVE-2025-38332SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Use memcpy() for BIOS version
The strlcat() with FORTIFY support is triggering a panic because it
thinks the target buffer will overflow although the correct target
buffer size is passed in.
Anyway, instead of memset() with 0 followed by a strlcat(), just use
memcpy() and ensure that the resulting buffer is NULL terminated.
BIOSVersion is only used for the lpfc_printf_log() which expects a
properly terminated string.
ModerateCVE-2025-38332 at SUSECVE-2025-38332 at NVDSUSE bug 1246375CVE-2025-38350SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Always pass notifications when child class becomes empty
Certain classful qdiscs may invoke their classes' dequeue handler on an
enqueue operation. This may unexpectedly empty the child qdisc and thus
make an in-flight class passive via qlen_notify(). Most qdiscs do not
expect such behaviour at this point in time and may re-activate the
class eventually anyways which will lead to a use-after-free.
The referenced fix commit attempted to fix this behavior for the HFSC
case by moving the backlog accounting around, though this turned out to
be incomplete since the parent's parent may run into the issue too.
The following reproducer demonstrates this use-after-free:
tc qdisc add dev lo root handle 1: drr
tc filter add dev lo parent 1: basic classid 1:1
tc class add dev lo parent 1: classid 1:1 drr
tc qdisc add dev lo parent 1:1 handle 2: hfsc def 1
tc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0
tc qdisc add dev lo parent 2:1 handle 3: netem
tc qdisc add dev lo parent 3:1 handle 4: blackhole
echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888
tc class delete dev lo classid 1:1
echo 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888
Since backlog accounting issues leading to a use-after-frees on stale
class pointers is a recurring pattern at this point, this patch takes
a different approach. Instead of trying to fix the accounting, the patch
ensures that qdisc_tree_reduce_backlog always calls qlen_notify when
the child qdisc is empty. This solves the problem because deletion of
qdiscs always involves a call to qdisc_reset() and / or
qdisc_purge_queue() which ultimately resets its qlen to 0 thus causing
the following qdisc_tree_reduce_backlog() to report to the parent. Note
that this may call qlen_notify on passive classes multiple times. This
is not a problem after the recent patch series that made all the
classful qdiscs qlen_notify() handlers idempotent.
ImportantCVE-2025-38350 at SUSECVE-2025-38350 at NVDSUSE bug 1246781SUSE bug 1247043CVE-2025-38352SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
If an exiting non-autoreaping task has already passed exit_notify() and
calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent
or debugger right after unlock_task_sighand().
If a concurrent posix_cpu_timer_del() runs at that moment, it won't be
able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or
lock_task_sighand() will fail.
Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.
This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because
exit_task_work() is called before exit_notify(). But the check still
makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail
anyway in this case.
ImportantCVE-2025-38352 at SUSECVE-2025-38352 at NVDSUSE bug 1246911SUSE bug 1249205CVE-2025-38415SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check return result of sb_min_blocksize
Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug.
Syzkaller forks multiple processes which after mounting the Squashfs
filesystem, issues an ioctl("/dev/loop0", LOOP_SET_BLOCK_SIZE, 0x8000).
Now if this ioctl occurs at the same time another process is in the
process of mounting a Squashfs filesystem on /dev/loop0, the failure
occurs. When this happens the following code in squashfs_fill_super()
fails.
----
msblk->devblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);
msblk->devblksize_log2 = ffz(~msblk->devblksize);
----
sb_min_blocksize() returns 0, which means msblk->devblksize is set to 0.
As a result, ffz(~msblk->devblksize) returns 64, and msblk->devblksize_log2
is set to 64.
This subsequently causes the
UBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36
shift exponent 64 is too large for 64-bit type 'u64' (aka
'unsigned long long')
This commit adds a check for a 0 return by sb_min_blocksize().
ModerateCVE-2025-38415 at SUSECVE-2025-38415 at NVDSUSE bug 1247147CVE-2025-38459SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
atm: clip: Fix infinite recursive call of clip_push().
syzbot reported the splat below. [0]
This happens if we call ioctl(ATMARP_MKIP) more than once.
During the first call, clip_mkip() sets clip_push() to vcc->push(),
and the second call copies it to clip_vcc->old_push().
Later, when the socket is close()d, vcc_destroy_socket() passes
NULL skb to clip_push(), which calls clip_vcc->old_push(),
triggering the infinite recursion.
Let's prevent the second ioctl(ATMARP_MKIP) by checking
vcc->user_back, which is allocated by the first call as clip_vcc.
Note also that we use lock_sock() to prevent racy calls.
[0]:
BUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)
Oops: stack guard page: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191
Code: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00
RSP: 0018:ffffc9000d670000 EFLAGS: 00010246
RAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000
RBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e
R10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300
R13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578
FS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0
Call Trace:
<TASK>
clip_push+0x6dc/0x720 net/atm/clip.c:200
clip_push+0x6dc/0x720 net/atm/clip.c:200
clip_push+0x6dc/0x720 net/atm/clip.c:200
...
clip_push+0x6dc/0x720 net/atm/clip.c:200
clip_push+0x6dc/0x720 net/atm/clip.c:200
clip_push+0x6dc/0x720 net/atm/clip.c:200
vcc_destroy_socket net/atm/common.c:183 [inline]
vcc_release+0x157/0x460 net/atm/common.c:205
__sock_release net/socket.c:647 [inline]
sock_close+0xc0/0x240 net/socket.c:1391
__fput+0x449/0xa70 fs/file_table.c:465
task_work_run+0x1d1/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114
exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]
do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff31c98e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f
R10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c
R13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090
</TASK>
Modules linked in:
ModerateCVE-2025-38459 at SUSECVE-2025-38459 at NVDSUSE bug 1247119CVE-2025-38477SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix race condition on qfq_aggregate
A race condition can occur when 'agg' is modified in qfq_change_agg
(called during qfq_enqueue) while other threads access it
concurrently. For example, qfq_dump_class may trigger a NULL
dereference, and qfq_delete_class may cause a use-after-free.
This patch addresses the issue by:
1. Moved qfq_destroy_class into the critical section.
2. Added sch_tree_lock protection to qfq_dump_class and
qfq_dump_class_stats.
ImportantCVE-2025-38477 at SUSECVE-2025-38477 at NVDSUSE bug 1247314SUSE bug 1247315CVE-2025-38556SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
HID: core: Harden s32ton() against conversion to 0 bits
Testing by the syzbot fuzzer showed that the HID core gets a
shift-out-of-bounds exception when it tries to convert a 32-bit
quantity to a 0-bit quantity. Ideally this should never occur, but
there are buggy devices and some might have a report field with size
set to zero; we shouldn't reject the report or the device just because
of that.
Instead, harden the s32ton() routine so that it returns a reasonable
result instead of crashing when it is called with the number of bits
set to 0 -- the same as what snto32() does.
ModerateCVE-2025-38556 at SUSECVE-2025-38556 at NVDSUSE bug 1248296CVE-2025-38718SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
sctp: linearize cloned gso packets in sctp_rcv
A cloned head skb still shares these frag skbs in fraglist with the
original head skb. It's not safe to access these frag skbs.
syzbot reported two use-of-uninitialized-memory bugs caused by this:
BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211
sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211
sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998
sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88
sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122
__release_sock+0x1da/0x330 net/core/sock.c:3106
release_sock+0x6b/0x250 net/core/sock.c:3660
sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360
sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885
sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031
inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851
sock_sendmsg_nosec net/socket.c:718 [inline]
and
BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987
sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987
sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88
sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331
sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148
__release_sock+0x1d3/0x330 net/core/sock.c:3213
release_sock+0x6b/0x270 net/core/sock.c:3767
sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367
sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886
sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032
inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851
sock_sendmsg_nosec net/socket.c:712 [inline]
This patch fixes it by linearizing cloned gso packets in sctp_rcv().
ModerateCVE-2025-38718 at SUSECVE-2025-38718 at NVDSUSE bug 1249161CVE-2025-38729SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
UAC3 power domain descriptors need to be verified with its variable
bLength for avoiding the unexpected OOB accesses by malicious
firmware, too.
ModerateCVE-2025-38729 at SUSECVE-2025-38729 at NVDSUSE bug 1249164CVE-2025-39751SUSE Liberty Linux 7 LTSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ModerateCVE-2025-39751 at SUSECVE-2025-39751 at NVDSUSE bug 1249538SUSE bug 1249539CVE-2025-39757SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
UAC3 class segment descriptors need to be verified whether their sizes
match with the declared lengths and whether they fit with the
allocated buffer sizes, too. Otherwise malicious firmware may lead to
the unexpected OOB accesses.
ModerateCVE-2025-39757 at SUSECVE-2025-39757 at NVDSUSE bug 1249515CVE-2025-39760SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
usb: core: config: Prevent OOB read in SS endpoint companion parsing
usb_parse_ss_endpoint_companion() checks descriptor type before length,
enabling a potentially odd read outside of the buffer size.
Fix this up by checking the size first before looking at any of the
fields in the descriptor.
ModerateCVE-2025-39760 at SUSECVE-2025-39760 at NVDSUSE bug 1249598CVE-2025-39817SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
Observed on kernel 6.6 (present on master as well):
BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0
Call trace:
kasan_check_range+0xe8/0x190
__asan_loadN+0x1c/0x28
memcmp+0x98/0xd0
efivarfs_d_compare+0x68/0xd8
__d_lookup_rcu_op_compare+0x178/0x218
__d_lookup_rcu+0x1f8/0x228
d_alloc_parallel+0x150/0x648
lookup_open.isra.0+0x5f0/0x8d0
open_last_lookups+0x264/0x828
path_openat+0x130/0x3f8
do_filp_open+0x114/0x248
do_sys_openat2+0x340/0x3c0
__arm64_sys_openat+0x120/0x1a0
If dentry->d_name.len < EFI_VARIABLE_GUID_LEN , 'guid' can become
negative, leadings to oob. The issue can be triggered by parallel
lookups using invalid filename:
T1 T2
lookup_open
->lookup
simple_lookup
d_add
// invalid dentry is added to hash list
lookup_open
d_alloc_parallel
__d_lookup_rcu
__d_lookup_rcu_op_compare
hlist_bl_for_each_entry_rcu
// invalid dentry can be retrieved
->d_compare
efivarfs_d_compare
// oob
Fix it by checking 'guid' before cmp.
ModerateCVE-2025-39817 at SUSECVE-2025-39817 at NVDSUSE bug 1249998CVE-2025-39898SUSE Liberty Linux 7 LTSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
ImportantCVE-2025-39898 at SUSECVE-2025-39898 at NVDSUSE bug 1247374SUSE bug 1250742SUSE bug 1250744SUSE bug 1253291CVE-2025-39955SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk
in the TCP_ESTABLISHED state. [0]
syzbot reused the server-side TCP Fast Open socket as a new client before
the TFO socket completes 3WHS:
1. accept()
2. connect(AF_UNSPEC)
3. connect() to another destination
As of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes
it to TCP_CLOSE and makes connect() possible, which restarts timers.
Since tcp_disconnect() forgot to clear tcp_sk(sk)->fastopen_rsk, the
retransmit timer triggered the warning and the intended packet was not
retransmitted.
Let's call reqsk_fastopen_remove() in tcp_disconnect().
[0]:
WARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))
Modules linked in:
CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))
Code: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 <0f> 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e
RSP: 0018:ffffc900002f8d40 EFLAGS: 00010293
RAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017
RDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400
RBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8
R10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540
R13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0
FS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0
Call Trace:
<IRQ>
tcp_write_timer (net/ipv4/tcp_timer.c:738)
call_timer_fn (kernel/time/timer.c:1747)
__run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)
timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)
tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)
__walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))
tmigr_handle_remote (kernel/time/timer_migration.c:1096)
handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)
irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)
sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))
</IRQ>
ModerateCVE-2025-39955 at SUSECVE-2025-39955 at NVDSUSE bug 1251804CVE-2025-39971SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
i40e: fix idx validation in config queues msg
Ensure idx is within range of active/initialized TCs when iterating over
vf->ch[idx] in i40e_vc_config_queues_msg().
ModerateCVE-2025-39971 at SUSECVE-2025-39971 at NVDSUSE bug 1252052CVE-2025-39993SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
media: rc: fix races with imon_disconnect()
Syzbot reports a KASAN issue as below:
BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]
BUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627
Read of size 4 at addr ffff8880256fb000 by task syz-executor314/4465
CPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
__create_pipe include/linux/usb.h:1945 [inline]
send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627
vfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991
vfs_write+0x2d7/0xdd0 fs/read_write.c:576
ksys_write+0x127/0x250 fs/read_write.c:631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
The iMON driver improperly releases the usb_device reference in
imon_disconnect without coordinating with active users of the
device.
Specifically, the fields usbdev_intf0 and usbdev_intf1 are not
protected by the users counter (ictx->users). During probe,
imon_init_intf0 or imon_init_intf1 increments the usb_device
reference count depending on the interface. However, during
disconnect, usb_put_dev is called unconditionally, regardless of
actual usage.
As a result, if vfd_write or other operations are still in
progress after disconnect, this can lead to a use-after-free of
the usb_device pointer.
Thread 1 vfd_write Thread 2 imon_disconnect
...
if
usb_put_dev(ictx->usbdev_intf0)
else
usb_put_dev(ictx->usbdev_intf1)
...
while
send_packet
if
pipe = usb_sndintpipe(
ictx->usbdev_intf0) UAF
else
pipe = usb_sndctrlpipe(
ictx->usbdev_intf0, 0) UAF
Guard access to usbdev_intf0 and usbdev_intf1 after disconnect by
checking ictx->disconnected in all writer paths. Add early return
with -ENODEV in send_packet(), vfd_write(), lcd_write() and
display_open() if the device is no longer present.
Set and read ictx->disconnected under ictx->lock to ensure memory
synchronization. Acquire the lock in imon_disconnect() before setting
the flag to synchronize with any ongoing operations.
Ensure writers exit early and safely after disconnect before the USB
core proceeds with cleanup.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
ModerateCVE-2025-39993 at SUSECVE-2025-39993 at NVDSUSE bug 1252070CVE-2025-40248SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
vsock: Ignore signal/timeout on connect() if already established
During connect(), acting on a signal/timeout by disconnecting an already
established socket leads to several issues:
1. connect() invoking vsock_transport_cancel_pkt() ->
virtio_transport_purge_skbs() may race with sendmsg() invoking
virtio_transport_get_credit(). This results in a permanently elevated
`vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.
2. connect() resetting a connected socket's state may race with socket
being placed in a sockmap. A disconnected socket remaining in a sockmap
breaks sockmap's assumptions. And gives rise to WARNs.
3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a
transport change/drop after TCP_ESTABLISHED. Which poses a problem for
any simultaneous sendmsg() or connect() and may result in a
use-after-free/null-ptr-deref.
Do not disconnect socket on signal/timeout. Keep the logic for unconnected
sockets: they don't linger, can't be placed in a sockmap, are rejected by
sendmsg().
[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/
[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/
[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/
ModerateCVE-2025-40248 at SUSECVE-2025-40248 at NVDSUSE bug 1254864CVE-2025-40271SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: fix uaf in proc_readdir_de()
Pde is erased from subdir rbtree through rb_erase(), but not set the node
to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()
set the erased node to EMPTY, then pde_subdir_next() will return NULL to
avoid uaf access.
We found an uaf issue while using stress-ng testing, need to run testcase
getdent and tun in the same time. The steps of the issue is as follows:
1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current
pde is tun3;
2) in the [time windows] unregister netdevice tun3 and tun2, and erase
them from rbtree. erase tun3 first, and then erase tun2. the
pde(tun2) will be released to slab;
3) continue to getdent process, then pde_subdir_next() will return
pde(tun2) which is released, it will case uaf access.
CPU 0 | CPU 1
-------------------------------------------------------------------------
traverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2
sys_getdents64() |
iterate_dir() |
proc_readdir() |
proc_readdir_de() | snmp6_unregister_dev()
pde_get(de); | proc_remove()
read_unlock(&proc_subdir_lock); | remove_proc_subtree()
| write_lock(&proc_subdir_lock);
[time window] | rb_erase(&root->subdir_node, &parent->subdir);
| write_unlock(&proc_subdir_lock);
read_lock(&proc_subdir_lock); |
next = pde_subdir_next(de); |
pde_put(de); |
de = next; //UAF |
rbtree of dev_snmp6
|
pde(tun3)
/ \
NULL pde(tun2)
ModerateCVE-2025-40271 at SUSECVE-2025-40271 at NVDSUSE bug 1255297CVE-2025-40778SUSE Liberty Linux 7 LTSS
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
ImportantCVE-2025-40778 at SUSECVE-2025-40778 at NVDSUSE bug 1252379CVE-2025-40907SUSE Liberty Linux 7 LTSS
FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library.
The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
ModerateCVE-2025-40907 at SUSECVE-2025-40907 at NVDSUSE bug 1243326CVE-2025-47273SUSE Liberty Linux 7 LTSS
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
ImportantCVE-2025-47273 at SUSECVE-2025-47273 at NVDSUSE bug 1243313CVE-2025-4802SUSE Liberty Linux 7 LTSS
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
ImportantCVE-2025-4802 at SUSECVE-2025-4802 at NVDSUSE bug 1243317SUSE bug 1243318CVE-2025-48384SUSE Liberty Linux 7 LTSS
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
ImportantCVE-2025-48384 at SUSECVE-2025-48384 at NVDSUSE bug 1245943CVE-2025-48797SUSE Liberty Linux 7 LTSS
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
ImportantCVE-2025-48797 at SUSECVE-2025-48797 at NVDSUSE bug 1243711CVE-2025-48798SUSE Liberty Linux 7 LTSS
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
ImportantCVE-2025-48798 at SUSECVE-2025-48798 at NVDSUSE bug 1243712CVE-2025-49091SUSE Liberty Linux 7 LTSS
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
ImportantCVE-2025-49091 at SUSECVE-2025-49091 at NVDSUSE bug 1244569CVE-2025-49175SUSE Liberty Linux 7 LTSS
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
ImportantCVE-2025-49175 at SUSECVE-2025-49175 at NVDSUSE bug 1244082CVE-2025-49176SUSE Liberty Linux 7 LTSS
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
ImportantCVE-2025-49176 at SUSECVE-2025-49176 at NVDSUSE bug 1244084CVE-2025-49178SUSE Liberty Linux 7 LTSS
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
ModerateCVE-2025-49178 at SUSECVE-2025-49178 at NVDSUSE bug 1244087CVE-2025-49179SUSE Liberty Linux 7 LTSS
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
ImportantCVE-2025-49179 at SUSECVE-2025-49179 at NVDSUSE bug 1244089CVE-2025-49180SUSE Liberty Linux 7 LTSS
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
ImportantCVE-2025-49180 at SUSECVE-2025-49180 at NVDSUSE bug 1244090CVE-2025-4948SUSE Liberty Linux 7 LTSS
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
ImportantCVE-2025-4948 at SUSECVE-2025-4948 at NVDSUSE bug 1243332SUSE bug 1250562CVE-2025-49794SUSE Liberty Linux 7 LTSS
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
ImportantCVE-2025-49794 at SUSECVE-2025-49794 at NVDSUSE bug 1244554CVE-2025-49796SUSE Liberty Linux 7 LTSS
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
ImportantCVE-2025-49796 at SUSECVE-2025-49796 at NVDSUSE bug 1244557CVE-2025-49812SUSE Liberty Linux 7 LTSS
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.
Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
ImportantCVE-2025-49812 at SUSECVE-2025-49812 at NVDSUSE bug 1246161CVE-2025-50059SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-50059 at SUSECVE-2025-50059 at NVDSUSE bug 1246575SUSE bug 1246595CVE-2025-50106SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-50106 at SUSECVE-2025-50106 at NVDSUSE bug 1246584SUSE bug 1246595CVE-2025-5283SUSE Liberty Linux 7 LTSS
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
ImportantCVE-2025-5283 at SUSECVE-2025-5283 at NVDSUSE bug 1243741CVE-2025-53057SUSE Liberty Linux 7 LTSS
Unknown.
ModerateCVE-2025-53057 at SUSECVE-2025-53057 at NVDSUSE bug 1252414CVE-2025-53066SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2025-53066 at SUSECVE-2025-53066 at NVDSUSE bug 1252417CVE-2025-5473SUSE Liberty Linux 7 LTSS
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
ImportantCVE-2025-5473 at SUSECVE-2025-5473 at NVDSUSE bug 1244058CVE-2025-58060SUSE Liberty Linux 7 LTSS
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.
ImportantCVE-2025-58060 at SUSECVE-2025-58060 at NVDSUSE bug 1249049CVE-2025-58098SUSE Liberty Linux 7 LTSS
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.
This issue affects Apache HTTP Server before 2.4.66.
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
ModerateCVE-2025-58098 at SUSECVE-2025-58098 at NVDSUSE bug 1254512CVE-2025-5914SUSE Liberty Linux 7 LTSS
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
ImportantCVE-2025-5914 at SUSECVE-2025-5914 at NVDSUSE bug 1244272CVE-2025-6019SUSE Liberty Linux 7 LTSS
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
ImportantCVE-2025-6019 at SUSECVE-2025-6019 at NVDSUSE bug 1243285CVE-2025-6020SUSE Liberty Linux 7 LTSS
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
ImportantCVE-2025-6020 at SUSECVE-2025-6020 at NVDSUSE bug 1244509CVE-2025-6021SUSE Liberty Linux 7 LTSS
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
ImportantCVE-2025-6021 at SUSECVE-2025-6021 at NVDSUSE bug 1244580CVE-2025-61662SUSE Liberty Linux 7 LTSS
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
ModerateCVE-2025-61662 at SUSECVE-2025-61662 at NVDSUSE bug 1252933CVE-2025-62229SUSE Liberty Linux 7 LTSS
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
ImportantCVE-2025-62229 at SUSECVE-2025-62229 at NVDSUSE bug 1251958CVE-2025-62230SUSE Liberty Linux 7 LTSS
A flaw was discovered in the X.Org X server's X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
ImportantCVE-2025-62230 at SUSECVE-2025-62230 at NVDSUSE bug 1251959CVE-2025-62231SUSE Liberty Linux 7 LTSS
A flaw was identified in the X.Org X server's X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
ImportantCVE-2025-62231 at SUSECVE-2025-62231 at NVDSUSE bug 1251960CVE-2025-62626SUSE Liberty Linux 7 LTSS
Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values.
ImportantCVE-2025-62626 at SUSECVE-2025-62626 at NVDCVE-2025-64720SUSE Liberty Linux 7 LTSS
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
ModerateCVE-2025-64720 at SUSECVE-2025-64720 at NVDSUSE bug 1254159CVE-2025-65018SUSE Liberty Linux 7 LTSS
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
ModerateCVE-2025-65018 at SUSECVE-2025-65018 at NVDSUSE bug 1254160CVE-2025-68285SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
libceph: fix potential use-after-free in have_mon_and_osd_map()
The wait loop in __ceph_open_session() can race with the client
receiving a new monmap or osdmap shortly after the initial map is
received. Both ceph_monc_handle_map() and handle_one_map() install
a new map immediately after freeing the old one
kfree(monc->monmap);
monc->monmap = monmap;
ceph_osdmap_destroy(osdc->osdmap);
osdc->osdmap = newmap;
under client->monc.mutex and client->osdc.lock respectively, but
because neither is taken in have_mon_and_osd_map() it's possible for
client->monc.monmap->epoch and client->osdc.osdmap->epoch arms in
client->monc.monmap && client->monc.monmap->epoch &&
client->osdc.osdmap && client->osdc.osdmap->epoch;
condition to dereference an already freed map. This happens to be
reproducible with generic/395 and generic/397 with KASAN enabled:
BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70
Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305
CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266
...
Call Trace:
<TASK>
have_mon_and_osd_map+0x56/0x70
ceph_open_session+0x182/0x290
ceph_get_tree+0x333/0x680
vfs_get_tree+0x49/0x180
do_new_mount+0x1a3/0x2d0
path_mount+0x6dd/0x730
do_mount+0x99/0xe0
__do_sys_mount+0x141/0x180
do_syscall_64+0x9f/0x100
entry_SYSCALL_64_after_hwframe+0x76/0x7e
</TASK>
Allocated by task 13305:
ceph_osdmap_alloc+0x16/0x130
ceph_osdc_init+0x27a/0x4c0
ceph_create_client+0x153/0x190
create_fs_client+0x50/0x2a0
ceph_get_tree+0xff/0x680
vfs_get_tree+0x49/0x180
do_new_mount+0x1a3/0x2d0
path_mount+0x6dd/0x730
do_mount+0x99/0xe0
__do_sys_mount+0x141/0x180
do_syscall_64+0x9f/0x100
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Freed by task 9475:
kfree+0x212/0x290
handle_one_map+0x23c/0x3b0
ceph_osdc_handle_map+0x3c9/0x590
mon_dispatch+0x655/0x6f0
ceph_con_process_message+0xc3/0xe0
ceph_con_v1_try_read+0x614/0x760
ceph_con_workfn+0x2de/0x650
process_one_work+0x486/0x7c0
process_scheduled_works+0x73/0x90
worker_thread+0x1c8/0x2a0
kthread+0x2ec/0x300
ret_from_fork+0x24/0x40
ret_from_fork_asm+0x1a/0x30
Rewrite the wait loop to check the above condition directly with
client->monc.mutex and client->osdc.lock taken as appropriate. While
at it, improve the timeout handling (previously mount_timeout could be
exceeded in case wait_event_interruptible_timeout() slept more than
once) and access client->auth_err under client->monc.mutex to match
how it's set in finish_auth().
monmap_show() and osdmap_show() now take the respective lock before
accessing the map as well.
ImportantCVE-2025-68285 at SUSECVE-2025-68285 at NVDSUSE bug 1255401SUSE bug 1255402CVE-2025-68349SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
Fixes a crash when layout is null during this call stack:
write_inode
-> nfs4_write_inode
-> pnfs_layoutcommit_inode
pnfs_set_layoutcommit relies on the lseg refcount to keep the layout
around. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt
to reference a null layout.
ModerateCVE-2025-68349 at SUSECVE-2025-68349 at NVDSUSE bug 1255544CVE-2025-6965SUSE Liberty Linux 7 LTSS
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
ImportantCVE-2025-6965 at SUSECVE-2025-6965 at NVDSUSE bug 1246597CVE-2025-8714SUSE Liberty Linux 7 LTSS
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
ImportantCVE-2025-8714 at SUSECVE-2025-8714 at NVDSUSE bug 1248122CVE-2025-8941SUSE Liberty Linux 7 LTSS
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
ImportantCVE-2025-8941 at SUSECVE-2025-8941 at NVDSUSE bug 1248073CVE-2025-9230SUSE Liberty Linux 7 LTSS
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to
perform it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used. For that reason the issue was assessed as
Moderate severity according to our Security Policy.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
ImportantCVE-2025-9230 at SUSECVE-2025-9230 at NVDSUSE bug 1250232SUSE bug 1250410CVE-2026-1299SUSE Liberty Linux 7 LTSS
The
email module, specifically the "BytesGenerator" class, didn't properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
ImportantCVE-2026-1299 at SUSECVE-2026-1299 at NVDSUSE bug 1257181CVE-2026-21925SUSE Liberty Linux 7 LTSS
Unknown.
ModerateCVE-2026-21925 at SUSECVE-2026-21925 at NVDSUSE bug 1257034CVE-2026-21933SUSE Liberty Linux 7 LTSS
Unknown.
ModerateCVE-2026-21933 at SUSECVE-2026-21933 at NVDSUSE bug 1257037CVE-2026-21945SUSE Liberty Linux 7 LTSS
Unknown.
ImportantCVE-2026-21945 at SUSECVE-2026-21945 at NVDSUSE bug 1257038CVE-2026-23074SUSE Liberty Linux 7 LTSS
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Enforce that teql can only be used as root qdisc
Design intent of teql is that it is only supposed to be used as root qdisc.
We need to check for that constraint.
Although not important, I will describe the scenario that unearthed this
issue for the curious.
GangMin Kim <km.kim1503@gmail.com> managed to concot a scenario as follows:
ROOT qdisc 1:0 (QFQ)
├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s
── class 1:2 (weight=1, lmax=1514) teql
GangMin sends a packet which is enqueued to 1:1 (netem).
Any invocation of dequeue by QFQ from this class will not return a packet
until after 6.4s. In the meantime, a second packet is sent and it lands on
1:2. teql's enqueue will return success and this will activate class 1:2.
Main issue is that teql only updates the parent visible qlen (sch->q.qlen)
at dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's
peek always returns NULL), dequeue will never be called and thus the qlen
will remain as 0. With that in mind, when GangMin updates 1:2's lmax value,
the qfq_change_class calls qfq_deact_rm_from_agg. Since the child qdisc's
qlen was not incremented, qfq fails to deactivate the class, but still
frees its pointers from the aggregate. So when the first packet is
rescheduled after 6.4 seconds (netem's delay), a dangling pointer is
accessed causing GangMin's causing a UAF.
ImportantCVE-2026-23074 at SUSECVE-2026-23074 at NVDSUSE bug 1257749SUSE bug 1258051CVE-2026-23490SUSE Liberty Linux 7 LTSS
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2.
ImportantCVE-2026-23490 at SUSECVE-2026-23490 at NVDSUSE bug 1256902mailxsles_es-release-serverjava-1.6.0-openjdkjava-1.6.0-openjdk-demojava-1.6.0-openjdk-develjava-1.6.0-openjdk-javadocjava-1.6.0-openjdk-srcjava-1.7.0-openjdkjava-1.7.0-openjdk-accessibilityjava-1.7.0-openjdk-demojava-1.7.0-openjdk-develjava-1.7.0-openjdk-headlessjava-1.7.0-openjdk-javadocjava-1.7.0-openjdk-srcjava-1.8.0-openjdkjava-1.8.0-openjdk-accessibilityjava-1.8.0-openjdk-demojava-1.8.0-openjdk-develjava-1.8.0-openjdk-headlessjava-1.8.0-openjdk-javadocjava-1.8.0-openjdk-srcopensslopenssl-developenssl-libsopenssl-perlopenssl-staticipa-admintoolsipa-clientipa-pythonipa-serveripa-server-trust-adkernelkernel-abi-whitelistskernel-debugkernel-dockernel-headerskernel-toolskernel-tools-libsperfpython-perfperl-File-Find-Ruleperl-File-Find-Rule-Perlxfsprogsxfsprogs-develxfsprogs-qa-develrubygem-bundlerrubygem-bundler-docrubygem-thorrubygem-thor-docpythonpython-debugpython-develpython-libspython-testpython-toolstkinterlibsrtplibsrtp-develxerces-j2xerces-j2-demoxerces-j2-javadoclibcacardlibcacard-devellibcacard-toolsqemu-guest-agentqemu-imgqemu-kvmqemu-kvm-commonqemu-kvm-toolstomcattomcat-admin-webappstomcat-docs-webapptomcat-el-2.2-apitomcat-javadoctomcat-jsp-2.2-apitomcat-jsvctomcat-libtomcat-servlet-3.0-apitomcat-webappshttpdhttpd-develhttpd-manualhttpd-toolsmod_ldapmod_proxy_htmlmod_sessionmod_sslghostscriptghostscript-cupsghostscript-develghostscript-docghostscript-gtkjson-cjson-c-develjson-c-docrpmrpm-apidocsrpm-buildrpm-build-libsrpm-cronrpm-develrpm-libsrpm-pythonrpm-signphpphp-bcmathphp-cliphp-commonphp-dbaphp-develphp-embeddedphp-enchantphp-fpmphp-gdphp-intlphp-ldapphp-mbstringphp-mysqlphp-mysqlndphp-odbcphp-pdophp-pgsqlphp-processphp-pspellphp-recodephp-snmpphp-soapphp-xmlphp-xmlrpcglibcglibc-commonglibc-develglibc-headersglibc-staticglibc-utilsnscdkernel-defaultkgraft-patch-3_12_38-44-defaultkgraft-patch-3_12_39-47-defaultkgraft-patch-3_12_43-52_6-defaultkgraft-patch-3_12_44-52_10-defaultkgraft-patch-3_12_44-52_18-defaultkgraft-patch-3_12_48-52_27-defaultkgraft-patch-3_12_49-11-defaultkgraft-patch-3_12_51-52_31-defaultkgraft-patch-3_12_51-52_34-defaultkgraft-patch-3_12_51-52_39-defaultkgraft-patch-3_12_51-60_20-defaultkgraft-patch-3_12_51-60_25-defaultkgraft-patch-3_12_53-60_30-defaultkgraft-patch-3_12_57-60_35-defaultkgraft-patch-3_12_59-60_41-defaultkgraft-patch-3_12_59-60_45-defaultlibsmbclientlibsmbclient-devellibwbclientlibwbclient-develsambasamba-clientsamba-commonsamba-dcsamba-dc-libssamba-develsamba-libssamba-pidlsamba-pythonsamba-testsamba-test-develsamba-vfs-glusterfssamba-winbindsamba-winbind-clientssamba-winbind-krb5-locatorsamba-winbind-moduleslibvirtlibvirt-clientlibvirt-daemonlibvirt-daemon-config-networklibvirt-daemon-config-nwfilterlibvirt-daemon-driver-interfacelibvirt-daemon-driver-lxclibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-kvmlibvirt-daemon-lxclibvirt-devellibvirt-docslibvirt-lock-sanlocklibvirt-login-shelllibvirt-pythonlibxml2libxml2-devellibxml2-pythonlibxml2-staticfilefile-develfile-libsfile-staticpython-magiclibXfontlibXfont-developenssl098emod_wsgimariadbmariadb-benchmariadb-develmariadb-embeddedmariadb-embedded-develmariadb-libsmariadb-servermariadb-testzshzsh-htmlnssnss-develnss-pkcs11-develnss-softoknnss-softokn-develnss-softokn-freeblnss-softokn-freebl-develnss-sysinitnss-toolsnss-utilnss-util-develfirefoxxulrunnerxulrunner-developensshopenssh-askpassopenssh-clientsopenssh-keycatopenssh-ldapopenssh-serveropenssh-server-sysvinitpam_ssh_agent_authgnutlsgnutls-c++gnutls-danegnutls-develgnutls-utilslibtasn1libtasn1-devellibtasn1-toolsresteasy-baseresteasy-base-atom-providerresteasy-base-jackson-providerresteasy-base-javadocresteasy-base-jaxb-providerresteasy-base-jaxrsresteasy-base-jaxrs-allresteasy-base-jaxrs-apiresteasy-base-jettison-providerresteasy-base-providers-pomresteasy-base-tjwsdockermod_dav_svnsubversionsubversion-develsubversion-gnomesubversion-javahlsubversion-kdesubversion-libssubversion-perlsubversion-pythonsubversion-rubysubversion-toolsnet-snmpnet-snmp-agent-libsnet-snmp-develnet-snmp-guinet-snmp-libsnet-snmp-perlnet-snmp-pythonnet-snmp-sysvinitnet-snmp-utilshttpcomponents-clienthttpcomponents-client-javadocjakarta-commons-httpclientjakarta-commons-httpclient-demojakarta-commons-httpclient-javadocjakarta-commons-httpclient-manualsquidsquid-sysvinitcurllibcurllibcurl-develprocmailrsyslogrsyslog-cryptorsyslog-docrsyslog-elasticsearchrsyslog-gnutlsrsyslog-gssapirsyslog-libdbirsyslog-mmauditrsyslog-mmjsonparsersyslog-mmnormalizersyslog-mmsnmptrapdrsyslog-mysqlrsyslog-pgsqlrsyslog-relprsyslog-snmprsyslog-udpspoofwpa_supplicantkgraft-patch-3_12_32-33-defaultfinchfinch-devellibpurplelibpurple-devellibpurple-perllibpurple-tclpidginpidgin-develpidgin-perlcups-filterscups-filters-develcups-filters-libskrb5-develkrb5-libskrb5-pkinitkrb5-serverkrb5-server-ldapkrb5-workstationwgetrubyruby-develruby-docruby-irbruby-libsruby-tcltkrubygem-bigdecimalrubygem-io-consolerubygem-jsonrubygem-minitestrubygem-psychrubygem-rakerubygem-rdocrubygemsrubygems-develpolkit-qtpolkit-qt-develpolkit-qt-doclibvncserverlibvncserver-develkdenetworkkdenetwork-commonkdenetwork-develkdenetwork-fileshare-sambakdenetwork-kdnssdkdenetwork-kgetkdenetwork-kget-libskdenetwork-kopetekdenetwork-kopete-develkdenetwork-kopete-libskdenetwork-krdckdenetwork-krdc-develkdenetwork-krdc-libskdenetwork-krfbkdenetwork-krfb-libshaproxybashbash-docwiresharkwireshark-develwireshark-gnomeclutterclutter-develclutter-doccoglcogl-develcogl-docgnome-shellgnome-shell-browser-pluginmuttermutter-develkgraft-patch-3_12_36-38-defaultxorg-x11-server-Xdmxxorg-x11-server-Xephyrxorg-x11-server-Xnestxorg-x11-server-Xorgxorg-x11-server-Xvfbxorg-x11-server-commonxorg-x11-server-develxorg-x11-server-source389-ds-base389-ds-base-devel389-ds-base-libsnetcfnetcf-develnetcf-libslibtifflibtiff-devellibtiff-staticlibtiff-toolsjasperjasper-develjasper-libsjasper-utilsunzippostgresqlpostgresql-contribpostgresql-develpostgresql-docspostgresql-libspostgresql-plperlpostgresql-plpythonpostgresql-pltclpostgresql-serverpostgresql-testpostgresql-upgradeautofsliblouisliblouis-develliblouis-docliblouis-pythonliblouis-utilstigervnctigervnc-iconstigervnc-licensetigervnc-servertigervnc-server-applettigervnc-server-minimaltigervnc-server-modulebinutilsbinutils-develbindbind-chrootbind-develbind-libsbind-libs-litebind-licensebind-lite-develbind-sdbbind-sdb-chrootbind-utilsunboundunbound-develunbound-libsunbound-pythonflacflac-develflac-libspcrepcre-develpcre-staticpcre-toolscpiolibyamllibyaml-develhivexhivex-develocaml-hivexocaml-hivex-develperl-hivexpython-hivexruby-hivexntpntp-docntp-perlntpdatesntpmpfrmpfr-develfreetypefreetype-demosfreetype-develcupscups-clientcups-develcups-filesystemcups-ipptoolcups-libscups-lpdemacs-gitemacs-git-elgitgit-allgit-bzrgit-cvsgit-daemongit-emailgit-guigit-hggit-p4git-svngitkgitwebperl-Gitperl-Git-SVNxerces-cxerces-c-develxerces-c-docjakarta-taglibs-standardjakarta-taglibs-standard-javadoctcpdumpkexec-toolskexec-tools-anaconda-addonkexec-tools-eppicModemManagerModemManager-develModemManager-glibModemManager-glib-develModemManager-valaNetworkManagerNetworkManager-adslNetworkManager-bluetoothNetworkManager-config-routing-rulesNetworkManager-config-serverNetworkManager-develNetworkManager-glibNetworkManager-glib-develNetworkManager-libnmNetworkManager-libnm-develNetworkManager-libreswanNetworkManager-libreswan-gnomeNetworkManager-teamNetworkManager-tuiNetworkManager-wifiNetworkManager-wwanlibnm-gtklibnm-gtk-develnetwork-manager-appletnm-connection-editorslapi-nisthunderbirdlibwmflibwmf-devellibwmf-litegreplibssh2libssh2-devellibssh2-docssetroubleshootsetroubleshoot-serverchronypcspython-clufterpacemakerpacemaker-clipacemaker-cluster-libspacemaker-ctspacemaker-docpacemaker-libspacemaker-libs-develpacemaker-nagios-plugins-metadatapacemaker-remoteabrtabrt-addon-ccppabrt-addon-kerneloopsabrt-addon-pstoreoopsabrt-addon-pythonabrt-addon-upload-watchabrt-addon-vmcoreabrt-addon-xorgabrt-cliabrt-console-notificationabrt-dbusabrt-desktopabrt-develabrt-guiabrt-gui-develabrt-gui-libsabrt-libsabrt-pythonabrt-python-docabrt-retrace-clientabrt-tuilibreportlibreport-anacondalibreport-clilibreport-compatlibreport-devellibreport-filesystemlibreport-gtklibreport-gtk-devellibreport-newtlibreport-plugin-bugzillalibreport-plugin-kerneloopslibreport-plugin-loggerlibreport-plugin-mailxlibreport-plugin-reportuploaderlibreport-plugin-ureportlibreport-pythonlibreport-weblibreport-web-develrestrest-develrealmdrealmd-devel-docsexpatexpat-develexpat-staticmailmanlibreswanctdbctdb-develctdb-testsldb-toolslibldblibldb-develpyldbpyldb-develsamba-client-libssamba-common-libssamba-common-toolssamba-test-libspampam-devellibuserlibuser-devellibuser-pythonspice-serverspice-server-developenhpiopenhpi-developenhpi-libspolkitpolkit-develpolkit-docsopenldapopenldap-clientsopenldap-developenldap-serversopenldap-servers-sqllemonsqlitesqlite-develsqlite-docsqlite-tclgdk-pixbuf2gdk-pixbuf2-devellibvirt-nssgrub2grub2-efigrub2-efi-modulesgrub2-toolslibipa_hbaclibipa_hbac-devellibsss_idmaplibsss_idmap-devellibsss_nss_idmaplibsss_nss_idmap-devellibsss_simpleifplibsss_simpleifp-develpython-libipa_hbacpython-libsss_nss_idmappython-ssspython-sss-murmurpython-sssdconfigsssdsssd-adsssd-clientsssd-commonsssd-common-pacsssd-dbussssd-ipasssd-krb5sssd-krb5-commonsssd-ldapsssd-libwbclientsssd-libwbclient-develsssd-proxysssd-toolsipa-server-dnslibtalloclibtalloc-devellibtdblibtdb-devellibteventlibtevent-developenchangeopenchange-clientopenchange-developenchange-devel-docspytallocpytalloc-develpython-tdbpython-teventtdb-toolsnsprnspr-develrpcbindgdmgdm-develgnome-sessiongnome-session-custom-sessiongnome-session-xsessionapache-commons-collectionsapache-commons-collections-javadocapache-commons-collections-testframeworkapache-commons-collections-testframework-javadocsosjava-1.8.0-openjdk-accessibility-debugjava-1.8.0-openjdk-debugjava-1.8.0-openjdk-demo-debugjava-1.8.0-openjdk-devel-debugjava-1.8.0-openjdk-headless-debugjava-1.8.0-openjdk-javadoc-debugjava-1.8.0-openjdk-src-debuglibpng12libpng12-develbind-pkcs11bind-pkcs11-develbind-pkcs11-libsbind-pkcs11-utilslibpnglibpng-devellibpng-staticnettlenettle-develbpftoolpopplerpoppler-cpppoppler-cpp-develpoppler-demospoppler-develpoppler-glibpoppler-glib-develpoppler-qtpoppler-qt-develpoppler-utilslibguestfslibguestfs-bash-completionlibguestfs-devellibguestfs-gfs2libguestfs-gobjectlibguestfs-gobject-devellibguestfs-gobject-doclibguestfs-inspect-iconslibguestfs-javalibguestfs-java-devellibguestfs-javadoclibguestfs-man-pages-jalibguestfs-man-pages-uklibguestfs-rescuelibguestfs-rsynclibguestfs-toolslibguestfs-tools-clibguestfs-xfslua-guestfsocamlocaml-camlp4ocaml-camlp4-develocaml-compiler-libsocaml-docsocaml-emacsocaml-labltkocaml-labltk-develocaml-libguestfsocaml-libguestfs-develocaml-ocamldococaml-runtimeocaml-sourceocaml-x11perl-Sys-Guestfspython-libguestfsruby-libguestfsvirt-dibvirt-v2vImageMagickImageMagick-c++ImageMagick-c++-develImageMagick-develImageMagick-docImageMagick-perlbsdcpiobsdtarlibarchivelibarchive-develipa-client-commonipa-commonipa-python-compatipa-server-commonpython2-ipaclientpython2-ipalibpython2-ipaserverdrm-utilsegl-utilsfreeglutfreeglut-develglx-utilsintel-gpu-toolslibX11libX11-commonlibX11-devellibXcursorlibXcursor-devellibXfont2libXfont2-devellibXreslibXres-devellibdrmlibdrm-devellibepoxylibepoxy-devellibglvndlibglvnd-core-devellibglvnd-devellibglvnd-egllibglvnd-gleslibglvnd-glxlibglvnd-opengllibinputlibinput-devellibwacomlibwacom-datalibwacom-devellibxcblibxcb-devellibxcb-docmesa-demosmesa-dri-driversmesa-filesystemmesa-libEGLmesa-libEGL-develmesa-libGLmesa-libGL-develmesa-libGLESmesa-libGLES-develmesa-libOSMesamesa-libOSMesa-develmesa-libgbmmesa-libgbm-develmesa-libglapimesa-libwayland-eglmesa-libwayland-egl-develmesa-libxatrackermesa-libxatracker-develmesa-vdpau-driversmesa-vulkan-driversvulkanvulkan-develvulkan-filesystemxcb-protoxkeyboard-configxkeyboard-config-develxorg-x11-drv-atixorg-x11-drv-dummyxorg-x11-drv-evdevxorg-x11-drv-evdev-develxorg-x11-drv-fbdevxorg-x11-drv-intelxorg-x11-drv-intel-develxorg-x11-drv-libinputxorg-x11-drv-libinput-develxorg-x11-drv-mousexorg-x11-drv-mouse-develxorg-x11-drv-nouveauxorg-x11-drv-openchromexorg-x11-drv-openchrome-develxorg-x11-drv-qxlxorg-x11-drv-synapticsxorg-x11-drv-synaptics-develxorg-x11-drv-v4lxorg-x11-drv-vesaxorg-x11-drv-vmmousexorg-x11-drv-vmwarexorg-x11-drv-voidxorg-x11-drv-wacomxorg-x11-drv-wacom-develxorg-x11-font-utilsxorg-x11-proto-develxorg-x11-server-Xspicexorg-x11-server-Xwaylandxorg-x11-utilsxorg-x11-xkb-extrasxorg-x11-xkb-utilsxorg-x11-xkb-utils-develPackageKitPackageKit-command-not-foundPackageKit-cronPackageKit-glibPackageKit-glib-develPackageKit-gstreamer-pluginPackageKit-gtk3-modulePackageKit-yumPackageKit-yum-pluginaccountsserviceaccountsservice-develaccountsservice-libsadwaita-cursor-themeadwaita-gtk2-themeadwaita-icon-themeadwaita-icon-theme-develappstream-dataat-spi2-atkat-spi2-atk-develat-spi2-coreat-spi2-core-develatkatk-develbaobabboltbraserobrasero-develbrasero-libsbrasero-nautiluscairocairo-develcairo-gobjectcairo-gobject-develcairo-toolscheesecheese-libscheese-libs-develclutter-gst3clutter-gst3-develcompat-exiv2-023compat-libical1control-centercontrol-center-filesystemdconfdconf-develdconf-editordevhelpdevhelp-develdevhelp-libsekigaempathyeogeog-develevinceevince-browser-pluginevince-develevince-dvievince-libsevince-nautilusevolutionevolution-bogofilterevolution-data-serverevolution-data-server-develevolution-data-server-docevolution-data-server-langpacksevolution-data-server-perlevolution-data-server-testsevolution-develevolution-devel-docsevolution-ewsevolution-ews-langpacksevolution-helpevolution-langpacksevolution-mapievolution-mapi-langpacksevolution-pstevolution-spamassassinevolution-testsfile-rollerfile-roller-nautilusflatpakflatpak-builderflatpak-develflatpak-libsfolksfolks-develfolks-toolsfontconfigfontconfig-develfontconfig-devel-docfribidifribidi-develfwupdfwupd-develfwupdatefwupdate-develfwupdate-efifwupdate-libsgcrgcr-develgdk-pixbuf2-testsgdm-pam-extensions-develgeditgedit-develgedit-plugin-bookmarksgedit-plugin-bracketcompletiongedit-plugin-charmapgedit-plugin-codecommentgedit-plugin-colorpickergedit-plugin-colorschemergedit-plugin-commandergedit-plugin-drawspacesgedit-plugin-findinfilesgedit-plugin-joinlinesgedit-plugin-multieditgedit-plugin-smartspacesgedit-plugin-synctexgedit-plugin-terminalgedit-plugin-textsizegedit-plugin-translategedit-plugin-wordcompletiongedit-pluginsgedit-plugins-datageoclue2geoclue2-demosgeoclue2-develgeoclue2-libsgeocode-glibgeocode-glib-develgjsgjs-develgjs-testsgladeglade-develglade-libsglib-networkingglib-networking-testsglib2glib2-develglib2-docglib2-famglib2-staticglib2-testsglibmm24glibmm24-develglibmm24-docgnome-backgroundsgnome-bluetoothgnome-bluetooth-libsgnome-bluetooth-libs-develgnome-boxesgnome-calculatorgnome-classic-sessiongnome-clocksgnome-color-managergnome-contactsgnome-desktop3gnome-desktop3-develgnome-desktop3-testsgnome-devel-docsgnome-dictionarygnome-disk-utilitygnome-documentsgnome-documents-libsgnome-font-viewergnome-getting-started-docsgnome-getting-started-docs-csgnome-getting-started-docs-degnome-getting-started-docs-esgnome-getting-started-docs-frgnome-getting-started-docs-glgnome-getting-started-docs-hugnome-getting-started-docs-itgnome-getting-started-docs-plgnome-getting-started-docs-pt_BRgnome-getting-started-docs-rugnome-initial-setupgnome-keyringgnome-keyring-pamgnome-online-accountsgnome-online-accounts-develgnome-online-minersgnome-packagekitgnome-packagekit-commongnome-packagekit-installergnome-packagekit-updatergnome-screenshotgnome-session-wayland-sessiongnome-settings-daemongnome-settings-daemon-develgnome-shell-extension-alternate-tabgnome-shell-extension-apps-menugnome-shell-extension-auto-move-windowsgnome-shell-extension-commongnome-shell-extension-dash-to-dockgnome-shell-extension-drive-menugnome-shell-extension-launch-new-instancegnome-shell-extension-native-window-placementgnome-shell-extension-no-hot-cornergnome-shell-extension-panel-favoritesgnome-shell-extension-places-menugnome-shell-extension-screenshot-window-sizergnome-shell-extension-systemMonitorgnome-shell-extension-top-iconsgnome-shell-extension-updates-dialoggnome-shell-extension-user-themegnome-shell-extension-window-listgnome-shell-extension-windowsNavigatorgnome-shell-extension-workspace-indicatorgnome-softwaregnome-software-develgnome-software-editorgnome-system-monitorgnome-terminalgnome-terminal-nautilusgnome-themes-standardgnome-tweak-toolgnome-user-docsgnotegobject-introspectiongobject-introspection-develgomgom-develgoogle-noto-emoji-color-fontsgoogle-noto-emoji-fontsgrilogrilo-develgrilo-pluginsgsettings-desktop-schemasgsettings-desktop-schemas-develgspellgspell-develgspell-docgssdpgssdp-develgssdp-docsgssdp-utilsgstreamer1-plugins-basegstreamer1-plugins-base-develgstreamer1-plugins-base-devel-docsgstreamer1-plugins-base-toolsgtk-docgtk-update-icon-cachegtk3gtk3-develgtk3-devel-docsgtk3-immodule-ximgtk3-immodulesgtk3-testsgtksourceview3gtksourceview3-develgtksourceview3-testsgucharmapgucharmap-develgucharmap-libsgupnpgupnp-develgupnp-docsgupnp-igdgupnp-igd-develgupnp-igd-pythongvfsgvfs-afcgvfs-afpgvfs-archivegvfs-clientgvfs-develgvfs-fusegvfs-goagvfs-gphoto2gvfs-mtpgvfs-smbgvfs-testsharfbuzzharfbuzz-develharfbuzz-icujson-glibjson-glib-develjson-glib-testslibappstream-gliblibappstream-glib-builderlibappstream-glib-builder-devellibappstream-glib-devellibchamplainlibchamplain-demoslibchamplain-devellibchamplain-gtklibcrocolibcroco-devellibgdatalibgdata-devellibgeelibgee-devellibgepublibgepub-devellibgexiv2libgexiv2-devellibgnomekbdlibgnomekbd-devellibgovirtlibgovirt-devellibgtop2libgtop2-devellibgweatherlibgweather-devellibgxpslibgxps-devellibgxps-toolslibicallibical-devellibical-gliblibical-glib-devellibical-glib-doclibjpeg-turbolibjpeg-turbo-devellibjpeg-turbo-staticlibjpeg-turbo-utilslibmediaartlibmediaart-devellibmediaart-testslibosinfolibosinfo-devellibosinfo-valalibpeaslibpeas-devellibpeas-gtklibpeas-loader-pythonlibrsvg2librsvg2-devellibrsvg2-toolslibsecretlibsecret-devellibsouplibsoup-devellibwayland-clientlibwayland-cursorlibwayland-egllibwayland-serverlibwnck3libwnck3-develmozjs52mozjs52-develnautilusnautilus-develnautilus-extensionsnautilus-sendtoosinfo-dbpangopango-develpango-testspython2-gexiv2python2-pyatspirhythmboxrhythmbox-develseahorse-nautilusshotwellsushitotemtotem-develtotem-nautilustotem-pl-parsertotem-pl-parser-develturbojpegturbojpeg-develupowerupower-develupower-devel-docsvalavala-develvala-docvaladocvaladoc-develvinovte-profilevte291vte291-develwayland-develwayland-docwayland-protocols-develwebkitgtk4webkitgtk4-develwebkitgtk4-docwebkitgtk4-jscwebkitgtk4-jsc-develwebkitgtk4-plugin-process-gtk2xdg-desktop-portalxdg-desktop-portal-develxdg-desktop-portal-gtkyelpyelp-develyelp-libsyelp-toolsyelp-xslyelp-xsl-develzenityNetworkManager-dispatcher-routing-ruleslibnl3libnl3-clilibnl3-devellibnl3-doclibnmalibnma-develpython-twisted-websquid-migration-scriptopenssh-cavskgraft-patch-4_4_21-69-defaultkgraft-patch-4_4_21-81-defaultkgraft-patch-4_4_21-84-defaultkgraft-patch-4_4_21-90-defaultkgraft-patch-4_4_38-93-defaultlibICElibICE-devellibXawlibXaw-devellibXdmcplibXdmcp-devellibXfixeslibXfixes-devellibXilibXi-devellibXpmlibXpm-devellibXrandrlibXrandr-devellibXrenderlibXrender-devellibXtlibXt-devellibXtstlibXtst-devellibXvlibXv-devellibXvMClibXvMC-devellibXxf86vmlibXxf86vm-devellibevdevlibevdev-devellibevdev-utilslibfontenclibfontenc-devellibvdpaulibvdpau-devellibvdpau-docslibxkbcommonlibxkbcommon-devellibxkbcommon-x11libxkbcommon-x11-devellibxkbfilelibxkbfile-develmesa-private-llvmmesa-private-llvm-develclutter-gst2clutter-gst2-develgnome-video-effectsgstreamer-plugins-bad-freegstreamer-plugins-bad-free-develgstreamer-plugins-bad-free-devel-docsgstreamer-plugins-goodgstreamer-plugins-good-devel-docsgstreamer1gstreamer1-develgstreamer1-devel-docsgstreamer1-plugins-bad-freegstreamer1-plugins-bad-free-develgstreamer1-plugins-bad-free-gtkgstreamer1-plugins-goodorcorc-compilerorc-develorc-docfltkfltk-develfltk-fluidfltk-staticdoxygendoxygen-doxywizarddoxygen-latexpatchpython-jinja2vim-X11vim-commonvim-enhancedvim-filesystemvim-minimalgraphite2graphite2-develsamba-krb5-printingsamba-python-testdhclientdhcpdhcp-commondhcp-develdhcp-libsemacs-mercurialemacs-mercurial-elmercurialmercurial-hgkmod_nsslibkadm5libndplibndp-develsetroubleshoot-plugins389-ds-base-snmpgimpgimp-develgimp-devel-toolsgimp-helpgimp-help-cagimp-help-dagimp-help-degimp-help-elgimp-help-en_GBgimp-help-esgimp-help-frgimp-help-itgimp-help-jagimp-help-kogimp-help-nlgimp-help-nngimp-help-pt_BRgimp-help-rugimp-help-slgimp-help-svgimp-help-zh_CNgimp-libsxmlrpc-clientxmlrpc-commonxmlrpc-javadocxmlrpc-serverlibblkidlibblkid-devellibmountlibmount-devellibuuidlibuuid-develutil-linuxuuiddopenjpegopenjpeg-developenjpeg-libskgraft-patch-3_12_62-60_62-defaultgolanggolang-bingolang-docsgolang-miscgolang-srcgolang-testsfirewall-appletfirewall-configfirewalldfirewalld-filesystempython-firewalljava-1.8.0-openjdk-javadoc-zipjava-1.8.0-openjdk-javadoc-zip-debuggdgd-develgd-progslibgcryptlibgcrypt-develkgraft-patch-3_12_62-60_64_8-defaultgroovygroovy-javadocsudosudo-develresteasy-base-clientresteasy-base-resteasy-pompolicycoreutilspolicycoreutils-develpolicycoreutils-guipolicycoreutils-newrolepolicycoreutils-pythonpolicycoreutils-restorecondpolicycoreutils-sandboxlibgudev1libgudev1-develsystemdsystemd-develsystemd-journal-gatewaysystemd-libssystemd-networkdsystemd-pythonsystemd-resolvedsystemd-sysvkgraft-patch-3_12_67-60_64_18-defaultipsilonipsilon-authformipsilon-authgssapiipsilon-authldapipsilon-baseipsilon-clientipsilon-filesystemipsilon-infosssdipsilon-personaipsilon-saml2ipsilon-saml2-baseipsilon-tools-ipamemcachedmemcached-develkgraft-patch-3_12_67-60_64_21-defaultminizipminizip-develzlibzlib-develzlib-staticlibvpxlibvpx-devellibvpx-utilsNetworkManager-pppkgraft-patch-4_4_103-6_33-defaultkgraft-patch-4_4_103-6_38-defaultkgraft-patch-4_4_82-6_3-defaultkgraft-patch-4_4_82-6_6-defaultkgraft-patch-4_4_82-6_9-defaultkgraft-patch-4_4_92-6_18-defaultkgraft-patch-4_4_92-6_30-defaultxmlsec1xmlsec1-develxmlsec1-gcryptxmlsec1-gcrypt-develxmlsec1-gnutlsxmlsec1-gnutls-develxmlsec1-nssxmlsec1-nss-develxmlsec1-opensslxmlsec1-openssl-develkgraft-patch-4_4_49-92_11-defaultkgraft-patch-4_4_49-92_14-defaultkgraft-patch-4_4_59-92_17-defaultkgraft-patch-4_4_59-92_20-defaultkgraft-patch-4_4_59-92_24-defaultkgraft-patch-4_4_74-92_29-defaultkgraft-patch-4_4_74-92_32-defaultkgraft-patch-4_4_74-92_35-defaultkgraft-patch-4_4_74-92_38-defaultbluezbluez-cupsbluez-hid2hcibluez-libsbluez-libs-develkgraft-patch-4_4_90-92_45-defaultkgraft-patch-4_12_14-95_40-defaultkgraft-patch-4_12_14-120-defaultkgraft-patch-4_12_14-122_7-defaultkernel-livepatch-4_12_14-150_41-defaultkernel-livepatch-4_12_14-197_26-defaultautotraceautotrace-develemacsemacs-commonemacs-elemacs-filesystememacs-noxemacs-terminalinkscapeinkscape-docsinkscape-viewfreeradiusfreeradius-develfreeradius-docfreeradius-krb5freeradius-ldapfreeradius-mysqlfreeradius-perlfreeradius-postgresqlfreeradius-pythonfreeradius-sqlitefreeradius-unixODBCfreeradius-utilscppgccgcc-c++gcc-gfortrangcc-gnatgcc-gogcc-objcgcc-objc++gcc-plugin-devellibasanlibasan-staticlibatomiclibatomic-staticlibgcclibgfortranlibgfortran-staticlibgnatlibgnat-devellibgnat-staticlibgolibgo-devellibgo-staticlibgomplibitmlibitm-devellibitm-staticlibmudflaplibmudflap-devellibmudflap-staticlibobjclibquadmathlibquadmath-devellibquadmath-staticlibstdc++libstdc++-devellibstdc++-docslibstdc++-staticlibtsanlibtsan-staticpostgresql-staticlibsss_autofslibsss_certmaplibsss_certmap-devellibsss_sudosssd-kcmsssd-polkit-rulessssd-winbind-idmapaprapr-develkgraft-patch-4_4_114-94_11-defaultkgraft-patch-4_4_114-94_14-defaultdnsmasqdnsmasq-utilskeycloak-httpd-client-installpython2-keycloak-httpd-client-installxdg-user-dirsspamassassinkgraft-patch-4_4_103-92_53-defaultkgraft-patch-4_4_103-92_56-defaultkgraft-patch-4_4_90-92_50-defaultexiv2exiv2-develexiv2-docexiv2-libsopenslpopenslp-developenslp-serversoxsox-devellibcdiolibcdio-develexempiexempi-develkernel-livepatch-4_12_14-23-defaultkernel-livepatch-4_12_14-25_3-defaulticoutilslog4jlog4j-javadoclog4j-manualiwl100-firmwareiwl1000-firmwareiwl105-firmwareiwl135-firmwareiwl2000-firmwareiwl2030-firmwareiwl3160-firmwareiwl3945-firmwareiwl4965-firmwareiwl5000-firmwareiwl5150-firmwareiwl6000-firmwareiwl6000g2a-firmwareiwl6000g2b-firmwareiwl6050-firmwareiwl7260-firmwareiwl7265-firmwarelibvirt-adminlinux-firmwaremicrocode_ctlOVMFgtk-vncgtk-vnc-develgtk-vnc-pythongtk-vnc2gtk-vnc2-develgvncgvnc-develgvnc-toolsgvncpulsegvncpulse-develkgraft-patch-3_12_67-60_64_24-defaultkgraft-patch-3_12_69-60_64_29-defaultmod_auth_openidcavahiavahi-autoipdavahi-compat-howlavahi-compat-howl-develavahi-compat-libdns_sdavahi-compat-libdns_sd-develavahi-develavahi-dnsconfdavahi-glibavahi-glib-develavahi-gobjectavahi-gobject-develavahi-libsavahi-qt3avahi-qt3-develavahi-qt4avahi-qt4-develavahi-toolsavahi-uiavahi-ui-develavahi-ui-gtk3avahi-ui-toolskgraft-patch-3_12_69-60_64_32-defaultkgraft-patch-3_12_69-60_64_35-defaultauthconfigauthconfig-gtkkgraft-patch-4_4_73-5-defaultpki-basepki-base-javapki-capki-javadocpki-krapki-serverpki-symkeypki-toolsaugeasaugeas-develaugeas-libskdelibskdelibs-apidocskdelibs-commonkdelibs-develkdelibs-ktexteditorlibtirpclibtirpc-develnss-pempcs-snmplibrelplibrelp-develkgraft-patch-4_4_120-94_17-defaultkgraft-patch-4_4_126-94_22-defaultkgraft-patch-4_12_14-95_19-defaultkgraft-patch-4_12_14-95_24-defaultkgraft-patch-4_12_14-95_29-defaultkgraft-patch-4_12_14-95_32-defaultkgraft-patch-4_12_14-95_37-defaultkgraft-patch-4_12_14-95_45-defaultkgraft-patch-4_12_14-95_48-defaultkgraft-patch-4_12_14-95_51-defaultkgraft-patch-4_12_14-122_12-defaultkgraft-patch-4_12_14-122_17-defaultkgraft-patch-4_12_14-122_20-defaultkernel-livepatch-4_12_14-150_22-defaultkernel-livepatch-4_12_14-150_27-defaultkernel-livepatch-4_12_14-150_32-defaultkernel-livepatch-4_12_14-150_35-defaultkernel-livepatch-4_12_14-150_38-defaultkernel-livepatch-4_12_14-150_47-defaultkernel-livepatch-4_12_14-195-defaultkernel-livepatch-4_12_14-197_10-defaultkernel-livepatch-4_12_14-197_15-defaultkernel-livepatch-4_12_14-197_18-defaultkernel-livepatch-4_12_14-197_21-defaultkernel-livepatch-4_12_14-197_29-defaultkernel-livepatch-4_12_14-197_34-defaultkernel-livepatch-4_12_14-197_37-defaultkernel-livepatch-4_12_14-197_4-defaultkernel-livepatch-4_12_14-197_40-defaultkernel-livepatch-4_12_14-197_7-defaultokularokular-develokular-libsokular-partpython-paramikopython-paramiko-docfreerdpfreerdp-develfreerdp-libslibwinprlibwinpr-develvinagreplexus-archiverplexus-archiver-javadocdpdkdpdk-develdpdk-docdpdk-toolslibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-glusterlibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-rbdlibvirt-daemon-driver-storage-scsilibvirt-libsblktracecorosynccorosync-qdevicecorosync-qnetdcorosynclibcorosynclib-develkgraft-patch-4_4_131-94_29-defaultkgraft-patch-4_4_132-94_33-defaultkernel-livepatch-4_12_14-25_13-defaultkernel-livepatch-4_12_14-25_6-defaultspice-glibspice-glib-develspice-gtk-toolsspice-gtk3spice-gtk3-develspice-gtk3-valaspice-vdagentvirt-viewercloud-inityum-NetworkManager-dispatcheryum-plugin-aliasesyum-plugin-auto-update-debug-infoyum-plugin-changelogyum-plugin-copryum-plugin-fastestmirroryum-plugin-filter-datayum-plugin-fs-snapshotyum-plugin-keysyum-plugin-list-datayum-plugin-localyum-plugin-merge-confyum-plugin-ovlyum-plugin-post-transaction-actionsyum-plugin-pre-transaction-actionsyum-plugin-prioritiesyum-plugin-protectbaseyum-plugin-psyum-plugin-remove-with-leavesyum-plugin-rpm-warm-cacheyum-plugin-show-leavesyum-plugin-tmprepoyum-plugin-tsflagsyum-plugin-upgrade-helperyum-plugin-verifyyum-plugin-versionlockyum-updateonbootyum-utilskgraft-patch-4_4_138-94_39-defaultkgraft-patch-4_4_140-94_42-defaultkgraft-patch-4_4_143-94_47-defaultfusefuse-develfuse-libsglusterfsglusterfs-apiglusterfs-api-develglusterfs-cliglusterfs-client-xlatorsglusterfs-develglusterfs-fuseglusterfs-libsglusterfs-rdmapython2-glusterlftplftp-scriptskernel-livepatch-4_12_14-25_16-defaultsetupprocps-ngprocps-ng-develprocps-ng-i18ntaglibtaglib-develtaglib-doclibgslibgs-develperl-Archive-Targnupg2gnupg2-smimehttp-parserhttp-parser-devellibvirt-bash-completionlibsndfilelibsndfile-devellibsndfile-utilsaudiofileaudiofile-devellibcgrouplibcgroup-devellibcgroup-pamlibcgroup-toolsmuttmesa-libGLwmesa-libGLw-develkgraft-patch-4_4_155-94_50-defaultkgraft-patch-4_4_156-94_57-defaultkgraft-patch-4_4_156-94_61-defaultkgraft-patch-4_4_156-94_64-defaultkernel-livepatch-4_12_14-25_19-defaultsos-collectorlibmspacklibmspack-develqtqt-assistantqt-configqt-demosqt-develqt-devel-privateqt-docqt-examplesqt-mysqlqt-odbcqt-postgresqlqt-qdbusviewerqt-qvfbqt-x11qt5-assistantqt5-designerqt5-doctoolsqt5-linguistqt5-qdbusviewerqt5-qt3dqt5-qt3d-develqt5-qt3d-docqt5-qt3d-examplesqt5-qtbaseqt5-qtbase-commonqt5-qtbase-develqt5-qtbase-docqt5-qtbase-examplesqt5-qtbase-guiqt5-qtbase-mysqlqt5-qtbase-odbcqt5-qtbase-postgresqlqt5-qtbase-staticqt5-qtcanvas3dqt5-qtcanvas3d-docqt5-qtcanvas3d-examplesqt5-qtconnectivityqt5-qtconnectivity-develqt5-qtconnectivity-docqt5-qtconnectivity-examplesqt5-qtdeclarativeqt5-qtdeclarative-develqt5-qtdeclarative-docqt5-qtdeclarative-examplesqt5-qtdeclarative-staticqt5-qtdocqt5-qtgraphicaleffectsqt5-qtgraphicaleffects-docqt5-qtimageformatsqt5-qtimageformats-docqt5-qtlocationqt5-qtlocation-develqt5-qtlocation-docqt5-qtlocation-examplesqt5-qtmultimediaqt5-qtmultimedia-develqt5-qtmultimedia-docqt5-qtmultimedia-examplesqt5-qtquickcontrolsqt5-qtquickcontrols-docqt5-qtquickcontrols-examplesqt5-qtquickcontrols2qt5-qtquickcontrols2-develqt5-qtquickcontrols2-docqt5-qtquickcontrols2-examplesqt5-qtscriptqt5-qtscript-develqt5-qtscript-docqt5-qtscript-examplesqt5-qtsensorsqt5-qtsensors-develqt5-qtsensors-docqt5-qtsensors-examplesqt5-qtserialbusqt5-qtserialbus-develqt5-qtserialbus-docqt5-qtserialbus-examplesqt5-qtserialportqt5-qtserialport-develqt5-qtserialport-docqt5-qtserialport-examplesqt5-qtsvgqt5-qtsvg-develqt5-qtsvg-docqt5-qtsvg-examplesqt5-qttoolsqt5-qttools-commonqt5-qttools-develqt5-qttools-docqt5-qttools-examplesqt5-qttools-libs-designerqt5-qttools-libs-designercomponentsqt5-qttools-libs-helpqt5-qttools-staticqt5-qttranslationsqt5-qtwaylandqt5-qtwayland-develqt5-qtwayland-docqt5-qtwayland-examplesqt5-qtwebchannelqt5-qtwebchannel-develqt5-qtwebchannel-docqt5-qtwebchannel-examplesqt5-qtwebsocketsqt5-qtwebsockets-develqt5-qtwebsockets-docqt5-qtwebsockets-examplesqt5-qtx11extrasqt5-qtx11extras-develqt5-qtx11extras-docqt5-qtxmlpatternsqt5-qtxmlpatterns-develqt5-qtxmlpatterns-docqt5-qtxmlpatterns-examplesqt5-rpm-macrosNetworkManager-ovselfutilselfutils-default-yama-scopeelfutils-develelfutils-devel-staticelfutils-libelfelfutils-libelf-develelfutils-libelf-devel-staticelfutils-libsopensczziplibzziplib-develzziplib-utilskgraft-patch-4_12_14-94_41-defaultkgraft-patch-4_12_14-95_3-defaultkgraft-patch-4_12_14-95_6-defaultkernel-livepatch-4_12_14-25_28-defaultrsyslog-kafkarsyslog-mmkuberneteskgraft-patch-4_4_162-94_69-defaultkgraft-patch-4_4_162-94_72-defaultkernel-livepatch-4_12_14-25_22-defaultkernel-livepatch-4_12_14-25_25-defaultlibudisks2libudisks2-develudisks2udisks2-iscsiudisks2-lsmudisks2-lvm2texlivetexlive-adjustboxtexlive-adjustbox-doctexlive-aetexlive-ae-doctexlive-algorithmstexlive-algorithms-doctexlive-amsclstexlive-amscls-doctexlive-amsfontstexlive-amsfonts-doctexlive-amsmathtexlive-amsmath-doctexlive-anysizetexlive-anysize-doctexlive-appendixtexlive-appendix-doctexlive-arabxetextexlive-arabxetex-doctexlive-arphictexlive-arphic-doctexlive-attachfiletexlive-attachfile-doctexlive-avantgartexlive-babeltexlive-babel-doctexlive-babelbibtexlive-babelbib-doctexlive-basetexlive-beamertexlive-beamer-doctexlive-beratexlive-bera-doctexlive-betontexlive-beton-doctexlive-bibtextexlive-bibtex-bintexlive-bibtex-doctexlive-bibtopictexlive-bibtopic-doctexlive-biditexlive-bidi-doctexlive-bigfoottexlive-bigfoot-doctexlive-bookmantexlive-booktabstexlive-booktabs-doctexlive-breakurltexlive-breakurl-doctexlive-captiontexlive-caption-doctexlive-carlisletexlive-carlisle-doctexlive-changebartexlive-changebar-doctexlive-changepagetexlive-changepage-doctexlive-chartertexlive-charter-doctexlive-chngcntrtexlive-chngcntr-doctexlive-citetexlive-cite-doctexlive-cjktexlive-cjk-doctexlive-cmtexlive-cm-doctexlive-cm-lgctexlive-cm-lgc-doctexlive-cm-supertexlive-cm-super-doctexlive-cmaptexlive-cmap-doctexlive-cmextratexlive-cnstexlive-cns-doctexlive-collectboxtexlive-collectbox-doctexlive-collection-basictexlive-collection-documentation-basetexlive-collection-fontsrecommendedtexlive-collection-htmlxmltexlive-collection-latextexlive-collection-latexrecommendedtexlive-collection-xetextexlive-colortbltexlive-colortbl-doctexlive-couriertexlive-croptexlive-crop-doctexlive-csquotestexlive-csquotes-doctexlive-ctabletexlive-ctable-doctexlive-currfiletexlive-currfile-doctexlive-datetimetexlive-datetime-doctexlive-dvipdfmtexlive-dvipdfm-bintexlive-dvipdfm-doctexlive-dvipdfmxtexlive-dvipdfmx-bintexlive-dvipdfmx-deftexlive-dvipdfmx-doctexlive-dvipngtexlive-dvipng-bintexlive-dvipng-doctexlive-dvipstexlive-dvips-bintexlive-dvips-doctexlive-ectexlive-ec-doctexlive-eepictexlive-eepic-doctexlive-enctextexlive-enctex-doctexlive-enumitemtexlive-enumitem-doctexlive-epsftexlive-epsf-doctexlive-epstopdftexlive-epstopdf-bintexlive-epstopdf-doctexlive-eso-pictexlive-eso-pic-doctexlive-etextexlive-etex-doctexlive-etex-pkgtexlive-etex-pkg-doctexlive-etoolboxtexlive-etoolbox-doctexlive-euenctexlive-euenc-doctexlive-eulertexlive-euler-doctexlive-eurotexlive-euro-doctexlive-eurosymtexlive-eurosym-doctexlive-extsizestexlive-extsizes-doctexlive-fancyboxtexlive-fancybox-doctexlive-fancyhdrtexlive-fancyhdr-doctexlive-fancyreftexlive-fancyref-doctexlive-fancyvrbtexlive-fancyvrb-doctexlive-filecontentstexlive-filecontents-doctexlive-filehooktexlive-filehook-doctexlive-fix2coltexlive-fix2col-doctexlive-fixlatviantexlive-fixlatvian-doctexlive-floattexlive-float-doctexlive-fmtcounttexlive-fmtcount-doctexlive-fncychaptexlive-fncychap-doctexlive-fontbooktexlive-fontbook-doctexlive-fontspectexlive-fontspec-doctexlive-fontwaretexlive-fontware-bintexlive-fontwraptexlive-fontwrap-doctexlive-footmisctexlive-footmisc-doctexlive-fptexlive-fp-doctexlive-fpltexlive-fpl-doctexlive-framedtexlive-framed-doctexlive-garuda-c90texlive-geometrytexlive-geometry-doctexlive-glyphlisttexlive-graphicstexlive-graphics-doctexlive-gsftopktexlive-gsftopk-bintexlive-helvetictexlive-hyperreftexlive-hyperref-doctexlive-hyph-utf8texlive-hyph-utf8-doctexlive-hyphen-basetexlive-hyphenattexlive-hyphenat-doctexlive-ifetextexlive-ifetex-doctexlive-ifluatextexlive-ifluatex-doctexlive-ifmtargtexlive-ifmtarg-doctexlive-ifoddpagetexlive-ifoddpage-doctexlive-iftextexlive-iftex-doctexlive-ifxetextexlive-ifxetex-doctexlive-indextexlive-index-doctexlive-jadetextexlive-jadetex-bintexlive-jadetex-doctexlive-jknapltxtexlive-jknapltx-doctexlive-kastruptexlive-kastrup-doctexlive-kerkistexlive-kerkis-doctexlive-koma-scripttexlive-kpathseatexlive-kpathsea-bintexlive-kpathsea-doctexlive-kpathsea-libtexlive-kpathsea-lib-develtexlive-l3experimentaltexlive-l3experimental-doctexlive-l3kerneltexlive-l3kernel-doctexlive-l3packagestexlive-l3packages-doctexlive-lastpagetexlive-lastpage-doctexlive-latextexlive-latex-bintexlive-latex-bin-bintexlive-latex-doctexlive-latex-fontstexlive-latex-fonts-doctexlive-latexconfigtexlive-lettrinetexlive-lettrine-doctexlive-listingstexlive-listings-doctexlive-lmtexlive-lm-doctexlive-lm-mathtexlive-lm-math-doctexlive-ltxmisctexlive-lua-alt-getopttexlive-lua-alt-getopt-doctexlive-lualatex-mathtexlive-lualatex-math-doctexlive-luaotfloadtexlive-luaotfload-bintexlive-luaotfload-doctexlive-luatextexlive-luatex-bintexlive-luatex-doctexlive-luatexbasetexlive-luatexbase-doctexlive-makecmdstexlive-makecmds-doctexlive-makeindextexlive-makeindex-bintexlive-makeindex-doctexlive-marginnotetexlive-marginnote-doctexlive-marvosymtexlive-marvosym-doctexlive-mathpazotexlive-mathpazo-doctexlive-mathspectexlive-mathspec-doctexlive-mdwtoolstexlive-mdwtools-doctexlive-memoirtexlive-memoir-doctexlive-metafonttexlive-metafont-bintexlive-metalogotexlive-metalogo-doctexlive-metaposttexlive-metapost-bintexlive-metapost-doctexlive-metapost-examples-doctexlive-mflogotexlive-mflogo-doctexlive-mfnfsstexlive-mfnfss-doctexlive-mfwaretexlive-mfware-bintexlive-mhtexlive-mh-doctexlive-microtypetexlive-microtype-doctexlive-misctexlive-mnsymboltexlive-mnsymbol-doctexlive-mparhacktexlive-mparhack-doctexlive-mptopdftexlive-mptopdf-bintexlive-mstexlive-ms-doctexlive-multidotexlive-multido-doctexlive-multirowtexlive-multirow-doctexlive-natbibtexlive-natbib-doctexlive-ncctoolstexlive-ncctools-doctexlive-ncntrsbktexlive-norasi-c90texlive-ntgclasstexlive-ntgclass-doctexlive-oberdiektexlive-oberdiek-doctexlive-overpictexlive-overpic-doctexlive-palatinotexlive-paralisttexlive-paralist-doctexlive-paralleltexlive-parallel-doctexlive-parskiptexlive-parskip-doctexlive-passivetextexlive-pdfpagestexlive-pdfpages-doctexlive-pdftextexlive-pdftex-bintexlive-pdftex-deftexlive-pdftex-doctexlive-pgftexlive-pgf-doctexlive-philokaliatexlive-philokalia-doctexlive-placeinstexlive-placeins-doctexlive-plaintexlive-polyglossiatexlive-polyglossia-doctexlive-powerdottexlive-powerdot-doctexlive-preprinttexlive-preprint-doctexlive-psfragtexlive-psfrag-doctexlive-pslatextexlive-psnfsstexlive-psnfss-doctexlive-pspicturetexlive-pspicture-doctexlive-pst-3dtexlive-pst-3d-doctexlive-pst-blurtexlive-pst-blur-doctexlive-pst-coiltexlive-pst-coil-doctexlive-pst-epstexlive-pst-eps-doctexlive-pst-filltexlive-pst-fill-doctexlive-pst-gradtexlive-pst-grad-doctexlive-pst-mathtexlive-pst-math-doctexlive-pst-nodetexlive-pst-node-doctexlive-pst-plottexlive-pst-plot-doctexlive-pst-slpetexlive-pst-slpe-doctexlive-pst-texttexlive-pst-text-doctexlive-pst-treetexlive-pst-tree-doctexlive-pstrickstexlive-pstricks-addtexlive-pstricks-add-doctexlive-pstricks-doctexlive-ptexttexlive-ptext-doctexlive-pxfontstexlive-pxfonts-doctexlive-qstesttexlive-qstest-doctexlive-rcstexlive-rcs-doctexlive-realscriptstexlive-realscripts-doctexlive-rotatingtexlive-rotating-doctexlive-rsfstexlive-rsfs-doctexlive-sansmathtexlive-sansmath-doctexlive-sauerjtexlive-sauerj-doctexlive-scheme-basictexlive-sectiontexlive-section-doctexlive-sectstytexlive-sectsty-doctexlive-seminartexlive-seminar-doctexlive-sepnumtexlive-sepnum-doctexlive-setspacetexlive-setspace-doctexlive-showexpltexlive-showexpl-doctexlive-soultexlive-soul-doctexlive-stmaryrdtexlive-stmaryrd-doctexlive-subfigtexlive-subfig-doctexlive-subfiguretexlive-subfigure-doctexlive-svn-provtexlive-svn-prov-doctexlive-symboltexlive-t2texlive-t2-doctexlive-tetextexlive-tetex-bintexlive-tetex-doctexlive-textexlive-tex-bintexlive-tex-gyretexlive-tex-gyre-doctexlive-tex-gyre-mathtexlive-tex-gyre-math-doctexlive-tex4httexlive-tex4ht-bintexlive-tex4ht-doctexlive-texconfigtexlive-texconfig-bintexlive-texlive.infratexlive-texlive.infra-bintexlive-texlive.infra-doctexlive-textcasetexlive-textcase-doctexlive-textpostexlive-textpos-doctexlive-thailatextexlive-thailatex-doctexlive-threeparttabletexlive-threeparttable-doctexlive-thumbpdftexlive-thumbpdf-bintexlive-thumbpdf-doctexlive-timestexlive-tipatexlive-tipa-doctexlive-titlesectexlive-titlesec-doctexlive-titlingtexlive-titling-doctexlive-toclofttexlive-tocloft-doctexlive-toolstexlive-tools-doctexlive-txfontstexlive-txfonts-doctexlive-type1cmtexlive-type1cm-doctexlive-typehtmltexlive-typehtml-doctexlive-ucharclassestexlive-ucharclasses-doctexlive-ucstexlive-ucs-doctexlive-uhctexlive-uhc-doctexlive-ulemtexlive-ulem-doctexlive-underscoretexlive-underscore-doctexlive-unicode-mathtexlive-unicode-math-doctexlive-unisugartexlive-unisugar-doctexlive-urltexlive-url-doctexlive-utopiatexlive-utopia-doctexlive-varwidthtexlive-varwidth-doctexlive-wadalabtexlive-wadalab-doctexlive-wastexlive-was-doctexlive-wasytexlive-wasy-doctexlive-wasysymtexlive-wasysym-doctexlive-wrapfigtexlive-wrapfig-doctexlive-xcolortexlive-xcolor-doctexlive-xdvitexlive-xdvi-bintexlive-xecjktexlive-xecjk-doctexlive-xecolortexlive-xecolor-doctexlive-xecyrtexlive-xecyr-doctexlive-xeindextexlive-xeindex-doctexlive-xepersiantexlive-xepersian-doctexlive-xesearchtexlive-xesearch-doctexlive-xetextexlive-xetex-bintexlive-xetex-deftexlive-xetex-doctexlive-xetex-itranstexlive-xetex-itrans-doctexlive-xetex-pstrickstexlive-xetex-pstricks-doctexlive-xetex-tibetantexlive-xetex-tibetan-doctexlive-xetexconfigtexlive-xetexfontinfotexlive-xetexfontinfo-doctexlive-xifthentexlive-xifthen-doctexlive-xkeyvaltexlive-xkeyval-doctexlive-xltxtratexlive-xltxtra-doctexlive-xmltextexlive-xmltex-bintexlive-xmltex-doctexlive-xstringtexlive-xstring-doctexlive-xtabtexlive-xtab-doctexlive-xunicodetexlive-xunicode-doctexlive-zapfchantexlive-zapfdinggit-gnome-keyringgit-instawebpython-requestsperlperl-CPANperl-ExtUtils-CBuilderperl-ExtUtils-Embedperl-ExtUtils-Installperl-IO-Zlibperl-Locale-Maketext-Simpleperl-Module-CoreListperl-Module-Loadedperl-Object-Accessorperl-Package-Constantsperl-Pod-Escapesperl-Time-Pieceperl-coreperl-develperl-libsperl-macrosperl-testsemacs-gettextgettextgettext-common-develgettext-develgettext-libskeepaliveduriparseruriparser-devellibwpdlibwpd-devellibwpd-doclibwpd-toolspython-urllib3python-virtualenvpython3-piplibsolvlibsolv-demolibsolv-devellibsolv-toolspython2-solvpython3python3-debugpython3-develpython3-idlepython3-libspython3-testpython3-tkinterlibwebplibwebp-devellibwebp-javalibwebp-toolskgraft-patch-4_12_14-95_68-defaultkgraft-patch-4_12_14-95_71-defaultkgraft-patch-4_12_14-95_74-defaultkgraft-patch-4_12_14-95_77-defaultkgraft-patch-4_12_14-95_80-defaultkgraft-patch-4_12_14-95_83-defaultkernel-livepatch-4_12_14-150_66-defaultkernel-livepatch-4_12_14-150_69-defaultkernel-livepatch-4_12_14-150_72-defaultkernel-livepatch-4_12_14-150_75-defaultkernel-livepatch-4_12_14-150_78-defaultjava-11-openjdkjava-11-openjdk-debugjava-11-openjdk-demojava-11-openjdk-demo-debugjava-11-openjdk-develjava-11-openjdk-devel-debugjava-11-openjdk-headlessjava-11-openjdk-headless-debugjava-11-openjdk-javadocjava-11-openjdk-javadoc-debugjava-11-openjdk-javadoc-zipjava-11-openjdk-javadoc-zip-debugjava-11-openjdk-jmodsjava-11-openjdk-jmods-debugjava-11-openjdk-srcjava-11-openjdk-src-debuglibvorbislibvorbis-devellibvorbis-devel-docsgcablibgcab1libgcab1-develquaggaquagga-contribquagga-develbind-export-develbind-export-libslibkdcrawlibkdcraw-develkcm_colorskde-settingskde-settings-ksplashkde-settings-minimalkde-settings-plasmakde-settings-pulseaudiokde-style-oxygenkde-workspacekde-workspace-develkde-workspace-ksplash-themeskde-workspace-libskdeclassic-cursor-themekgreeter-pluginskhotkeyskhotkeys-libskinfocenterkmagkmenueditksysguardksysguard-libsksysguarddkwinkwin-gleskwin-gles-libskwin-libslibkworkspaceoxygen-cursor-themesplasma-scriptengine-pythonplasma-scriptengine-rubyqt-settingsvirtuoso-opensourcevirtuoso-opensource-utilsunixODBCunixODBC-develcompat-libtiff3slf4jslf4j-javadocslf4j-manualfreerdp-pluginsapache-commons-beanutilsapache-commons-beanutils-javadocfence-agents-aliyunfence-agents-allfence-agents-amt-wsfence-agents-apcfence-agents-apc-snmpfence-agents-awsfence-agents-azure-armfence-agents-bladecenterfence-agents-brocadefence-agents-cisco-mdsfence-agents-cisco-ucsfence-agents-commonfence-agents-computefence-agents-drac5fence-agents-eaton-snmpfence-agents-emersonfence-agents-epsfence-agents-gcefence-agents-heuristics-pingfence-agents-hpbladefence-agents-ibmbladefence-agents-ifmibfence-agents-ilo-moonshotfence-agents-ilo-mpfence-agents-ilo-sshfence-agents-ilo2fence-agents-intelmodularfence-agents-ipdufence-agents-ipmilanfence-agents-kdumpfence-agents-mpathfence-agents-redfishfence-agents-rhevmfence-agents-rsafence-agents-rsbfence-agents-sbdfence-agents-scsifence-agents-virshfence-agents-vmware-restfence-agents-vmware-soapfence-agents-wtiicedtea-webicedtea-web-develicedtea-web-javadockgraft-patch-4_12_14-95_13-defaultkgraft-patch-4_12_14-95_16-defaultkernel-livepatch-4_12_14-150_14-defaultkernel-livepatch-4_12_14-150_17-defaultlibxsltlibxslt-devellibxslt-pythonkgraft-patch-4_4_175-94_79-defaultkgraft-patch-4_4_176-94_88-defaultkgraft-patch-4_4_178-94_91-defaultkgraft-patch-4_4_180-94_97-defaultdovecotdovecot-develdovecot-mysqldovecot-pgsqldovecot-pigeonholeibusibus-develibus-devel-docsibus-gtk2ibus-gtk3ibus-libsibus-pygtk2ibus-setupdbusdbus-develdbus-docdbus-libsdbus-testsdbus-x11libqblibqb-develmod_auth_mellonmod_auth_mellon-diagnosticsSDLSDL-develSDL-staticjssjss-javadocnbdkitnbdkit-basic-pluginsnbdkit-develnbdkit-example-pluginsnbdkit-plugin-python-commonnbdkit-plugin-python2nbdkit-plugin-vddkkshhunspellhunspell-develkgraft-patch-4_12_14-95_54-defaultkernel-livepatch-4_12_14-150_52-defaultpython-pillowpython-pillow-develpython-pillow-docpython-pillow-qtpython-pillow-sanepython-pillow-tkpython-reportlabpython-reportlab-docslibrabbitmqlibrabbitmq-devellibrabbitmq-examplespcppcp-confpcp-develpcp-docpcp-export-pcp2elasticsearchpcp-export-pcp2graphitepcp-export-pcp2influxdbpcp-export-pcp2jsonpcp-export-pcp2sparkpcp-export-pcp2xmlpcp-export-pcp2zabbixpcp-export-zabbix-agentpcp-guipcp-import-collectl2pcppcp-import-ganglia2pcppcp-import-iostat2pcppcp-import-mrtg2pcppcp-import-sar2pcppcp-libspcp-libs-develpcp-managerpcp-pmda-activemqpcp-pmda-apachepcp-pmda-bashpcp-pmda-bccpcp-pmda-bind2pcp-pmda-bondingpcp-pmda-cifspcp-pmda-ciscopcp-pmda-dbpingpcp-pmda-dmpcp-pmda-dockerpcp-pmda-ds389pcp-pmda-ds389logpcp-pmda-elasticsearchpcp-pmda-gfs2pcp-pmda-glusterpcp-pmda-gpfspcp-pmda-gpsdpcp-pmda-haproxypcp-pmda-infinibandpcp-pmda-jsonpcp-pmda-libvirtpcp-pmda-liopcp-pmda-lmsensorspcp-pmda-loggerpcp-pmda-lustrepcp-pmda-lustrecommpcp-pmda-mailqpcp-pmda-memcachepcp-pmda-micpcp-pmda-mountspcp-pmda-mysqlpcp-pmda-namedpcp-pmda-netfilterpcp-pmda-newspcp-pmda-nfsclientpcp-pmda-nginxpcp-pmda-nvidia-gpupcp-pmda-oraclepcp-pmda-pdnspcp-pmda-perfeventpcp-pmda-postfixpcp-pmda-postgresqlpcp-pmda-prometheuspcp-pmda-redispcp-pmda-roomtemppcp-pmda-rpmpcp-pmda-rsyslogpcp-pmda-sambapcp-pmda-sendmailpcp-pmda-shpingpcp-pmda-slurmpcp-pmda-smartpcp-pmda-snmppcp-pmda-summarypcp-pmda-systemdpcp-pmda-tracepcp-pmda-unboundpcp-pmda-vmwarepcp-pmda-weblogpcp-pmda-zimbrapcp-pmda-zswappcp-selinuxpcp-system-toolspcp-testsuitepcp-webapipcp-webapp-blinkenlightspcp-webapp-grafanapcp-webapp-graphitepcp-webapp-vectorpcp-webjspcp-zeroconfperl-PCP-LogImportperl-PCP-LogSummaryperl-PCP-MMVperl-PCP-PMDApython-pcplibwsman-devellibwsman1openwsman-clientopenwsman-perlopenwsman-pythonopenwsman-rubyopenwsman-serverLibRawLibRaw-develLibRaw-staticcolordcolord-develcolord-devel-docscolord-extra-profilescolord-libsgnome-shell-extension-disable-screenshieldgnome-shell-extension-extra-osk-keysgnome-shell-extension-horizontal-workspacesgnome-shell-extension-window-grouperlibcanberralibcanberra-devellibcanberra-gtk2libcanberra-gtk3shared-mime-infotrackertracker-develtracker-docstracker-needletracker-preferencesxchatxchat-tcle2fsprogse2fsprogs-devele2fsprogs-libse2fsprogs-staticlibcom_errlibcom_err-devellibsslibss-develadvancecomplibexiflibexif-devellibexif-doclibguestfs-winsupportkgraft-patch-4_12_14-95_57-defaultkgraft-patch-4_12_14-95_60-defaultkernel-livepatch-4_12_14-150_55-defaultkernel-livepatch-4_12_14-150_58-defaultkernel-livepatch-4_12_14-150_63-defaultkgraft-patch-4_12_14-95_65-defaultkgraft-patch-4_12_14-122_23-defaultkgraft-patch-4_12_14-122_26-defaultkgraft-patch-4_12_14-122_29-defaultkgraft-patch-4_12_14-122_32-defaultkgraft-patch-4_12_14-122_37-defaultkgraft-patch-4_12_14-122_41-defaultkgraft-patch-4_12_14-122_46-defaultkgraft-patch-4_12_14-122_51-defaultkgraft-patch-4_12_14-122_54-defaultkernel-livepatch-4_12_14-197_45-defaultkernel-livepatch-4_12_14-197_48-defaultkernel-livepatch-4_12_14-197_51-defaultkernel-livepatch-4_12_14-197_56-defaultkernel-livepatch-4_12_14-197_61-defaultkernel-livepatch-4_12_14-197_64-defaultkernel-livepatch-4_12_14-197_67-defaultkernel-livepatch-4_12_14-197_72-defaultkernel-livepatch-4_12_14-197_75-defaultkernel-livepatch-5_3_18-22-defaultkernel-livepatch-5_3_18-24_12-defaultkernel-livepatch-5_3_18-24_15-defaultkernel-livepatch-5_3_18-24_9-defaultkernel-livepatch-5_3_18-24_24-defaultkernel-livepatch-5_3_18-24_29-defaultkernel-livepatch-5_3_18-24_34-defaultkernel-livepatch-5_3_18-24_37-defaultkernel-livepatch-5_3_18-24_43-defaulttelnettelnet-servericulibiculibicu-devellibicu-docfence-agents-lparresource-agentsresource-agents-aliyunOpenEXROpenEXR-develOpenEXR-libspostgresql-jdbcpostgresql-jdbc-javadoctargetclipython-rtslibpython-rtslib-doclibrepolibrepo-develpython-librepogrub2-commongrub2-efi-ia32grub2-efi-ia32-cdbootgrub2-efi-ia32-modulesgrub2-efi-x64grub2-efi-x64-cdbootgrub2-efi-x64-modulesgrub2-pcgrub2-pc-modulesgrub2-tools-extragrub2-tools-minimaljava-11-openjdk-static-libskgraft-patch-4_12_14-122_60-defaultkgraft-patch-4_12_14-122_63-defaultkernel-livepatch-4_12_14-197_83-defaultkernel-livepatch-4_12_14-197_86-defaultkernel-livepatch-5_3_18-24_49-defaultkernel-livepatch-5_3_18-24_52-defaultkernel-livepatch-5_3_18-57-defaultxstreamxstream-javadockgraft-patch-4_12_14-122_57-defaultkernel-livepatch-4_12_14-197_78-defaultphp-pearkernel-livepatch-5_3_18-24_46-defaultkgraft-patch-4_12_14-122_66-defaultkernel-livepatch-5_3_18-24_53_4-defaultkgraft-patch-4_12_14-122_71-defaultkgraft-patch-4_12_14-122_74-defaultkgraft-patch-4_12_14-122_77-defaultkernel-livepatch-4_12_14-197_89-defaultkernel-livepatch-4_12_14-197_92-defaultkernel-livepatch-5_3_18-24_61-defaultkernel-livepatch-5_3_18-24_64-defaultkernel-livepatch-5_3_18-24_67-defaultkgraft-patch-4_12_14-95_102-defaultkgraft-patch-4_12_14-95_105-defaultkgraft-patch-4_12_14-95_88-defaultkgraft-patch-4_12_14-95_93-defaultkgraft-patch-4_12_14-95_96-defaultkgraft-patch-4_12_14-95_99-defaultkgraft-patch-4_12_14-122_103-defaultkgraft-patch-4_12_14-122_106-defaultkgraft-patch-4_12_14-122_110-defaultkgraft-patch-4_12_14-122_113-defaultkgraft-patch-4_12_14-122_116-defaultkgraft-patch-4_12_14-122_121-defaultkgraft-patch-4_12_14-122_124-defaultkgraft-patch-4_12_14-122_127-defaultkgraft-patch-4_12_14-122_130-defaultkgraft-patch-4_12_14-122_88-defaultkgraft-patch-4_12_14-122_91-defaultkgraft-patch-4_12_14-122_98-defaultkernel-livepatch-4_12_14-150000_150_89-defaultkernel-livepatch-4_12_14-150000_150_92-defaultkernel-livepatch-4_12_14-150000_150_95-defaultkernel-livepatch-4_12_14-150000_150_98-defaultkernel-livepatch-4_12_14-150_83-defaultkernel-livepatch-4_12_14-150_86-defaultkernel-livepatch-4_12_14-150100_197_111-defaultkernel-livepatch-4_12_14-150100_197_114-defaultkernel-livepatch-4_12_14-150100_197_117-defaultkernel-livepatch-4_12_14-150100_197_120-defaultkernel-livepatch-4_12_14-197_102-defaultkernel-livepatch-4_12_14-197_105-defaultkernel-livepatch-4_12_14-197_108-defaultkernel-livepatch-5_3_18-150200_24_112-defaultkernel-livepatch-5_3_18-150200_24_115-defaultkernel-livepatch-5_3_18-150200_24_126-defaultkernel-livepatch-5_3_18-24_102-defaultkernel-livepatch-5_3_18-24_107-defaultkernel-livepatch-5_3_18-24_83-defaultkernel-livepatch-5_3_18-24_86-defaultkernel-livepatch-5_3_18-24_93-defaultkernel-livepatch-5_3_18-24_96-defaultkernel-livepatch-5_3_18-24_99-defaultkernel-livepatch-5_3_18-150300_59_43-defaultkernel-livepatch-5_3_18-150300_59_46-defaultkernel-livepatch-5_3_18-150300_59_49-defaultkernel-livepatch-5_3_18-150300_59_54-defaultkernel-livepatch-5_3_18-150300_59_60-defaultkernel-livepatch-5_3_18-150300_59_63-defaultkernel-livepatch-5_3_18-150300_59_68-defaultkernel-livepatch-5_3_18-150300_59_71-defaultkernel-livepatch-5_3_18-150300_59_76-defaultkernel-livepatch-5_3_18-150300_59_87-defaultkernel-livepatch-5_3_18-59_24-defaultkernel-livepatch-5_3_18-59_27-defaultkernel-livepatch-5_3_18-59_34-defaultkernel-livepatch-5_3_18-59_37-defaultkernel-livepatch-5_3_18-59_40-defaultkernel-livepatch-5_14_21-150400_22-defaultkernel-livepatch-5_14_21-150400_24_11-defaultkernel-livepatch-5_14_21-150400_24_18-defaultkgraft-patch-4_12_14-122_80-defaultkgraft-patch-4_12_14-122_83-defaultkernel-livepatch-4_12_14-197_99-defaultkernel-livepatch-5_3_18-24_70-defaultkernel-livepatch-5_3_18-24_75-defaultkernel-livepatch-5_3_18-24_78-defaultkernel-livepatch-5_3_18-59_10-defaultkernel-livepatch-5_3_18-59_13-defaultkernel-livepatch-5_3_18-59_16-defaultkernel-livepatch-5_3_18-59_19-defaultkernel-livepatch-5_3_18-59_5-defaultbmc-snmp-proxyexchange-bmc-os-infoipmitoolfontforgefontforge-developenjpeg2openjpeg2-developenjpeg2-devel-docsopenjpeg2-toolspppppp-develrpm-plugin-systemd-inhibitscreenxtermlassolasso-devellasso-pythoncompat-exiv2-026linuxptpkernel-livepatch-5_3_18-150200_24_129-defaultkernel-livepatch-5_3_18-150200_24_134-defaultkernel-livepatch-5_3_18-150300_59_90-defaultkernel-livepatch-5_3_18-150300_59_93-defaultkernel-livepatch-5_3_18-150300_59_98-defaultkernel-livepatch-5_14_21-150400_24_21-defaultkernel-livepatch-5_14_21-150400_24_28-defaultkernel-livepatch-5_14_21-150400_24_33-defaultaidegeglgegl-develkgraft-patch-4_12_14-122_162-defaultkgraft-patch-4_12_14-122_165-defaultkgraft-patch-4_12_14-122_173-defaultkgraft-patch-4_12_14-122_176-defaultkgraft-patch-4_12_14-122_179-defaultkgraft-patch-4_12_14-122_183-defaultkgraft-patch-4_12_14-122_186-defaultkgraft-patch-4_12_14-122_189-defaultkgraft-patch-4_12_14-122_194-defaultkgraft-patch-4_12_14-122_201-defaultkgraft-patch-4_12_14-122_216-defaultkernel-livepatch-5_3_18-150200_24_154-defaultkernel-livepatch-5_3_18-150200_24_157-defaultkernel-livepatch-5_3_18-150200_24_160-defaultkernel-livepatch-5_3_18-150200_24_163-defaultkernel-livepatch-5_3_18-150200_24_166-defaultkernel-livepatch-5_3_18-150200_24_169-defaultkernel-livepatch-5_3_18-150200_24_172-defaultkernel-livepatch-5_3_18-150200_24_175-defaultkernel-livepatch-5_3_18-150200_24_178-defaultkernel-livepatch-5_3_18-150200_24_183-defaultkernel-livepatch-5_3_18-150200_24_188-defaultkernel-livepatch-5_3_18-150300_59_124-defaultkernel-livepatch-5_3_18-150300_59_127-defaultkernel-livepatch-5_3_18-150300_59_130-defaultkernel-livepatch-5_3_18-150300_59_133-defaultkernel-livepatch-5_3_18-150300_59_138-defaultkernel-livepatch-5_3_18-150300_59_141-defaultkernel-livepatch-5_3_18-150300_59_144-defaultkernel-livepatch-5_3_18-150300_59_147-defaultkernel-livepatch-5_3_18-150300_59_150-defaultkernel-livepatch-5_3_18-150300_59_153-defaultkernel-livepatch-5_3_18-150300_59_158-defaultkernel-livepatch-5_3_18-150300_59_161-defaultkernel-livepatch-5_3_18-150200_24_191-defaultkernel-livepatch-5_3_18-150200_24_194-defaultkernel-livepatch-5_3_18-150200_24_197-defaultkernel-livepatch-5_3_18-150300_59_164-defaultkernel-livepatch-5_3_18-150300_59_167-defaultkernel-livepatch-5_14_21-150500_55_36-defaultkernel-livepatch-5_14_21-150500_55_39-defaultkernel-livepatch-5_14_21-150500_55_44-defaultkernel-livepatch-5_14_21-150500_55_49-defaultkernel-livepatch-5_14_21-150500_55_52-defaultkernel-livepatch-5_14_21-150500_55_59-defaultkernel-livepatch-5_14_21-150500_55_62-defaultkernel-livepatch-5_14_21-150500_55_65-defaultkernel-livepatch-5_14_21-150500_55_68-defaultkernel-livepatch-5_14_21-150500_55_73-defaultkernel-livepatch-5_14_21-150400_24_100-defaultkernel-livepatch-5_14_21-150400_24_103-defaultkernel-livepatch-5_14_21-150400_24_108-defaultkernel-livepatch-5_14_21-150400_24_111-defaultkernel-livepatch-5_14_21-150400_24_116-defaultkernel-livepatch-5_14_21-150400_24_119-defaultkernel-livepatch-5_14_21-150400_24_122-defaultkernel-livepatch-5_14_21-150400_24_125-defaultkernel-livepatch-5_14_21-150400_24_88-defaultkernel-livepatch-5_14_21-150400_24_92-defaultkernel-livepatch-5_14_21-150400_24_97-defaultkernel-livepatch-5_14_21-150500_55_28-defaultkernel-livepatch-5_14_21-150500_55_31-defaultgzipxzxz-compat-libsxz-develxz-libsxz-lzma-compatcyrus-saslcyrus-sasl-develcyrus-sasl-gs2cyrus-sasl-gssapicyrus-sasl-ldapcyrus-sasl-libcyrus-sasl-md5cyrus-sasl-ntlmcyrus-sasl-plaincyrus-sasl-scramcyrus-sasl-sqlapr-utilapr-util-develapr-util-ldapapr-util-mysqlapr-util-nssapr-util-odbcapr-util-opensslapr-util-pgsqlapr-util-sqlitekernel-livepatch-5_3_18-150300_59_101-defaultrsyncopen-vm-toolsopen-vm-tools-desktopopen-vm-tools-developen-vm-tools-testkgraft-patch-4_12_14-95_108-defaultkgraft-patch-4_12_14-95_111-defaultkgraft-patch-4_12_14-122_133-defaultkgraft-patch-4_12_14-122_136-defaultkernel-livepatch-4_12_14-150100_197_123-defaultkernel-livepatch-4_12_14-150100_197_126-defaultlibksbalibksba-develkernel-livepatch-4_12_14-150000_150_101-defaultkernel-livepatch-4_12_14-150000_150_104-defaultpesignkgraft-patch-4_12_14-95_114-defaultkgraft-patch-4_12_14-122_139-defaultkgraft-patch-4_12_14-122_144-defaultkernel-livepatch-4_12_14-150100_197_131-defaultkernel-livepatch-5_3_18-150200_24_139-defaulthsqldbhsqldb-demohsqldb-javadochsqldb-manualdevice-mapper-multipathdevice-mapper-multipath-develdevice-mapper-multipath-libsdevice-mapper-multipath-sysvinitkpartxlibdmmplibdmmp-develbcelbcel-javadockernel-livepatch-5_14_21-150400_24_38-defaultkernel-livepatch-5_3_18-150200_24_142-defaultkernel-livepatch-5_3_18-150200_24_145-defaultkernel-livepatch-5_3_18-150300_59_106-defaultkernel-livepatch-5_3_18-150300_59_109-defaultkernel-livepatch-5_3_18-150300_59_112-defaultkernel-livepatch-5_3_18-150300_59_115-defaultkgraft-patch-4_12_14-122_159-defaultkernel-livepatch-5_3_18-150200_24_151-defaultkernel-livepatch-5_3_18-150300_59_121-defaultkernel-livepatch-5_14_21-150400_24_60-defaultkernel-livepatch-5_14_21-150400_24_63-defaultkernel-livepatch-5_14_21-150400_24_66-defaultkernel-livepatch-5_14_21-150400_24_69-defaultkernel-livepatch-5_14_21-150400_24_74-defaultkernel-livepatch-5_14_21-150400_24_81-defaultkernel-rtkernel-livepatch-5_14_21-150500_11-rtkernel-livepatch-5_14_21-150500_53-defaultkernel-livepatch-5_14_21-150500_55_12-defaultkernel-livepatch-5_14_21-150500_55_19-defaultkernel-livepatch-5_14_21-150500_55_7-defaultkgraft-patch-4_12_14-122_219-defaultkgraft-patch-4_12_14-122_222-defaultkgraft-patch-4_12_14-122_225-defaultkgraft-patch-4_12_14-122_228-defaultkernel-livepatch-5_3_18-150300_59_170-defaultkernel-livepatch-5_3_18-150300_59_174-defaultkernel-livepatch-5_14_21-150400_24_128-defaultkernel-livepatch-5_14_21-150400_24_133-defaultkernel-livepatch-5_14_21-150500_55_80-defaultkgraft-patch-4_12_14-122_231-defaultkernel-livepatch-5_3_18-150300_59_179-defaultkernel-livepatch-5_14_21-150400_24_136-defaultkernel-livepatch-5_14_21-150500_55_83-defaultkgraft-patch-4_12_14-122_234-defaultkgraft-patch-4_12_14-122_237-defaultkgraft-patch-4_12_14-122_244-defaultkgraft-patch-4_12_14-122_247-defaultkgraft-patch-4_12_14-122_250-defaultkernel-livepatch-5_3_18-150300_59_182-defaultkernel-livepatch-5_3_18-150300_59_185-defaultkernel-livepatch-5_3_18-150300_59_188-defaultkernel-livepatch-5_3_18-150300_59_195-defaultkernel-livepatch-5_3_18-150300_59_198-defaultkernel-livepatch-5_14_21-150400_24_141-defaultkernel-livepatch-5_14_21-150400_24_144-defaultkernel-livepatch-5_14_21-150400_24_147-defaultkernel-livepatch-5_14_21-150400_24_150-defaultkernel-livepatch-5_14_21-150400_24_153-defaultkernel-livepatch-5_14_21-150400_24_158-defaultkernel-livepatch-5_14_21-150500_55_88-defaultkernel-livepatch-5_14_21-150500_55_91-defaultkernel-livepatch-5_14_21-150500_55_94-defaultkernel-livepatch-5_14_21-150500_55_97-defaultkgraft-patch-4_12_14-122_255-defaultkgraft-patch-4_12_14-122_258-defaultkgraft-patch-4_12_14-122_261-defaultkgraft-patch-4_12_14-122_266-defaultkgraft-patch-4_12_14-122_269-defaultkgraft-patch-4_12_14-122_272-defaultkernel-livepatch-5_14_21-150400_24_161-defaultkernel-livepatch-5_14_21-150400_24_164-defaultkernel-livepatch-5_14_21-150400_24_167-defaultkernel-livepatch-5_14_21-150400_24_170-defaultkernel-livepatch-5_14_21-150400_24_173-defaultkernel-livepatch-5_14_21-150400_24_176-defaultkernel-livepatch-5_3_18-150300_59_201-defaultkernel-livepatch-5_3_18-150300_59_204-defaultkernel-livepatch-5_3_18-150300_59_207-defaultkernel-livepatch-5_3_18-150300_59_211-defaultkernel-livepatch-5_3_18-150300_59_215-defaultkernel-livepatch-5_3_18-150300_59_218-defaultkernel-livepatch-5_14_21-150500_55_100-defaultkernel-livepatch-5_14_21-150500_55_103-defaultkernel-livepatch-5_14_21-150500_55_110-defaultkernel-livepatch-5_14_21-150500_55_113-defaultkernel-livepatch-5_14_21-150500_55_116-defaultkernel-livepatch-5_14_21-150500_55_121-defaultkgraft-patch-4_12_14-122_275-defaultkernel-livepatch-5_14_21-150400_24_179-defaultkernel-livepatch-5_14_21-150500_55_124-defaultkernel-livepatch-5_3_18-150300_59_221-defaultkgraft-patch-4_12_14-122_280-defaultkgraft-patch-4_12_14-122_283-defaultkgraft-patch-4_12_14-122_290-defaultkernel-livepatch-5_14_21-150400_24_184-defaultkernel-livepatch-5_14_21-150400_24_187-defaultkernel-livepatch-5_14_21-150500_55_127-defaultkernel-livepatch-5_14_21-150500_55_130-defaultkernel-livepatch-5_14_21-150500_55_133-defaultkernel-livepatch-5_14_21-150400_24_41-defaultkgraft-patch-4_12_14-122_147-defaultkernel-livepatch-5_14_21-150400_15_11-rtkernel-livepatch-5_14_21-150400_24_46-defaultkernel-livepatch-5_14_21-150400_24_55-defaultkgraft-patch-4_12_14-95_117-defaultkernel-livepatch-4_12_14-150100_197_134-defaultkgraft-patch-4_12_14-122_150-defaultkgraft-patch-4_12_14-122_153-defaultkgraft-patch-4_12_14-122_156-defaultkernel-livepatch-4_12_14-150100_197_137-defaultkernel-livepatch-4_12_14-150100_197_142-defaultkernel-livepatch-4_12_14-150100_197_145-defaultkernel-livepatch-5_3_18-150200_24_148-defaultkernel-livepatch-5_3_18-150300_59_118-defaultkgraft-patch-4_12_14-95_120-defaultkernel-livepatch-4_12_14-150100_197_157-defaultkernel-livepatch-4_12_14-150100_197_148-defaultkernel-livepatch-4_12_14-150100_197_151-defaultkernel-livepatch-4_12_14-150100_197_154-defaultkernel-livepatch-4_12_14-150100_197_160-defaultkernel-livepatch-4_12_14-150100_197_165-defaultkernel-livepatch-4_12_14-150100_197_168-defaultiwlax2xx-firmwarekgraft-patch-4_12_14-95_125-defaultc-aresc-ares-develiperf3iperf3-develmokutilshim-ia32shim-x64bind-dyndb-ldapkernel-livepatch-6_4_0-150600_21-defaultkernel-livepatch-6_4_0-150600_23_14-defaultkernel-livepatch-6_4_0-150600_23_17-defaultkernel-livepatch-6_4_0-150600_23_22-defaultkernel-livepatch-6_4_0-150600_23_7-defaultkernel-livepatch-6_4_0-150600_8-rtkernel-livepatch-6_4_0-150600_23_30-defaultkernel-livepatch-6_4_0-150600_23_33-defaultkernel-livepatch-6_4_0-150600_23_38-defaultkernel-livepatch-6_4_0-150600_23_42-defaultkernel-livepatch-6_4_0-150600_23_47-defaultkernel-livepatch-6_4_0-150600_23_50-defaultkernel-livepatch-6_4_0-150600_23_53-defaultkernel-livepatch-6_4_0-150600_23_60-defaultkernel-livepatch-6_4_0-150600_23_65-defaultkernel-livepatch-6_4_0-150600_23_70-defaultkernel-livepatch-6_4_0-150600_23_73-defaultkernel-livepatch-6_4_0-150700_5-rtkernel-livepatch-6_4_0-150700_51-defaultkernel-livepatch-6_4_0-150700_53_11-defaultkernel-livepatch-6_4_0-150700_53_16-defaultkernel-livepatch-6_4_0-150700_53_19-defaultkernel-livepatch-6_4_0-150700_53_3-defaultkernel-livepatch-6_4_0-150700_53_6-defaultkgraft-patch-4_12_14-122_293-defaultdocker-clientdocker-commondocker-logrotatedocker-lvm-plugindocker-novolume-plugindocker-v1.10-migratorrunclesspython-idnakernel-livepatch-5_3_18-150200_24_200-defaultkernel-livepatch-6_4_0-150600_23_25-defaulttunedtuned-gtktuned-profiles-atomictuned-profiles-compattuned-profiles-cpu-partitioningtuned-profiles-mssqltuned-profiles-oracletuned-utilstuned-utils-systemtapraptor2raptor2-develpython-setuptoolspython3-setuptoolsjava-11-openjdk-static-libs-debugkernel-livepatch-5_14_21-150500_55_136-defaultkernel-livepatch-6_4_0-150600_23_78-defaultkernel-livepatch-6_4_0-150700_53_22-defaultkernel-livepatch-6_4_0-150600_23_81-defaultkernel-livepatch-6_4_0-150700_53_25-defaultperl-FCGIkonsolekonsole-partlibblockdevlibblockdev-btrfslibblockdev-btrfs-devellibblockdev-cryptolibblockdev-crypto-devellibblockdev-devellibblockdev-dmlibblockdev-dm-devellibblockdev-fslibblockdev-fs-devellibblockdev-kbdlibblockdev-kbd-devellibblockdev-looplibblockdev-loop-devellibblockdev-lvmlibblockdev-lvm-devellibblockdev-mdraidlibblockdev-mdraid-devellibblockdev-mpathlibblockdev-mpath-devellibblockdev-nvdimmlibblockdev-nvdimm-devellibblockdev-partlibblockdev-part-devellibblockdev-plugins-alllibblockdev-swaplibblockdev-swap-devellibblockdev-utilslibblockdev-utils-devellibblockdev-vdolibblockdev-vdo-develpython2-blockdevkernel-livepatch-6_4_0-150600_23_84-defaultkernel-livepatch-6_4_0-150700_53_28-defaultkernel-livepatch-6_4_0-150600_23_87-defaultkernel-livepatch-6_4_0-150700_53_31-defaultkernel-livepatch-5_14_21-150400_24_194-defaultpython2-pyasn1python2-pyasn1-modules(x86_64)0:12.5-12.el7_00:7-0(x86_64)0:1.6.0.35-1.13.7.1.el7_1(x86_64)0:1.7.0.79-2.5.5.1.el7_1(noarch)0:1.7.0.79-2.5.5.1.el7_1(x86_64)0:1.8.0.45-30.b13.el7_1(noarch)0:1.8.0.45-30.b13.el7_1(x86_64)0:1.0.1e-34.el7_0.3(i686|x86_64)0:1.0.1e-34.el7_0.3(x86_64)0:4.1.0-18.el7(x86_64)0:3.10.0-327.el7(noarch)0:3.10.0-327.el7(noarch)0:0.33-5.el7_9.1(noarch)0:1.13-2.el7_9.1(i686|x86_64)0:3.2.2-2.el7(noarch)0:1.7.8-3.el7(noarch)0:0.19.1-1.el7(x86_64)0:2.7.5-34.el7(i686|x86_64)0:2.7.5-34.el7(i686|x86_64)0:1.4.4-11.20101004cvs.el7(x86_64)0:3.10.0-123.13.1.el7(noarch)0:3.10.0-123.13.1.el7(noarch)0:2.11.0-17.el7_0(i686|x86_64)0:1.5.3-60.el7_0.5(x86_64)0:1.5.3-60.el7_0.5(noarch)0:7.0.42-5.el7_0(x86_64)0:3.10.0-514.el7(noarch)0:3.10.0-514.el7(x86_64)0:2.4.6-18.el7_0(noarch)0:2.4.6-18.el7_0(i686|x86_64)0:9.07-20.el7_3.1(x86_64)0:9.07-20.el7_3.1(noarch)0:9.07-20.el7_3.1(x86_64)0:2.4.6-31.el7(noarch)0:2.4.6-31.el7(i686|x86_64)0:0.11-4.el7_0(noarch)0:0.11-4.el7_0(x86_64)0:4.11.1-18.el7_0(noarch)0:4.11.1-18.el7_0(i686|x86_64)0:4.11.1-18.el7_0(x86_64)0:5.4.16-23.el7_0(i686|x86_64)0:2.17-105.el7(x86_64)0:2.17-105.el70:3.12.38-44.10:5-2.1-00:3.12.39-47.10:3.12.43-52.6.10:3.12.44-52.10.10:4-2.1-00:3.12.44-52.18.10:3.12.48-52.27.10:3-2.1-00:3.12.49-11.10:5-14.2-00:3.12.51-52.31.10:3.12.51-52.34.10:3.12.51-52.39.10:2-2.1-00:3.12.51-60.20.20:3.12.51-60.25.10:3.12.53-60.30.10:3.12.57-60.35.10:2-2.2-00:3.12.59-60.41.20:3.12.59-60.45.20:3.12.59-60.45.2(noarch)0:7.0.42-6.el7_0(noarch)0:7.0.42-8.el7_0(i686|x86_64)0:4.1.1-35.el7_0(x86_64)0:4.1.1-35.el7_0(x86_64)0:1.1.1-29.el7_0.1(i686|x86_64)0:1.1.1-29.el7_0.1(x86_64)0:3.10.0-123.6.3.el7(noarch)0:3.10.0-123.6.3.el7(i686|x86_64)0:2.9.1-5.el7_1.2(x86_64)0:2.9.1-5.el7_1.2(x86_64)0:3.10.0-123.1.2.el7(noarch)0:3.10.0-123.1.2.el7(x86_64)0:3.10.0-123.4.2.el7(noarch)0:3.10.0-123.4.2.el7(x86_64)0:5.11-31.el7(i686|x86_64)0:5.11-31.el7(noarch)0:5.11-31.el7(i686|x86_64)0:1.4.7-2.el7_0(i686|x86_64)0:0.9.8e-29.el7_0.2(noarch)0:7.0.54-2.el7_1(x86_64)0:3.4-12.el7_0(x86_64)0:5.5.37-1.el7_0(i686|x86_64)0:5.5.37-1.el7_0(x86_64)0:1.6.0.0-6.1.13.3.el7_0(x86_64)0:1.7.0.55-2.4.7.2.el7_0(noarch)0:1.7.0.55-2.4.7.2.el7_0(i686|x86_64)0:2.17-55.el7_0.1(x86_64)0:2.17-55.el7_0.1(x86_64)0:5.0.2-31.el7(i686|x86_64)0:3.16.2-2.el7_0(i686|x86_64)0:3.16.2-1.el7_0(x86_64)0:3.16.2-2.el7_0(i686|x86_64)0:3.16.2-7.el7_0(x86_64)0:3.16.2-7.el7_0(i686|x86_64)0:31.2.0-3.el7_0(i686|x86_64)0:31.2.0-1.el7_0(i686|x86_64)0:31.3.0-3.el7_0(x86_64)0:5.5.40-1.el7_0(i686|x86_64)0:5.5.40-1.el7_0(x86_64)0:5.4.16-23.el7_0.1(x86_64)0:6.6.1p1-11.el7(i686|x86_64)0:0.9.3-9.11.el7(i686|x86_64)0:1.5.3-60.el7_0.2(x86_64)0:1.5.3-60.el7_0.2(i686|x86_64)0:3.1.18-9.el7_0(x86_64)0:3.1.18-9.el7_0(i686|x86_64)0:3.3-5.el7_0(x86_64)0:3.3-5.el7_0(noarch)0:2.3.5-3.el7_0(x86_64)0:0.11.1-22.el7(x86_64)0:1.0.1e-34.el7_0.6(i686|x86_64)0:1.0.1e-34.el7_0.6(x86_64)0:1.7.14-7.el7_0(i686|x86_64)0:1.7.14-7.el7_0(i686|x86_64)0:4.1.1-37.el7_0(x86_64)0:4.1.1-37.el7_0(x86_64)0:5.7.2-24.el7(i686|x86_64)0:5.7.2-24.el7(x86_64)0:1.6.0.34-1.13.6.1.el7_0(x86_64)0:1.7.0.75-2.5.4.2.el7_0(noarch)0:1.7.0.75-2.5.4.2.el7_0(x86_64)0:1.0.1e-34.el7_0.7(i686|x86_64)0:1.0.1e-34.el7_0.7(noarch)0:4.2.5-5.el7_0(noarch)0:3.1-16.el7_0(x86_64)0:3.3.8-12.el7_0(x86_64)0:3.10.0-123.9.2.el7(noarch)0:3.10.0-123.9.2.el7(x86_64)0:7.29.0-25.el7(i686|x86_64)0:7.29.0-25.el7(i686|x86_64)0:1.5.3-60.el7_0.10(x86_64)0:1.5.3-60.el7_0.10(x86_64)0:3.22-34.el7_0.1(x86_64)0:1.1.1-29.el7_0.3(i686|x86_64)0:1.1.1-29.el7_0.3(x86_64)0:7.4.7-7.el7_0(i686|x86_64)0:1.5.3-86.el7(x86_64)0:1.5.3-86.el7(i686|x86_64)0:2.9.1-5.el7_0.1(x86_64)0:2.9.1-5.el7_0.1(x86_64)0:5.4.16-23.el7_0.3(x86_64)0:2.0-13.el7_00:3.12.32-33.10:3.12.32-33.1(x86_64)0:3.10.0-229.el7(noarch)0:3.10.0-229.el7(i686|x86_64)0:2.10.11-5.el7(x86_64)0:2.10.11-5.el7(x86_64)0:3.10.0-123.8.1.el7(noarch)0:3.10.0-123.8.1.el7(x86_64)0:3.10.0-123.20.1.el7(noarch)0:3.10.0-123.20.1.el7(x86_64)0:1.0.35-15.el7_0.1(i686|x86_64)0:1.0.35-15.el7_0.1(i686|x86_64)0:1.12.2-14.el7(x86_64)0:1.12.2-14.el7(x86_64)0:3.10.0-123.4.4.el7(noarch)0:3.10.0-123.4.4.el7(x86_64)0:1.14-10.el7_0.1(x86_64)0:2.0.0.353-22.el7_0(noarch)0:2.0.0.353-22.el7_0(i686|x86_64)0:2.0.0.353-22.el7_0(x86_64)0:1.2.0-22.el7_0(x86_64)0:0.4.2-22.el7_0(x86_64)0:1.7.7-22.el7_0(noarch)0:4.3.2-22.el7_0(x86_64)0:2.0.0-22.el7_0(noarch)0:0.9.6-22.el7_0(noarch)0:4.0.0-22.el7_0(noarch)0:2.0.14-22.el7_0(i686|x86_64)0:0.103.0-10.el7_0(noarch)0:0.103.0-10.el7_0(i686|x86_64)0:1.13.2-10.el7(x86_64)0:1.13.2-10.el7(i686|x86_64)0:2.17-78.el7(x86_64)0:2.17-78.el7(i686|x86_64)0:0.9.9-9.el7_0.1(x86_64)0:4.10.5-8.el7_0(noarch)0:4.10.5-8.el7_0(i686|x86_64)0:4.10.5-8.el7_0(x86_64)0:1.5.2-3.el7_0(x86_64)0:4.2.45-5.el7_0.2(i686|x86_64)0:1.10.3-12.el7_0(x86_64)0:1.10.3-12.el7_0(x86_64)0:1.6.0.33-1.13.5.0.el7_0(x86_64)0:1.7.0.71-2.5.3.1.el7_0(noarch)0:1.7.0.71-2.5.3.1.el7_0(x86_64)0:5.5.41-2.el7_0(i686|x86_64)0:5.5.41-2.el7_0(i686|x86_64)0:1.14.4-12.el7(x86_64)0:1.14.4-12.el7(i686|x86_64)0:1.14.0-6.el7(noarch)0:1.14.0-6.el7(x86_64)0:3.8.4-45.el7(i686|x86_64)0:3.8.4-16.el7(noarch)0:7.0.54-8.el7_2(i686|x86_64)0:2.17-55.el7_0.3(x86_64)0:2.17-55.el7_0.30:3.12.36-38.10:3.12.36-38.1(x86_64)0:1.1.1-29.el7_0.4(i686|x86_64)0:1.1.1-29.el7_0.4(x86_64)0:3.10.0-693.el7(noarch)0:3.10.0-693.el7(x86_64)0:1.15.0-7.el7_0.3(i686|x86_64)0:1.15.0-7.el7_0.3(noarch)0:1.15.0-7.el7_0.3(x86_64)0:1.3.3.1-13.el7(x86_64)0:0.2.8-1.el7(i686|x86_64)0:0.2.8-1.el7(i686|x86_64)0:4.0.3-25.el7_2(x86_64)0:4.0.3-25.el7_2(x86_64)0:1.2.8-16.el7(i686|x86_64)0:1.2.8-16.el7(x86_64)0:1.900.1-26.el7_0.2(i686|x86_64)0:1.900.1-26.el7_0.2(x86_64)0:6.0-15.el7(x86_64)0:5.4.16-36.el7_1(x86_64)0:1.900.1-26.el7_0.3(i686|x86_64)0:1.900.1-26.el7_0.30:2-7.1-00:2-10.1-00:3.12.39-47.1(x86_64)0:3.10.0-229.1.2.el7(noarch)0:3.10.0-229.1.2.el7(i686|x86_64)0:9.2.10-2.el7_1(x86_64)0:9.2.10-2.el7_1(x86_64)0:5.0.7-54.el7(x86_64)0:1.0.1e-42.el7_1.8(i686|x86_64)0:1.0.1e-42.el7_1.8(i686|x86_64)0:2.5.2-11.el7_4(noarch)0:2.5.2-11.el7_4(x86_64)0:2.5.2-11.el7_4(x86_64)0:1.3.1-3.el7(noarch)0:1.3.1-3.el7(x86_64)0:2.23.52.0.1-55.el7(i686|x86_64)0:2.23.52.0.1-55.el7(x86_64)0:9.9.4-14.el7_0.1(i686|x86_64)0:9.9.4-14.el7_0.1(noarch)0:9.9.4-14.el7_0.1(x86_64)0:3.10.0-229.20.1.el7(noarch)0:3.10.0-229.20.1.el7(i686|x86_64)0:3.1.18-10.el7_0(x86_64)0:3.1.18-10.el7_0(x86_64)0:1.4.20-26.el7(i686|x86_64)0:1.4.20-26.el7(i686|x86_64)0:31.4.0-1.el7_0(i686|x86_64)0:1.10.14-7.el7(x86_64)0:1.10.14-7.el7(x86_64)0:1.3.0-5.el7_1(i686|x86_64)0:1.3.0-5.el7_1(i686|x86_64)0:8.32-14.el7(x86_64)0:8.32-14.el7(x86_64)0:2.11-24.el7(i686|x86_64)0:0.1.4-11.el7_0(i686|x86_64)0:1.3.10-5.7.el7(x86_64)0:1.3.10-5.7.el7(x86_64)0:4.2.6p5-19.el7_0(noarch)0:4.2.6p5-19.el7_0(x86_64)0:4.2.6p5-22.el7(noarch)0:4.2.6p5-22.el7(x86_64)0:3.10.0-123.13.2.el7(noarch)0:3.10.0-123.13.2.el7(x86_64)0:2.7.5-58.el7(i686|x86_64)0:2.7.5-58.el7(i686|x86_64)0:2.17-222.el7(x86_64)0:2.17-222.el7(x86_64)0:3.10.0-229.7.2.el7(noarch)0:3.10.0-229.7.2.el7(i686|x86_64)0:3.1.1-4.el7_9.2(x86_64)0:3.10.0-229.14.1.el7(noarch)0:3.10.0-229.14.1.el7(i686|x86_64)0:2.4.11-10.el7_1.1(x86_64)0:2.4.11-10.el7_1.1(x86_64)0:1.6.3-17.el7_1.1(i686|x86_64)0:1.6.3-17.el7_1.1(noarch)0:1.6.3-17.el7_1.1(x86_64)0:3.10.0-229.11.1.el7(noarch)0:3.10.0-229.11.1.el7(i686|x86_64)0:2.17-196.el7(x86_64)0:2.17-196.el7(noarch)0:1.8.3.1-11.el7(x86_64)0:1.8.3.1-11.el7(x86_64)0:1.0.1e-42.el7_1.4(i686|x86_64)0:1.0.1e-42.el7_1.4(i686|x86_64)0:2.17-55.el7_0.5(x86_64)0:2.17-55.el7_0.5(i686|x86_64)0:4.1.1-38.el7_0(x86_64)0:4.1.1-38.el7_0(x86_64)0:1.7.14-7.el7_1.1(i686|x86_64)0:1.7.14-7.el7_1.1(i686|x86_64)0:3.1.1-7.el7_1(noarch)0:3.1.1-7.el7_1(noarch)0:1.1.2-14.el7_1(x86_64)0:1.15.0-33.el7_1(i686|x86_64)0:1.15.0-33.el7_1(noarch)0:1.15.0-33.el7_1(x86_64)0:4.9.0-5.el7(x86_64)0:2.0.7-19.el7_1.2(i686|x86_64)0:1.1.0-8.git20130913.el7(x86_64)0:1.1.0-8.git20130913.el7(x86_64)0:1.0.6-27.el7(i686|x86_64)0:1.0.6-27.el7(x86_64)0:1.0.6-3.el7(i686|x86_64)0:1.0.6-2.el7(x86_64)0:1.0.6-2.el7(x86_64)0:4.1.0-18.el7_1.3(x86_64)0:0.54-3.el7_1(i686|x86_64)0:0.9.8e-29.el7_2.3(x86_64)0:5.5.44-1.el7_1(i686|x86_64)0:5.5.44-1.el7_1(i686|x86_64)0:38.0-3.el7_1(i686|x86_64)0:31.6.0-2.el7_1(x86_64)0:31.6.0-1.el7_1(i686|x86_64)0:31.5.3-3.el7_1(i686|x86_64)0:31.5.0-2.el7_0(x86_64)0:31.5.0-2.el7_1(i686|x86_64)0:31.5.0-1.el7_0(i686|x86_64)0:0.2.8.4-41.el7_1(x86_64)0:2.20-2.el7(x86_64)0:9.9.4-18.el7_1.1(i686|x86_64)0:9.9.4-18.el7_1.1(noarch)0:9.9.4-18.el7_1.10:2-3.1-0(i686|x86_64)0:1.5.3-86.el7_1.8(x86_64)0:1.5.3-86.el7_1.8(i686|x86_64)0:1.4.3-10.el7(noarch)0:1.4.3-10.el7(i686|x86_64)0:1.4.7-3.el7_10:2-6.1-00:3.12.43-52.6.1(x86_64)0:3.2.17-4.1.el7_1(i686|x86_64)0:2.9.1-6.el7_2.2(x86_64)0:2.9.1-6.el7_2.2(x86_64)0:2.1.1-1.el7(x86_64)0:0.9.137-13.el7_1.2(x86_64)0:1.3.3.1-16.el7_1(x86_64)0:2.0-17.el7_1(x86_64)0:1.1.13-10.el7(i686|x86_64)0:1.1.13-10.el7(x86_64)0:2.1.11-22.el7_1(i686|x86_64)0:2.1.11-22.el7_1(noarch)0:2.1.11-22.el7_1(i686|x86_64)0:2.1.11-23.el7_1(x86_64)0:2.1.11-23.el7_1(i686|x86_64)0:8.32-15.el7_2.1(x86_64)0:8.32-15.el7_2.1(x86_64)0:1.6.0.36-1.13.8.1.el7_1(x86_64)0:1.7.0.85-2.6.1.2.el7_1(noarch)0:1.7.0.85-2.6.1.2.el7_1(x86_64)0:1.8.0.51-1.b16.el7_1(noarch)0:1.8.0.51-1.b16.el7_1(i686|x86_64)0:0.7.92-3.el7(x86_64)0:0.16.1-5.el7(x86_64)0:31.7.0-1.el7_1(i686|x86_64)0:2.1.0-11.el7(i686|x86_64)0:38.1.0-1.el7_1(x86_64)0:31.8.0-1.el7_1(i686|x86_64)0:3.16.2.3-13.el7_1(x86_64)0:2.1.15-21.el7_1(i686|x86_64)0:4.10-1.el7(x86_64)0:4.10-1.el70:2-5.1-00:3.12.49-11.1(i686|x86_64)0:9.2.13-1.el7_1(x86_64)0:9.2.13-1.el7_1(x86_64)0:2.4.6-31.el7_1.1(noarch)0:2.4.6-31.el7_1.1(x86_64)0:1.0.1e-51.el7_2.1(i686|x86_64)0:1.0.1e-51.el7_2.1(x86_64)0:1.0.1e-51.el7_2.4(i686|x86_64)0:1.0.1e-51.el7_2.4(x86_64)0:3.12-10.1.el7_1(i686|x86_64)0:1.14.4-12.el7_1.1(x86_64)0:1.14.4-12.el7_1.1(i686|x86_64)0:1.5.3-86.el7_1.5(x86_64)0:1.5.3-86.el7_1.5(x86_64)0:4.2.3-11.el7_2(i686|x86_64)0:4.2.3-11.el7_2(x86_64)0:1.1.20-1.el7_2.2(i686|x86_64)0:1.1.20-1.el7_2.2(noarch)0:4.2.3-11.el7_2(x86_64)0:0.9.143-15.el7(i686|x86_64)0:1.1.8-12.el7_1.1(x86_64)0:3.15-5.el7_1(i686|x86_64)0:0.60-7.el7_1(x86_64)0:0.60-7.el7_1(x86_64)0:0.12.4-9.el7_1.1(i686|x86_64)0:3.4.0-2.el7(i686|x86_64)0:0.112-6.el7_2(noarch)0:0.112-6.el7_2(x86_64)0:1.0.35-21.el7(i686|x86_64)0:1.0.35-21.el7(i686|x86_64)0:2.4.40-8.el7(x86_64)0:2.4.40-8.el7(x86_64)0:1.5.4-4.el7_1.1(x86_64)0:3.10.0-229.4.2.el7(noarch)0:3.10.0-229.4.2.el7(x86_64)0:3.7.17-6.el7_1.1(i686|x86_64)0:3.7.17-6.el7_1.1(noarch)0:3.7.17-6.el7_1.1(x86_64)0:3.3.8-26.el7(i686|x86_64)0:1.5.3-86.el7_1.2(x86_64)0:1.5.3-86.el7_1.2(i686|x86_64)0:3.19.1-3.el7_1(x86_64)0:3.19.1-3.el7_1(i686|x86_64)0:3.19.1-1.el7_1(x86_64)0:1.0.1e-42.el7_1.6(i686|x86_64)0:1.0.1e-42.el7_1.6(i686|x86_64)0:38.2.0-4.el7_1(x86_64)0:38.2.0-1.el7_1(i686|x86_64)0:2.28.2-5.el7_1(i686|x86_64)0:38.1.1-1.el7_1(i686|x86_64)0:38.2.1-1.el7_1(i686|x86_64)0:38.3.0-2.el7_1(x86_64)0:38.3.0-1.el7_1(i686|x86_64)0:38.4.0-1.el7_1(x86_64)0:38.4.0-1.el7_2(x86_64)0:9.9.4-18.el7_1.2(i686|x86_64)0:9.9.4-18.el7_1.2(noarch)0:9.9.4-18.el7_1.2(x86_64)0:1.6.0.37-1.13.9.4.el7_1(x86_64)0:1.7.0.91-2.6.2.1.el7_1(noarch)0:1.7.0.91-2.6.2.1.el7_1(x86_64)0:1.8.0.65-2.b17.el7_1(noarch)0:1.8.0.65-2.b17.el7_1(x86_64)0:5.5.47-1.el7_2(i686|x86_64)0:5.5.47-1.el7_2(x86_64)0:1.7.0.95-2.6.4.0.el7_2(noarch)0:1.7.0.95-2.6.4.0.el7_2(x86_64)0:3.10.0-327.10.1.el7(noarch)0:3.10.0-327.10.1.el7(x86_64)0:2.0.0-10.el7(i686|x86_64)0:2.0.0-10.el7(i686|x86_64)0:1.5.3-86.el7_1.6(x86_64)0:1.5.3-86.el7_1.6(noarch)0:7.0.69-10.el7(x86_64)0:0.9.137-13.el7_1.4(x86_64)0:4.2.6p5-25.el7(noarch)0:4.2.6p5-25.el7(x86_64)0:1.900.1-30.el7_3(i686|x86_64)0:1.900.1-30.el7_3(i686|x86_64)0:2.17-106.el7_2.4(x86_64)0:2.17-106.el7_2.4(x86_64)0:0.12.4-9.el7_1.3(x86_64)0:2.1.11-35.el7(i686|x86_64)0:2.1.11-35.el7(noarch)0:2.1.11-35.el7(i686|x86_64)0:2.1.11-31.el7(x86_64)0:2.1.11-31.el7(i686|x86_64)0:2.17-106.el7_2.1(x86_64)0:2.17-106.el7_2.1(x86_64)0:2.02-0.29.el7(i686|x86_64)0:9.2.14-1.el7_1(x86_64)0:9.2.14-1.el7_1(i686|x86_64)0:1.13.0-40.el7(x86_64)0:1.13.0-40.el7(noarch)0:1.13.0-40.el7(x86_64)0:4.2.6p5-19.el7_1.3(noarch)0:4.2.6p5-19.el7_1.3(x86_64)0:3.10.0-327.3.1.el7(noarch)0:3.10.0-327.3.1.el7(x86_64)0:4.2.10-6.el7_2(i686|x86_64)0:4.2.10-6.el7_2(x86_64)0:4.2.0-15.el7_2.6.1(x86_64)0:1.1.25-1.el7_2(i686|x86_64)0:1.1.25-1.el7_2(i686|x86_64)0:2.1.5-1.el7_2(i686|x86_64)0:1.3.8-1.el7_2(i686|x86_64)0:0.9.26-1.el7_2(i686|x86_64)0:2.0-10.el7_2(x86_64)0:2.0-10.el7_2(noarch)0:2.0-10.el7_2(x86_64)0:0.9.26-1.el7_2(noarch)0:4.2.10-6.el7_2(x86_64)0:1.3.8-1.el7_2(x86_64)0:9.9.4-18.el7_1.3(i686|x86_64)0:9.9.4-18.el7_1.3(noarch)0:9.9.4-18.el7_1.3(x86_64)0:6.6.1p1-22.el7(i686|x86_64)0:0.9.3-9.22.el7(x86_64)0:5.7.2-20.el7_1.1(i686|x86_64)0:5.7.2-20.el7_1.10:4-2.3-00:2-4.1-00:3.12.44-52.18.1(x86_64)0:9.9.4-18.el7_1.5(i686|x86_64)0:9.9.4-18.el7_1.5(noarch)0:9.9.4-18.el7_1.5(i686|x86_64)0:2.4.39-7.el7_1(x86_64)0:2.4.39-7.el7_1(i686|x86_64)0:4.10.8-2.el7_1(i686|x86_64)0:3.19.1-7.el7_1.2(x86_64)0:3.19.1-7.el7_1.2(i686|x86_64)0:3.19.1-4.el7_1(i686|x86_64)0:38.5.0-3.el7_2(x86_64)0:38.5.0-1.el7_2(x86_64)0:0.2.0-33.el7_2(i686|x86_64)0:3.22.3-11.el7(x86_64)0:3.22.3-4.el7(noarch)0:3.2.1-22.el7_2(noarch)0:3.2-35.el7_2.3(x86_64)0:4.2.3-12.el7_2(i686|x86_64)0:4.2.3-12.el7_2(noarch)0:4.2.3-12.el7_2(i686|x86_64)0:3.3.8-14.el7_2(x86_64)0:3.3.8-14.el7_2(x86_64)0:1.8.0.71-2.b15.el7_2(noarch)0:1.8.0.71-2.b15.el7_2(i686|x86_64)0:3.19.1-19.el7_2(x86_64)0:3.19.1-19.el7_2(x86_64)0:1.0.1e-51.el7_2.2(i686|x86_64)0:1.0.1e-51.el7_2.2(i686|x86_64)0:1.2.50-7.el7_2(x86_64)0:9.9.4-29.el7_2.1(i686|x86_64)0:9.9.4-29.el7_2.1(noarch)0:9.9.4-29.el7_2.10:3.12.51-60.25.1(i686|x86_64)0:2.9.1-6.el7.4(x86_64)0:2.9.1-6.el7.4(i686|x86_64)0:1.5.13-7.el7_2(x86_64)0:4.2.6p5-22.el7_2.1(noarch)0:4.2.6p5-22.el7_2.1(x86_64)0:6.6.1p1-31.el7(i686|x86_64)0:0.9.3-9.31.el7(x86_64)0:2.02-0.33.el7_20:3.12.51-60.20.2(x86_64)0:3.10.0-693.17.1.el7(noarch)0:3.10.0-693.17.1.el7(i686|x86_64)0:1.13.2-12.el7_2(x86_64)0:1.13.2-12.el7_20:3-8.2-0(x86_64)0:3.10.0-327.28.2.el7(noarch)0:3.10.0-327.28.2.el7(x86_64)0:9.9.4-29.el7_2.2(i686|x86_64)0:9.9.4-29.el7_2.2(noarch)0:9.9.4-29.el7_2.20:6-2.1-00:4-11.2-00:3.12.53-60.30.1(x86_64)0:3.10.0-327.22.2.el7(noarch)0:3.10.0-327.22.2.el7(i686|x86_64)0:2.7.1-8.el7(x86_64)0:3.10.0-957.el7(noarch)0:3.10.0-957.el7(i686|x86_64)0:0.26.5-16.el7(x86_64)0:0.26.5-16.el7(x86_64)0:1.32.7-3.el7(noarch)0:1.32.7-3.el7(x86_64)0:4.01.0-22.7.el7_2(i686|x86_64)0:4.0.3-27.el7_3(x86_64)0:4.0.3-27.el7_3(i686|x86_64)0:6.7.8.9-15.el7_2(x86_64)0:6.7.8.9-15.el7_2(x86_64)0:3.1.2-10.el7_2(i686|x86_64)0:3.1.2-10.el7_2(x86_64)0:4.6.8-5.el7(noarch)0:4.6.8-5.el7(x86_64)0:2.4.91-3.el7(x86_64)0:8.3.0-10.el7(i686|x86_64)0:3.0.0-8.el7(x86_64)0:2.99.917-28.20180530.el7(i686|x86_64)0:1.6.5-2.el7(noarch)0:1.6.5-2.el7(i686|x86_64)0:1.1.15-1.el7(i686|x86_64)0:1.5.4-1.el7(i686|x86_64)0:2.0.3-1.el7(i686|x86_64)0:1.2.0-1.el7(i686|x86_64)0:2.4.91-3.el7(i686|x86_64)0:1.5.2-1.el7(i686|x86_64)0:1.0.1-0.8.git5baa1e5.el7(i686|x86_64)0:1.10.7-2.el7(i686|x86_64)0:0.30-1.el7(noarch)0:0.30-1.el7(i686|x86_64)0:1.13-1.el7(noarch)0:1.13-1.el7(i686|x86_64)0:18.0.5-3.el7(x86_64)0:18.0.5-3.el7(x86_64)0:1.8.0-13.el7(noarch)0:1.8.0-13.el7(i686|x86_64)0:1.1.73.0-1.el7(noarch)0:1.1.73.0-1.el7(noarch)0:2.24-1.el7(x86_64)0:18.0.1-1.el7(x86_64)0:0.3.7-1.el7.1(x86_64)0:2.10.6-1.el7(i686|x86_64)0:2.10.6-1.el7(x86_64)0:0.5.0-1.el7(i686|x86_64)0:2.99.917-28.20180530.el7(x86_64)0:0.27.1-2.el7(i686|x86_64)0:0.27.1-2.el7(x86_64)0:1.9.2-2.el7(i686|x86_64)0:1.9.2-2.el7(x86_64)0:1.0.15-1.el7(i686|x86_64)0:0.5.0-3.el7.1(x86_64)0:0.1.5-4.el7.1(x86_64)0:1.9.0-2.el7(i686|x86_64)0:1.9.0-2.el7(x86_64)0:0.2.0-49.el7(x86_64)0:2.4.0-1.el7(x86_64)0:13.1.0-1.el7.1(x86_64)0:13.2.1-1.el7.1(x86_64)0:1.4.1-2.el7.1(x86_64)0:0.36.1-1.el7(i686|x86_64)0:0.36.1-1.el7(x86_64)0:7.5-21.el7(noarch)0:2018.4-1.el7(x86_64)0:1.20.1-3.el7(i686|x86_64)0:1.20.1-3.el7(noarch)0:1.20.1-3.el7(x86_64)0:7.5-23.el7(x86_64)0:7.7-14.el7(i686|x86_64)0:7.7-14.el7(x86_64)0:3.10.0-1127.el7(noarch)0:3.10.0-1127.el7(i686|x86_64)0:1.1.10-1.el7(x86_64)0:1.1.10-1.el7(x86_64)0:0.6.50-2.el7(i686|x86_64)0:0.6.50-2.el7(noarch)0:3.28.0-1.el7(i686|x86_64)0:3.28-2.el7(noarch)0:7-20180614.el7(i686|x86_64)0:2.26.2-1.el7(i686|x86_64)0:2.28.0-1.el7(i686|x86_64)0:2.28.1-1.el7(x86_64)0:3.28.0-2.el7(x86_64)0:0.4-3.el7(x86_64)0:3.12.2-5.el7(i686|x86_64)0:3.12.2-5.el7(i686|x86_64)0:1.15.12-3.el7(x86_64)0:3.28.0-1.el7(i686|x86_64)0:3.28.0-1.el7(i686|x86_64)0:3.0.26-1.el7(i686|x86_64)0:0.23-2.el7(i686|x86_64)0:1.0.1-2.el7(i686|x86_64)0:3.28.1-4.el7(x86_64)0:3.28.1-4.el7(i686|x86_64)0:0.28.0-4.el7(i686|x86_64)0:3.28.1-1.el7(x86_64)0:4.0.1-8.el7(x86_64)0:3.12.13-1.el7(i686|x86_64)0:3.28.3-1.el7(x86_64)0:3.28.2-5.el7(i686|x86_64)0:3.28.2-5.el7(i686|x86_64)0:3.28.5-2.el7(x86_64)0:3.28.5-2.el7(i686|x86_64)0:3.28.5-1.el7(noarch)0:3.28.5-1.el7(x86_64)0:3.28.5-1.el7(noarch)0:3.28.5-2.el7(i686|x86_64)0:3.28.3-2.el7(noarch)0:3.28.3-2.el7(x86_64)0:3.28.1-2.el7(x86_64)0:1.0.2-2.el7(x86_64)0:1.0.0-2.el7(i686|x86_64)0:0.11.4-1.el7(i686|x86_64)0:2.13.0-4.3.el7(noarch)0:2.13.0-4.3.el7(i686|x86_64)0:2.8-12.el7(x86_64)0:2.8-12.el7(i686|x86_64)0:1.0.2-1.el7(i686|x86_64)0:1.0.8-4.el7(x86_64)0:12-5.el7(i686|x86_64)0:2.36.12-3.el7(x86_64)0:2.36.12-3.el7(i686|x86_64)0:3.28.2-9.el7(x86_64)0:3.28.1-1.el7(i686|x86_64)0:2.4.8-1.el7(x86_64)0:2.4.8-1.el7(i686|x86_64)0:3.26.0-2.el7(i686|x86_64)0:1.52.3-1.el7(x86_64)0:1.52.3-1.el7(x86_64)0:3.22.1-1.el7(i686|x86_64)0:3.22.1-1.el7(i686|x86_64)0:2.56.1-1.el7(x86_64)0:2.56.1-1.el7(i686|x86_64)0:2.56.1-2.el7(noarch)0:2.56.1-2.el7(x86_64)0:2.56.1-2.el7(i686|x86_64)0:2.56.0-1.el7(noarch)0:2.56.0-1.el7(i686|x86_64)0:3.28.2-1.el7(x86_64)0:3.28.2-1.el7(noarch)0:3.28.1-5.el7(i686|x86_64)0:3.28.2-2.el7(x86_64)0:3.28.2-2.el7(x86_64)0:3.26.1-2.el7(x86_64)0:3.28.3-1.el7(noarch)0:3.28.2-1.el7(x86_64)0:3.26.0-1.el7(x86_64)0:3.28.1-5.el7(i686|x86_64)0:3.28.1-2.el7(x86_64)0:3.28.3-6.el7(x86_64)0:3.28.2-3.el7(x86_64)0:3.28-2.el7(noarch)0:3.28.1-2.el7(i686|x86_64)0:1.56.1-1.el7(x86_64)0:1.56.1-1.el7(i686|x86_64)0:0.3.3-1.el7(noarch)0:20180508-4.el7(i686|x86_64)0:0.3.6-1.el7(x86_64)0:0.3.7-1.el7(i686|x86_64)0:3.28.0-2.el7(i686|x86_64)0:1.6.1-1.el7(noarch)0:1.6.1-1.el7(noarch)0:1.0.2-1.el7(x86_64)0:1.0.2-1.el7(i686|x86_64)0:1.10.4-2.el7(noarch)0:1.10.4-2.el7(x86_64)0:1.10.4-2.el7(x86_64)0:1.28-2.el7(x86_64)0:3.22.30-3.el7(i686|x86_64)0:3.22.30-3.el7(i686|x86_64)0:3.24.8-1.el7(x86_64)0:3.24.8-1.el7(i686|x86_64)0:10.0.4-1.el7(i686|x86_64)0:1.0.2-5.el7(noarch)0:1.0.2-5.el7(i686|x86_64)0:0.2.5-2.el7(x86_64)0:0.2.5-2.el7(i686|x86_64)0:1.36.2-1.el7(x86_64)0:1.36.2-1.el7(i686|x86_64)0:1.7.5-2.el7(i686|x86_64)0:1.4.2-2.el7(x86_64)0:1.4.2-2.el7(i686|x86_64)0:0.7.8-2.el7(i686|x86_64)0:0.12.16-2.el7(noarch)0:0.12.16-2.el7(i686|x86_64)0:0.6.12-4.el7(i686|x86_64)0:0.17.9-1.el7(i686|x86_64)0:0.20.1-1.el7(i686|x86_64)0:0.6.0-1.el7(i686|x86_64)0:0.10.8-1.el7(i686|x86_64)0:3.26.0-1.el7(i686|x86_64)0:0.3.4-1.el7(i686|x86_64)0:2.38.0-3.el7(i686|x86_64)0:0.3.0-4.el7(x86_64)0:0.3.0-4.el7(i686|x86_64)0:3.0.3-2.el7(noarch)0:3.0.3-2.el7(i686|x86_64)0:1.2.90-6.el7(x86_64)0:1.2.90-6.el7(i686|x86_64)0:1.9.4-1.el7(x86_64)0:1.9.4-1.el7(i686|x86_64)0:1.1.0-2.el7(x86_64)0:1.1.0-2.el7(i686|x86_64)0:1.22.0-1.el7(i686|x86_64)0:2.40.20-1.el7(x86_64)0:2.40.20-1.el7(i686|x86_64)0:0.18.6-1.el7(i686|x86_64)0:2.62.2-2.el7(i686|x86_64)0:1.15.0-1.el7(i686|x86_64)0:3.24.1-2.el7(i686|x86_64)0:52.9.0-1.el7(i686|x86_64)0:3.28.3-4.el7(i686|x86_64)0:3.26.3.1-2.el7(x86_64)0:3.8.6-1.el7(i686|x86_64)0:2.3-3.el7(x86_64)0:2.3-3.el7(noarch)0:2.3-3.el7(noarch)0:20180531-1.el7(i686|x86_64)0:1.42.4-1.el7(x86_64)0:1.42.4-1.el7(i686|x86_64)0:0.26.5-20.el7(x86_64)0:0.26.5-20.el7(x86_64)0:0.10.8-1.el7(noarch)0:2.26.0-3.el7(i686|x86_64)0:0.8.1-2.el7(x86_64)0:3.4.2-2.el7(x86_64)0:3.11.92-11.el7(i686|x86_64)0:0.28.4-1.el7(x86_64)0:3.26.2-1.el7(i686|x86_64)0:3.26.1-1.el7(i686|x86_64)0:0.99.7-1.el7(noarch)0:0.99.7-1.el7(i686|x86_64)0:0.40.8-1.el7(noarch)0:0.40.8-1.el7(x86_64)0:3.22.0-7.el7(x86_64)0:0.52.2-2.el7(i686|x86_64)0:0.52.2-2.el7(noarch)0:1.15.0-1.el7(noarch)0:1.14-1.el7(i686|x86_64)0:2.20.5-1.el7(noarch)0:2.20.5-1.el7(x86_64)0:1.6.0.38-1.13.10.0.el7_2(x86_64)0:4.2.46-28.el7(x86_64)0:1.7.0.99-2.6.5.0.el7_2(noarch)0:1.7.0.99-2.6.5.0.el7_2(x86_64)0:1.8.0.77-0.b03.el7_2(noarch)0:1.8.0.77-0.b03.el7_2(x86_64)0:5.5.50-1.el7_2(i686|x86_64)0:5.5.50-1.el7_2(x86_64)0:1.6.0.39-1.13.11.0.el7_2(x86_64)0:1.7.0.101-2.6.6.1.el7_2(noarch)0:1.7.0.101-2.6.6.1.el7_2(x86_64)0:1.8.0.91-0.b14.el7_2(noarch)0:1.8.0.91-0.b14.el7_2(i686|x86_64)0:2.1.0-10.el7_3(x86_64)0:0.9.152-10.el7(x86_64)0:3.10.0-327.4.5.el7(noarch)0:3.10.0-327.4.5.el7(i686|x86_64)0:3.1.1-8.el7_2(noarch)0:3.1.1-8.el7_2(x86_64)0:2.4.6-45.el7_3.4(noarch)0:2.4.6-45.el7_3.4(x86_64)0:1.3.4.0-26.el7_2(x86_64)0:0.12.4-15.el7_2.1(x86_64)0:3.10.0-327.18.2.el7(noarch)0:3.10.0-327.18.2.el7(noarch)0:7.0.76-2.el7(x86_64)0:1.4.0-12.el7(noarch)0:1.4.0-12.el7(i686|x86_64)0:1.4.0-12.el7(x86_64)0:1.2.4-1.el7(i686|x86_64)0:3.2.28-2.el7(x86_64)0:3.2.28-2.el7(i686|x86_64)0:1.4.0-2.el7(x86_64)0:1.4.0-2.el7(i686|x86_64)0:9.2.15-1.el7_2(x86_64)0:9.2.15-1.el7_2(x86_64)0:6.6.1p1-23.el7_2(i686|x86_64)0:0.9.3-9.23.el7_2(i686|x86_64)0:1.4.3-10.el7_2.1(noarch)0:1.4.3-10.el7_2.1(x86_64)0:1.0.1e-51.el7_2.5(i686|x86_64)0:1.0.1e-51.el7_2.5(x86_64)0:2.7.5-38.el7_2(i686|x86_64)0:2.7.5-38.el7_2(x86_64)0:12.1.0-5.el7_2(x86_64)0:3.5.20-2.el7_3.2(x86_64)0:7.4p1-11.el7(i686|x86_64)0:0.10.3-1.11.el70:4.4.21-69.10:4.4.21-81.30:4.4.21-84.10:4.4.21-90.10:4.4.38-93.10:4.4.38-93.1(x86_64)0:2.4.74-1.el7(i686|x86_64)0:1.0.9-9.el7(i686|x86_64)0:1.6.5-1.el7(noarch)0:1.6.5-1.el7(i686|x86_64)0:1.0.13-4.el7(i686|x86_64)0:1.1.14-8.el7(i686|x86_64)0:1.1.2-6.el7(i686|x86_64)0:5.0.3-1.el7(i686|x86_64)0:2.0.1-2.el7(i686|x86_64)0:1.7.9-1.el7(i686|x86_64)0:3.5.12-1.el7(i686|x86_64)0:1.5.1-2.el7(i686|x86_64)0:0.9.10-1.el7(i686|x86_64)0:1.1.5-3.el7(i686|x86_64)0:1.2.3-1.el7(i686|x86_64)0:1.0.11-1.el7(i686|x86_64)0:1.0.10-1.el7(i686|x86_64)0:1.1.4-1.el7(i686|x86_64)0:2.4.74-1.el7(i686|x86_64)0:1.3.1-1.el7(i686|x86_64)0:1.5.6-1.el7(x86_64)0:1.5.6-1.el7(i686|x86_64)0:1.1.3-3.el7(i686|x86_64)0:1.6.3-2.el7(i686|x86_64)0:1.1.1-3.el7(noarch)0:1.1.1-3.el7(i686|x86_64)0:0.24-1.el7(noarch)0:0.24-1.el7(i686|x86_64)0:1.12-1.el7(noarch)0:1.12-1.el7(i686|x86_64)0:0.7.1-1.el7(i686|x86_64)0:1.0.9-3.el7(i686|x86_64)0:17.0.1-6.20170307.el7(i686|x86_64)0:3.9.1-3.el7(x86_64)0:17.0.1-6.20170307.el7(i686|x86_64)0:1.0.39.1-2.el7(noarch)0:1.0.39.1-2.el7(noarch)0:1.12-2.el7(noarch)0:2.20-1.el7(noarch)0:7.7-20.el7(x86_64)0:5.4.16-43.el7_4(x86_64)0:52.1.0-1.el7_3(i686|x86_64)0:2.0.18-1.el7(noarch)0:0.4.3-1.el7(i686|x86_64)0:0.10.23-23.el7(x86_64)0:0.10.23-23.el7(i686|x86_64)0:0.10.31-13.el7(noarch)0:0.10.31-13.el7(i686|x86_64)0:1.10.4-1.el7(noarch)0:1.10.4-1.el7(x86_64)0:1.10.4-1.el7(i686|x86_64)0:0.4.26-1.el7(x86_64)0:0.4.26-1.el7(noarch)0:0.4.26-1.el7(i686|x86_64)0:1.3.4-1.el7(x86_64)0:1.3.4-1.el7(x86_64)0:1.8.0-1.el7(noarch)0:1.8.0-1.el7(x86_64)0:3.10.0-514.21.1.el7(noarch)0:3.10.0-514.21.1.el7(x86_64)0:1.8.5-4.el7(x86_64)0:2.7.1-11.el7(i686|x86_64)0:2.17-292.el7(x86_64)0:2.17-292.el7(noarch)0:2.7.2-3.el7_6(x86_64)0:7.4.160-1.el7_3.1(x86_64)0:9.9.4-29.el7_2.3(i686|x86_64)0:9.9.4-29.el7_2.3(noarch)0:9.9.4-29.el7_2.3(i686|x86_64)0:38.6.1-1.el7_2(i686|x86_64)0:1.3.6-1.el7_2(x86_64)0:4.2.6p5-22.el7_2.2(noarch)0:4.2.6p5-22.el7_2.20:3.12.57-60.35.1(i686|x86_64)0:1.5.3-105.el7_2.3(x86_64)0:1.5.3-105.el7_2.3(i686|x86_64)0:2.9.1-6.el7_2.3(x86_64)0:2.9.1-6.el7_2.3(x86_64)0:6.6.1p1-25.el7_2(i686|x86_64)0:0.9.3-9.25.el7_2(i686|x86_64)0:38.6.0-1.el7_2(x86_64)0:38.6.0-1.el7_2(i686|x86_64)0:3.19.1-9.el7_2(i686|x86_64)0:38.7.0-1.el7_2(x86_64)0:38.7.0-1.el7_2(i686|x86_64)0:4.11.0-1.el7_2(i686|x86_64)0:3.21.0-9.el7_2(i686|x86_64)0:3.16.2.3-14.2.el7_2(x86_64)0:3.21.0-9.el7_2(i686|x86_64)0:3.21.0-2.2.el7_2(x86_64)0:1.5.3-126.el7(x86_64)0:4.2.10-7.el7_2(i686|x86_64)0:4.2.10-7.el7_2(noarch)0:4.2.10-7.el7_2(x86_64)0:4.10.16-17.el7_9(i686|x86_64)0:4.10.16-17.el7_9(noarch)0:4.10.16-17.el7_9(x86_64)0:4.4.4-13.el7_3(i686|x86_64)0:4.4.4-13.el7_3(noarch)0:4.4.4-13.el7_3(x86_64)0:1.0.1e-51.el7_2.7(i686|x86_64)0:1.0.1e-51.el7_2.7(x86_64)0:2.7.5-69.el7_5(i686|x86_64)0:2.7.5-69.el7_5(noarch)0:1.8.3.1-6.el7_2.1(x86_64)0:1.8.3.1-6.el7_2.1(x86_64)0:3.5.20-2.el7(x86_64)0:4.2.5-47.el7(i686|x86_64)0:4.2.5-47.el7(x86_64)0:9.9.4-29.el7_2.4(i686|x86_64)0:9.9.4-29.el7_2.4(noarch)0:9.9.4-29.el7_2.4(i686|x86_64)0:45.1.0-1.el7_2(x86_64)0:38.8.0-1.el7_2(i686|x86_64)0:45.2.0-1.el7_2(x86_64)0:45.2-1.el7_2(i686|x86_64)0:45.3.0-1.el7_2(i686|x86_64)0:3.21.3-2.el7_3(x86_64)0:3.21.3-2.el7_3(i686|x86_64)0:3.21.3-1.1.el7_3(x86_64)0:45.3.0-1.el7_2(x86_64)0:1.5.3-126.el7_3.3(x86_64)0:2.6.2-6.el7_2(i686|x86_64)0:2.17-157.el7(x86_64)0:2.17-157.el7(x86_64)0:1.0.14-7.el7(i686|x86_64)0:1.14.1-26.el7(x86_64)0:1.14.1-26.el7(x86_64)0:3.10.0-327.36.1.el7(noarch)0:3.10.0-327.36.1.el7(i686|x86_64)0:4.0.3-32.el7(x86_64)0:4.0.3-32.el7(x86_64)0:1.6.0.40-1.13.12.5.el7_2(x86_64)0:1.7.0.111-2.6.7.2.el7_2(noarch)0:1.7.0.111-2.6.7.2.el7_2(x86_64)0:1.8.0.101-3.b13.el7_2(noarch)0:1.8.0.101-3.b13.el7_2(x86_64)0:5.5.52-1.el7(i686|x86_64)0:5.5.52-1.el7(i686|x86_64)0:1.2.90-8.el7(x86_64)0:1.2.90-8.el7(x86_64)0:3.10.0-862.el7(noarch)0:3.10.0-862.el7(i686|x86_64)0:1.2-6.el7_2(i686|x86_64)0:1.5.3-105.el7_2.4(x86_64)0:1.5.3-105.el7_2.4(i686|x86_64)0:6.7.8.9-13.el7_2(x86_64)0:6.7.8.9-13.el7_2(x86_64)0:1.5.3-141.el7(x86_64)0:3.3.8-26.el7_2.3(x86_64)0:3.2.24-4.el7_2(noarch)0:3.0.59-2.el7_2(i686|x86_64)0:3.1.1-9.el7(noarch)0:3.1.1-9.el7(i686|x86_64)0:2.9.1-6.el7_9.6(x86_64)0:2.9.1-6.el7_9.6(x86_64)0:1.14-13.el7(x86_64)0:1.3.5.10-11.el7(x86_64)0:2.8.16-3.el7(i686|x86_64)0:2.8.16-3.el7(noarch)0:2.8.2-1.el70:6-17.2-00:3.12.59-60.41.2(noarch)0:3.1.3-9.el7_5(i686|x86_64)0:2.23.2-33.el7(x86_64)0:2.23.2-33.el7(i686|x86_64)0:1.5.3-105.el7_2.7(x86_64)0:1.5.3-105.el7_2.7(x86_64)0:1.5.1-16.el7_3(i686|x86_64)0:1.5.1-16.el7_30:7-20.2-00:7-2.1-00:3.12.62-60.62.10:3-5.1-00:3.12.62-60.62.1(x86_64)0:3.10.0-327.36.3.el7(noarch)0:3.10.0-327.36.3.el7(i686|x86_64)0:45.4.0-1.el7_2(x86_64)0:45.4.0-1.el7_2(i686|x86_64)0:45.5.0-1.el7_3(x86_64)0:45.5.0-1.el7_3(x86_64)0:3.15-8.el7(i686|x86_64)0:2.10.95-10.el7(noarch)0:2.10.95-10.el7(x86_64)0:5.4.16-36.3.el7_2(x86_64)0:1.6.3-1.el7_2.1(noarch)0:1.6.3-1.el7_2.1(x86_64)0:2.4.6-40.el7_2.4(noarch)0:2.4.6-40.el7_2.4(x86_64)0:5.4.16-42.el7(x86_64)0:4.2.0-15.el7_2.19(noarch)0:0.4.3.2-8.el7(x86_64)0:7.29.0-35.el7(i686|x86_64)0:7.29.0-35.el7(i686|x86_64)0:9.2.18-1.el7(x86_64)0:9.2.18-1.el7(x86_64)0:1.6.0.41-1.13.13.1.el7_3(x86_64)0:1.7.0.121-2.6.8.0.el7_3(noarch)0:1.7.0.121-2.6.8.0.el7_3(x86_64)0:1.8.0.111-1.b15.el7_2(noarch)0:1.8.0.111-1.b15.el7_2(x86_64)0:1.7.0.131-2.6.9.0.el7_3(noarch)0:1.7.0.131-2.6.9.0.el7_3(i686|x86_64)0:1.8.0.121-0.b13.el7_3(x86_64)0:1.8.0.121-0.b13.el7_3(noarch)0:1.8.0.121-0.b13.el7_3(x86_64)0:2.7.5-48.el7(i686|x86_64)0:2.7.5-48.el7(i686|x86_64)0:2.0.35-27.el7_9(x86_64)0:2.0.35-27.el7_9(x86_64)0:60.5.0-1.el7_6(i686|x86_64)0:1.5.3-13.el7_3.10:2-9.1-00:3.12.62-60.64.8.20:3.12.62-60.64.8.2(x86_64)0:5.5.56-2.el7(i686|x86_64)0:5.5.56-2.el7(noarch)0:1.8.9-8.el7_4(noarch)0:7.0.69-11.el7_3(x86_64)0:3.10.0-514.6.1.el7(noarch)0:3.10.0-514.6.1.el7(x86_64)0:2.1.15-30.el7_9.2(noarch)0:4.4.0-14.el7_3.1.1(x86_64)0:4.4.0-14.el7_3.1.1(x86_64)0:1.8.6p7-21.el7_3(i686|x86_64)0:1.8.6p7-21.el7_3(x86_64)0:1.1.15-11.el7_3.2(i686|x86_64)0:1.1.15-11.el7_3.2(x86_64)0:3.10.0-327.36.2.el7(noarch)0:3.10.0-327.36.2.el7(noarch)0:3.0.6-4.el7(x86_64)0:1.8.6p7-20.el7(i686|x86_64)0:1.8.6p7-20.el70:8-23.2-00:8-2.1-0(x86_64)0:7.29.0-42.el7(i686|x86_64)0:7.29.0-42.el7(x86_64)0:4.2.6p5-25.el7_3.1(noarch)0:4.2.6p5-25.el7_3.1(i686|x86_64)0:3.3.26-9.el7(x86_64)0:3.3.26-9.el7(x86_64)0:2.5-9.el7(i686|x86_64)0:2.5-9.el7(i686|x86_64)0:219-30.el7_3.3(x86_64)0:219-30.el7_3.3(x86_64)0:1.1.15-11.el7(i686|x86_64)0:1.1.15-11.el7(x86_64)0:3.10.0-693.5.2.el7(noarch)0:3.10.0-693.5.2.el7(x86_64)0:1.0.1e-60.el7_3.1(i686|x86_64)0:1.0.1e-60.el7_3.1(x86_64)0:3.10.0-514.10.2.el7(noarch)0:3.10.0-514.10.2.el70:3.12.67-60.64.18.10:4.4.21-81.3(noarch)0:1.0.0-13.el7_3(x86_64)0:3.10.0-514.16.1.el7(noarch)0:3.10.0-514.16.1.el7(x86_64)0:1.4.15-10.el7_3.1(i686|x86_64)0:1.4.15-10.el7_3.1(x86_64)0:9.9.4-38.el7_3(i686|x86_64)0:9.9.4-38.el7_3(noarch)0:9.9.4-38.el7_3(i686|x86_64)0:45.5.1-1.el7_3(x86_64)0:45.5.1-1.el7_3(x86_64)0:9.9.4-38.el7_3.1(i686|x86_64)0:9.9.4-38.el7_3.1(noarch)0:9.9.4-38.el7_3.1(x86_64)0:1.900.1-33.el7(i686|x86_64)0:1.900.1-33.el7(i686|x86_64)0:0.10.23-22.el7_3(x86_64)0:0.10.23-22.el7_3(i686|x86_64)0:1.4.5-6.el7_30:3.12.67-60.64.21.10:4.4.21-84.1(x86_64)0:0.12.4-20.el7_3(x86_64)0:1.5.3-126.el7_3.6(i686|x86_64)0:0.10.31-12.el7_3(noarch)0:0.10.31-12.el7_3(i686|x86_64)0:1.4.5-3.el7_3(i686|x86_64)0:1.2.7-21.el7_9.1(i686|x86_64)0:45.6.0-1.el7_3(x86_64)0:45.6.0-1.el7_3(i686|x86_64)0:1.3.0-8.el7(x86_64)0:1.3.0-8.el7(x86_64)0:1.8.0-9.el7(noarch)0:1.8.0-9.el7(i686|x86_64)0:1.8.0-9.el7(x86_64)0:1.2.4-2.el7(i686|x86_64)0:3.2.28-4.el7(x86_64)0:3.2.28-4.el7(i686|x86_64)0:1.8.0-3.el7(x86_64)0:1.8.0-3.el70:4.4.103-6.33.10:5-2.2-00:4.4.103-6.38.10:4.4.82-6.3.10:8-2.2-00:4.4.82-6.6.10:7-2.2-00:4.4.82-6.9.10:4.4.92-6.18.10:6-2.2-00:4.4.92-6.30.10:4.4.92-6.30.1(x86_64)0:2.0.0.648-33.el7_4(noarch)0:2.0.0.648-33.el7_4(i686|x86_64)0:2.0.0.648-33.el7_4(x86_64)0:1.2.0-33.el7_4(x86_64)0:0.4.2-33.el7_4(x86_64)0:1.7.7-33.el7_4(noarch)0:4.3.2-33.el7_4(x86_64)0:2.0.0-33.el7_4(noarch)0:0.9.6-33.el7_4(noarch)0:4.0.0-33.el7_4(noarch)0:2.0.14.1-33.el7_4(i686|x86_64)0:1.2.20-7.el7_4(x86_64)0:3.22.1-5.2.el7_4(i686|x86_64)0:3.22.1-5.2.el7_40:9-18.10.1-00:9-2.1-00:4.4.49-92.11.10:4.4.49-92.14.10:4.4.59-92.17.30:4.4.59-92.20.20:4.4.59-92.24.20:4.4.74-92.29.10:4.4.74-92.32.10:4.4.74-92.35.10:4.4.74-92.38.10:4.4.74-92.38.1(x86_64)0:2.6.2-8.el7_4(noarch)0:1.8.3.1-12.el7_4(x86_64)0:1.8.3.1-12.el7_4(x86_64)0:5.44-4.el7_4(i686|x86_64)0:5.44-4.el7_40:10-18.13.1-00:10-4.1-00:9-4.1-00:7-4.1-00:6-4.1-00:5-4.1-00:4-4.1-00:3-4.1-00:4.4.74-92.35.10:4.4.82-6.3.1(x86_64)0:3.10.0-693.2.2.el7(noarch)0:3.10.0-693.2.2.el7(x86_64)0:7.29.0-42.el7_4.1(i686|x86_64)0:7.29.0-42.el7_4.10:7-21.1-00:7-3.1-00:6-3.1-00:4-3.1-00:3-3.1-00:4.4.59-92.20.2(x86_64)0:3.10.0-514.21.2.el7(noarch)0:3.10.0-514.21.2.el7(i686|x86_64)0:2.17-157.el7_3.4(x86_64)0:2.17-157.el7_3.4(x86_64)0:1.8.6p7-22.el7_3(i686|x86_64)0:1.8.6p7-22.el7_3(x86_64)0:1.8.6p7-23.el7_3(i686|x86_64)0:1.8.6p7-23.el7_3(x86_64)0:3.10.0-693.11.1.el7(noarch)0:3.10.0-693.11.1.el70:4.4.90-92.45.10:4.4.90-92.45.10:4.4.92-6.18.10:4.12.14-95.40.10:4.12.14-95.40.10:4.12.14-120.10:8-21.2-00:4.12.14-122.7.10:4.12.14-122.7.10:4.12.14-150.41.10:4.12.14-150.41.10:4.12.14-197.26.10:4.12.14-197.26.1(i686|x86_64)0:6.9.10.68-3.el7(x86_64)0:6.9.10.68-3.el7(i686|x86_64)0:0.31.1-38.el7(x86_64)0:24.3-23.el7(noarch)0:24.3-23.el7(x86_64)0:0.92.2-3.el7(x86_64)0:1.7.0.151-2.6.11.1.el7_4(noarch)0:1.7.0.151-2.6.11.1.el7_4(i686|x86_64)0:1.8.0.141-1.b16.el7_3(x86_64)0:1.8.0.141-1.b16.el7_3(noarch)0:1.8.0.141-1.b16.el7_3(x86_64)0:1.7.0.161-2.6.12.0.el7_4(noarch)0:1.7.0.161-2.6.12.0.el7_4(x86_64)0:5.5.60-1.el7_5(i686|x86_64)0:5.5.60-1.el7_5(i686|x86_64)0:1.8.0.151-1.b12.el7_4(noarch)0:1.8.0.151-1.b12.el7_40:11-2.1-00:4.4.59-92.24.2(x86_64)0:1.5.3-141.el7_4.1(x86_64)0:3.0.13-8.el7_4(i686|x86_64)0:3.0.13-8.el7_4(i686|x86_64)0:1.15.1-18.el7(x86_64)0:1.15.1-18.el70:10-2.1-00:4.4.82-6.9.1(x86_64)0:3.10.0-862.6.3.el7(noarch)0:3.10.0-862.6.3.el7(x86_64)0:4.8.5-28.el7(i686|x86_64)0:4.8.5-28.el7(x86_64)0:4.6.2-11.el7_4(i686|x86_64)0:4.6.2-11.el7_4(noarch)0:4.6.2-11.el7_4(i686|x86_64)0:9.2.23-3.el7_4(x86_64)0:9.2.23-3.el7_4(i686|x86_64)0:1.15.2-50.el7_4.8(x86_64)0:1.15.2-50.el7_4.8(noarch)0:1.15.2-50.el7_4.8(x86_64)0:3.10.0-693.21.1.el7(noarch)0:3.10.0-693.21.1.el7(i686|x86_64)0:1.4.8-3.el7_4.1(noarch)0:7.0.76-3.el7_4(i686|x86_64)0:1.5.13-8.el7(x86_64)0:2.6-5.el7_4.1(x86_64)0:1.14-15.el7_4.10:4.4.114-94.11.30:4.4.114-94.14.1(x86_64)0:3.10.0-862.11.6.el7(noarch)0:3.10.0-862.11.6.el7(x86_64)0:1.5.3-156.el7(x86_64)0:1.5.3-141.el7_4.4(x86_64)0:24.3-20.el7_4(noarch)0:24.3-20.el7_4(x86_64)0:2.76-2.el7_4.2(x86_64)0:3.1.2-12.el7(i686|x86_64)0:3.1.2-12.el7(i686|x86_64)0:3.22.3-4.el7_4(x86_64)0:4.6.2-12.el7_4(i686|x86_64)0:4.6.2-12.el7_4(noarch)0:4.6.2-12.el7_4(noarch)0:1.9.4-1.el7(i686|x86_64)0:2.5.2-12.el7_4(noarch)0:2.5.2-12.el7_4(x86_64)0:2.5.2-12.el7_4(noarch)0:0.8-1.el7(x86_64)0:0.15-5.el7(x86_64)0:1.3.6.1-26.el7_4(x86_64)0:1.3.6.1-28.el7_40:4.4.21-69.1(x86_64)0:3.4.0-4.el7_5(x86_64)0:2.4.6-93.el7(noarch)0:2.4.6-93.el7(x86_64)0:2.4.6-95.el7(noarch)0:2.4.6-95.el7(x86_64)0:7.4p1-16.el7(i686|x86_64)0:0.10.3-2.16.el7(i686|x86_64)0:60.2.0-1.el7_5(x86_64)0:60.2.1-4.el7_5(x86_64)0:3.22-36.el7_4.1(x86_64)0:3.10.0-862.2.3.el7(noarch)0:3.10.0-862.2.3.el7(i686|x86_64)0:2.17-260.el7(x86_64)0:2.17-260.el70:4.4.103-92.53.10:4.4.103-92.56.10:4.4.90-92.50.10:4.4.90-92.50.1(x86_64)0:0.27.0-2.el7_6(i686|x86_64)0:0.27.0-2.el7_6(noarch)0:0.27.0-2.el7_6(x86_64)0:2.0.0.648-36.el7(noarch)0:2.0.0.648-36.el7(i686|x86_64)0:2.0.0.648-36.el7(x86_64)0:1.2.0-36.el7(x86_64)0:0.4.2-36.el7(x86_64)0:1.7.7-36.el7(noarch)0:4.3.2-36.el7(x86_64)0:2.0.0-36.el7(noarch)0:0.9.6-36.el7(noarch)0:4.0.0-36.el7(noarch)0:2.0.14.1-36.el7(i686|x86_64)0:2.0.0-7.el7_5(x86_64)0:2.0.0-7.el7_5(i686|x86_64)0:14.4.1-7.el7(x86_64)0:1.6.3-51.el7(i686|x86_64)0:1.6.3-51.el7(noarch)0:1.6.3-51.el7(i686|x86_64)0:0.92-3.el7(i686|x86_64)0:2.2.0-9.el70:4.12.14-23.10:4.12.14-25.3.10:4.12.14-25.3.1(x86_64)0:3.10.0-1160.el7(noarch)0:3.10.0-1160.el7(x86_64)0:3.10.0-1127.8.2.el7(noarch)0:3.10.0-1127.8.2.el7(i686|x86_64)0:0.9.9-14.el7_8.1(x86_64)0:3.10.0-514.26.1.el7(noarch)0:3.10.0-514.26.1.el7(noarch)0:4.4.0-14.el7_3.6(x86_64)0:4.4.0-14.el7_3.6(x86_64)0:1.5.3-126.el7_3.5(i686|x86_64)0:2.23.2-33.el7_3.2(x86_64)0:2.23.2-33.el7_3.20:8-18.7.1-00:4.4.49-92.11.1(x86_64)0:1.3.5.10-20.el7_3(i686|x86_64)0:2.56.0-4.el7_4(x86_64)0:9.9.4-38.el7_3.2(i686|x86_64)0:9.9.4-38.el7_3.2(noarch)0:9.9.4-38.el7_3.2(x86_64)0:9.9.4-38.el7_3.3(i686|x86_64)0:9.9.4-38.el7_3.3(noarch)0:9.9.4-38.el7_3.3(x86_64)0:9.9.4-50.el7_3.1(i686|x86_64)0:9.9.4-50.el7_3.1(noarch)0:9.9.4-50.el7_3.1(x86_64)0:4.2.5-58.el7_4.1(i686|x86_64)0:4.2.5-58.el7_4.1(x86_64)0:9.9.4-51.el7_4.2(i686|x86_64)0:9.9.4-51.el7_4.2(noarch)0:9.9.4-51.el7_4.2(x86_64)0:2.4.6-67.el7_4.2(noarch)0:2.4.6-67.el7_4.2(x86_64)0:1.7.0.141-2.6.10.1.el7_3(noarch)0:1.7.0.141-2.6.10.1.el7_3(i686|x86_64)0:1.8.0.131-2.b11.el7_3(x86_64)0:1.8.0.131-2.b11.el7_3(noarch)0:1.8.0.131-2.b11.el7_3(x86_64)0:1.0.2k-16.el7(i686|x86_64)0:1.0.2k-16.el7(x86_64)0:1.0.2k-12.el7(i686|x86_64)0:1.0.2k-12.el7(x86_64)0:0.31.3-1.el7_3(i686|x86_64)0:45.7.0-1.el7_3(x86_64)0:45.7.0-1.el7_3(i686|x86_64)0:52.0-4.el7_3(x86_64)0:45.8.0-1.el7_3(i686|x86_64)0:52.0-5.el7_3(i686|x86_64)0:52.1.0-2.el7_3(i686|x86_64)0:3.28.4-1.0.el7_3(x86_64)0:3.28.4-1.0.el7_3(i686|x86_64)0:52.2.0-1.el7_3(x86_64)0:52.2.0-1.el7_3(noarch)0:1.2.17-16.el7_4(noarch)0:7.0.69-12.el7_3(noarch)0:39.31.5.1-58.el7_4(noarch)0:18.168.6.1-58.el7_4(noarch)0:22.0.7.0-58.el7_4(noarch)0:15.32.2.9-58.el7_4(noarch)0:228.61.2.24-58.el7_4(noarch)0:8.83.5.1_1-58.el7_4(noarch)0:8.24.2.2-58.el7_4(noarch)0:9.221.4.1-58.el7_4(noarch)0:17.168.5.3-58.el7_4(noarch)0:17.168.5.2-58.el7_4(noarch)0:41.28.5.1-58.el7_4(x86_64)0:3.10.0-693.11.6.el7(noarch)0:3.10.0-693.11.6.el7(x86_64)0:3.2.0-14.el7_4.7(i686|x86_64)0:3.2.0-14.el7_4.7(noarch)0:20170606-58.gitc990aae.el7_4(x86_64)0:2.1-22.5.el7_4(x86_64)0:1.5.3-141.el7_4.6(noarch)0:20180508-6.gitee3198e672e2.el7(i686|x86_64)0:0.7.0-2.el7(x86_64)0:0.7.0-2.el70:3.12.67-60.64.24.10:3.12.69-60.64.29.10:4-11.1-0(x86_64)0:1.8.8-5.el7(x86_64)0:3.10.0-514.6.2.el7(noarch)0:3.10.0-514.6.2.el7(x86_64)0:4.2.6p5-28.el7(noarch)0:4.2.6p5-28.el7(i686|x86_64)0:0.6.31-20.el7(x86_64)0:0.6.31-20.el70:3.12.69-60.64.32.1(i686|x86_64)0:9.07-28.el7(x86_64)0:9.07-28.el7(noarch)0:9.07-28.el70:3.12.69-60.64.35.10:4.4.49-92.14.1(i686|x86_64)0:9.2.21-1.el7(x86_64)0:9.2.21-1.el7(x86_64)0:6.2.8-30.el7(x86_64)0:4.4.4-14.el7_3(i686|x86_64)0:4.4.4-14.el7_3(noarch)0:4.4.4-14.el7_3(i686|x86_64)0:3.28.4-1.2.el7_3(x86_64)0:3.28.4-1.2.el7_3(x86_64)0:0.12.8-2.el7.10:4.4.74-92.29.10:4.4.73-5.10:2-2.3.2-00:4.4.73-5.1(x86_64)0:3.10.0-693.1.1.el7(noarch)0:3.10.0-693.1.1.el7(noarch)0:10.4.1-11.el7(x86_64)0:10.4.1-11.el7(i686|x86_64)0:9.2.23-1.el7_4(x86_64)0:9.2.23-1.el7_4(x86_64)0:1.4.0-2.el7_4.1(i686|x86_64)0:1.4.0-2.el7_4.1(x86_64)0:1.5.3-126.el7_3.9(i686|x86_64)0:52.3.0-2.el7_4(x86_64)0:52.3.0-1.el7_4(i686|x86_64)0:60.1.0-4.el7_5(i686|x86_64)0:1.3.10-1.el7_3(i686|x86_64)0:52.4.0-1.el7_4(x86_64)0:52.4.0-2.el7_4(i686|x86_64)0:3.28.4-12.el7_4(x86_64)0:3.28.4-12.el7_4(i686|x86_64)0:52.5.0-1.el7_4(x86_64)0:52.5.0-1.el7_4(x86_64)0:52.5.2-1.el7_4(i686|x86_64)0:52.5.1-1.el7_4(x86_64)0:5.4.16-43.el7_4.1(i686|x86_64)0:9.07-20.el7_3.5(x86_64)0:9.07-20.el7_3.5(noarch)0:9.07-20.el7_3.5(i686|x86_64)0:4.14.8-6.el7_3(noarch)0:4.14.8-6.el7_3(x86_64)0:4.14.8-6.el7_3(i686|x86_64)0:0.2.4-0.8.el7_3(x86_64)0:0.2.0-38.el7_3(x86_64)0:1.8.3-1.el7(noarch)0:1.8.3-1.el7(x86_64)0:3.0.4-8.el7_3(i686|x86_64)0:3.0.4-8.el7_3(i686|x86_64)0:2.4.44-5.el7(x86_64)0:2.4.44-5.el7(x86_64)0:4.6.2-8.el7(i686|x86_64)0:4.6.2-8.el7(noarch)0:4.6.2-8.el7(x86_64)0:2.6.2-7.el7_3(x86_64)0:1.5.3-126.el7_3.10(i686|x86_64)0:0.26.5-17.el7_4(x86_64)0:0.26.5-17.el7_4(x86_64)0:2.4.6-67.el7_4.5(noarch)0:2.4.6-67.el7_4.5(x86_64)0:1.7.14-11.el7_4(i686|x86_64)0:1.7.14-11.el7_4(x86_64)0:1.14-18.el7(i686|x86_64)0:4.21.0-1.el7(i686|x86_64)0:3.44.0-4.el7(i686|x86_64)0:3.44.0-5.el7(x86_64)0:3.44.0-4.el7(i686|x86_64)0:3.44.0-3.el7(x86_64)0:2.1.15-30.el7(x86_64)0:1.0.2k-19.el7(i686|x86_64)0:1.0.2k-19.el7(noarch)0:20180508-3.gitee3198e672e2.el7(x86_64)0:7.29.0-51.el7(i686|x86_64)0:7.29.0-51.el7(i686|x86_64)0:1.0.3-5.el7(x86_64)0:3.5.20-15.el7(x86_64)0:0.9.162-5.el7_5.1(x86_64)0:2.6.2-10.el7(i686|x86_64)0:1.2.12-1.el7_5.1(x86_64)0:2.7.1-10.el7_50:3-2.2-00:4.4.120-94.17.10:4.4.126-94.22.10:4.12.14-95.19.10:4.12.14-95.24.10:4.12.14-95.29.10:4.12.14-95.32.10:4.12.14-95.37.10:4.12.14-95.45.10:4.12.14-95.48.10:4.12.14-95.51.10:4.12.14-95.51.10:5-12.2-00:4.12.14-122.12.10:4.12.14-122.17.10:4.12.14-122.20.10:4.12.14-150.22.10:4.12.14-150.27.10:4.12.14-150.32.10:4.12.14-150.35.10:4.12.14-150.38.10:4.12.14-150.47.10:4.12.14-150.47.10:4.12.14-195.10:12-34.1-00:4.12.14-197.10.10:4.12.14-197.15.10:4.12.14-197.18.10:4.12.14-197.21.10:4.12.14-197.29.10:4.12.14-197.34.10:4.12.14-197.37.10:4.12.14-197.4.10:4.12.14-197.40.10:4.12.14-197.7.10:4.12.14-197.7.1(x86_64)0:4.10.5-8.el7(i686|x86_64)0:4.10.5-8.el7(noarch)0:2.1.1-9.el7(x86_64)0:2.0.0-1.rc4.el7(i686|x86_64)0:2.0.0-1.rc4.el7(i686|x86_64)0:3.22.0-12.el7(x86_64)0:2.27-41.base.el7(i686|x86_64)0:2.27-41.base.el7(noarch)0:2.4.2-5.el7_5(i686|x86_64)0:9.07-29.el7_5.2(x86_64)0:9.07-29.el7_5.2(noarch)0:9.07-29.el7_5.2(x86_64)0:5.11-36.el7(i686|x86_64)0:5.11-36.el7(noarch)0:5.11-36.el7(x86_64)0:2.27-34.base.el7(i686|x86_64)0:2.27-34.base.el7(i686|x86_64)0:219-42.el7_4.7(x86_64)0:219-42.el7_4.7(x86_64)0:4.8.3-4.el7(i686|x86_64)0:4.8.3-4.el7(noarch)0:4.8.3-4.el7(x86_64)0:5.4.16-48.el7(x86_64)0:17.11-11.el7(noarch)0:17.11-11.el7(x86_64)0:2.7.5-76.el7(i686|x86_64)0:2.7.5-76.el7(x86_64)0:2.5-22.el7(i686|x86_64)0:2.5-22.el7(x86_64)0:3.9.0-14.el7_5.4(i686|x86_64)0:3.9.0-14.el7_5.4(x86_64)0:1.0.5-9.el7(noarch)0:10.5.1-13.1.el7_5(x86_64)0:10.5.1-13.1.el7_5(x86_64)0:2.4.3-2.el7_5.1(i686|x86_64)0:2.4.3-2.el7_5.1(i686|x86_64)0:3.3.29-8.el7(x86_64)0:3.3.29-8.el7(x86_64)0:1.3.7.5-28.el7_5(i686|x86_64)0:1.16.2-13.el7(x86_64)0:1.16.2-13.el7(noarch)0:1.16.2-13.el70:4.4.131-94.29.10:4.4.132-94.33.10:4.12.14-25.13.10:3-2.3-00:4.12.14-25.6.10:4.12.14-25.6.1(x86_64)0:3.10.0-1062.el7(noarch)0:3.10.0-1062.el7(i686|x86_64)0:0.34-3.el7_5.2(x86_64)0:0.34-3.el7_5.2(x86_64)0:0.14.0-2.el7_5.5(x86_64)0:1.3.7.5-21.el7_5(i686|x86_64)0:0.3.4-3.el7(i686|x86_64)0:0.35-4.el7(x86_64)0:0.35-4.el7(x86_64)0:0.14.0-18.el7(x86_64)0:5.0-15.el7(x86_64)0:19.4-7.el7(noarch)0:1.1.31-46.el7_50:4.4.138-94.39.10:4.4.140-94.42.10:4.4.143-94.47.10:4-10.2-0(x86_64)0:2.9.2-11.el7(i686|x86_64)0:2.9.2-11.el7(x86_64)0:5.44-6.el7(i686|x86_64)0:5.44-6.el7(x86_64)0:3.12.2-18.el7(i686|x86_64)0:9.2.24-1.el7_5(x86_64)0:9.2.24-1.el7_5(i686|x86_64)0:4.4.8-12.el7(noarch)0:4.4.8-12.el70:4.12.14-25.16.1(i686|x86_64)0:1.1.5-2.el7_5(x86_64)0:1.1.5-2.el7_5(x86_64)0:4.2.5-68.el7_5.1(i686|x86_64)0:4.2.5-68.el7_5.1(noarch)0:2.8.71-10.el7(i686|x86_64)0:0.112-26.el7(noarch)0:0.112-26.el7(i686|x86_64)0:3.3.10-26.el7(x86_64)0:3.3.10-26.el7(noarch)0:1.8.3.1-14.el7_5(x86_64)0:1.8.3.1-14.el7_5(i686|x86_64)0:3.3.10-17.el7_5.2(x86_64)0:3.3.10-17.el7_5.2(i686|x86_64)0:1.10.14-24.el7(x86_64)0:1.10.14-24.el7(i686|x86_64)0:1.8-8.20130218git.el7(noarch)0:1.8-8.20130218git.el7(i686|x86_64)0:9.25-2.el7(x86_64)0:9.25-2.el7(noarch)0:9.25-2.el7(x86_64)0:1.7.14-16.el7(i686|x86_64)0:1.7.14-16.el7(noarch)0:7.0.76-9.el7_6(x86_64)0:1.5.3-156.el7_5.5(noarch)0:1.92-3.el7(x86_64)0:2.0.22-5.el7_5(x86_64)0:3.10.0-957.12.2.el7(noarch)0:3.10.0-957.12.2.el7(x86_64)0:4.5.0-10.el7_6.9(i686|x86_64)0:4.5.0-10.el7_6.9(x86_64)0:1.5.3-160.el7_6.2(noarch)0:20180508-3.gitee3198e672e2.el7_6.1(x86_64)0:3.10.0-1062.4.2.el7(noarch)0:3.10.0-1062.4.2.el70:9-25.2-0(x86_64)0:4.2.6p5-29.el7(noarch)0:4.2.6p5-29.el7(x86_64)0:52.9.1-1.el7_5(i686|x86_64)0:60.2.1-1.el7_5(i686|x86_64)0:3.36.0-7.el7_5(x86_64)0:3.36.0-7.el7_5(i686|x86_64)0:60.2.2-1.el7_5(i686|x86_64)0:60.3.0-1.el7_5(x86_64)0:60.3.0-1.el7_5(i686|x86_64)0:60.4.0-1.el7(x86_64)0:60.4.0-1.el7_60:4.12.14-23.1(noarch)0:7.0.76-9.el7(i686|x86_64)0:3.1.1-10.el7_7(noarch)0:3.1.1-10.el7_7(x86_64)0:2.4.6-89.el7_6.1(noarch)0:2.4.6-89.el7_6.1(i686|x86_64)0:1.0.25-11.el7(x86_64)0:1.0.25-11.el7(x86_64)0:5.0.2-33.el7(noarch)0:7.0.76-8.el7_5(i686|x86_64)0:0.3.6-9.el7(i686|x86_64)0:0.41-21.el7(x86_64)0:0.41-21.el7(x86_64)0:1.5.21-28.el7_5(x86_64)0:1.5.21-29.el7(x86_64)0:2.6-12.el7(i686|x86_64)0:3.28.2-16.el7(i686|x86_64)0:1.6.7-2.el7(noarch)0:1.6.7-2.el7(i686|x86_64)0:0.7.1-3.el7(i686|x86_64)0:8.0.0-5.el7(x86_64)0:19.0.1-2.el7(x86_64)0:2.4.0-3.el7(x86_64)0:0.36.1-3.el7(i686|x86_64)0:0.36.1-3.el7(x86_64)0:1.20.4-7.el7(i686|x86_64)0:1.20.4-7.el7(noarch)0:1.20.4-7.el7(x86_64)0:7.29.0-51.el7_6.3(i686|x86_64)0:7.29.0-51.el7_6.30:4.4.155-94.50.10:4.4.156-94.57.10:4.4.156-94.61.10:4.4.156-94.64.10:5-13.2-00:4.12.14-25.19.1(x86_64)0:3.10.0-957.1.3.el7(noarch)0:3.10.0-957.1.3.el7(x86_64)0:3.10.0-862.14.4.el7(noarch)0:3.10.0-862.14.4.el7(x86_64)0:2.7.5-86.el7(i686|x86_64)0:2.7.5-86.el7(x86_64)0:1.3.8.4-15.el7(noarch)0:1.5-3.el7_6(x86_64)0:1.20.1-5.1.el7(i686|x86_64)0:1.20.1-5.1.el7(noarch)0:1.20.1-5.1.el7(i686|x86_64)0:0.5-0.6.alpha.el70:4.4.140-94.42.10:10-28.1-0(i686|x86_64)0:0.9.9-13.el7_60:3-7.3-0(x86_64)0:7.4p1-21.el7(i686|x86_64)0:0.10.3-2.21.el7(i686|x86_64)0:4.8.7-8.el7(x86_64)0:4.8.7-8.el7(noarch)0:4.8.7-8.el7(x86_64)0:5.9.7-1.el7(i686|x86_64)0:5.9.7-1.el7(noarch)0:5.9.7-1.el7(i686|x86_64)0:5.9.7-2.el7(noarch)0:5.9.7-2.el7(x86_64)0:5.9.7-2.el7(i686|x86_64)0:2.28.1-2.el7(i686|x86_64)0:3.28.5-8.el7(x86_64)0:3.28.5-8.el7(i686|x86_64)0:3.28.5-4.el7(noarch)0:3.28.5-4.el7(x86_64)0:3.28.5-4.el7(noarch)0:3.28.5-8.el7(i686|x86_64)0:3.28.5-5.el7(noarch)0:3.28.5-5.el7(i686|x86_64)0:219-67.el7(x86_64)0:219-67.el7(x86_64)0:1.12.0-8.el7_6(noarch)0:1.12.0-8.el7_6(i686|x86_64)0:1.12.0-8.el7_6(i686|x86_64)0:219-62.el7_6.2(x86_64)0:219-62.el7_6.2(x86_64)0:1.5.3-175.el7(i686|x86_64)0:9.07-31.el7_6.1(x86_64)0:9.07-31.el7_6.1(noarch)0:9.07-31.el7_6.1(i686|x86_64)0:9.07-31.el7_6.6(x86_64)0:9.07-31.el7_6.6(noarch)0:9.07-31.el7_6.6(x86_64)0:0.176-2.el7(noarch)0:0.176-2.el7(i686|x86_64)0:0.176-2.el7(i686|x86_64)0:0.19.0-3.el7(x86_64)0:2.0.0.648-34.el7_6(noarch)0:2.0.0.648-34.el7_6(i686|x86_64)0:2.0.0.648-34.el7_6(x86_64)0:1.2.0-34.el7_6(x86_64)0:0.4.2-34.el7_6(x86_64)0:1.7.7-34.el7_6(noarch)0:4.3.2-34.el7_6(x86_64)0:2.0.0-34.el7_6(noarch)0:0.9.6-34.el7_6(noarch)0:4.0.0-34.el7_6(noarch)0:2.0.14.1-34.el7_6(i686|x86_64)0:9.07-31.el7_6.9(x86_64)0:9.07-31.el7_6.9(noarch)0:9.07-31.el7_6.9(i686|x86_64)0:0.13.62-11.el7(x86_64)0:0.13.62-11.el7(x86_64)0:3.28.2-8.el7(i686|x86_64)0:3.28.2-8.el7(x86_64)0:4.10.5-7.el7(i686|x86_64)0:4.10.5-7.el7(i686|x86_64)0:0.26.5-38.el7(x86_64)0:0.26.5-38.el7(i686|x86_64)0:1.16.4-21.el7(x86_64)0:1.16.4-21.el7(noarch)0:1.16.4-21.el7(x86_64)0:7.29.0-54.el7(i686|x86_64)0:7.29.0-54.el7(i686|x86_64)0:9.07-31.el7_6.3(x86_64)0:9.07-31.el7_6.3(noarch)0:9.07-31.el7_6.30:4.12.14-94.41.10:9-2.25.1-00:4.12.14-95.3.10:8-2.5-00:4.12.14-95.6.10:7-2.5-00:4.12.14-95.6.10:4.12.14-25.28.10:7-2.3-00:4.12.14-25.28.1(x86_64)0:3.10.0-957.27.2.el7(noarch)0:3.10.0-957.27.2.el7(x86_64)0:8.24.0-38.el7(noarch)0:8.24.0-38.el70:4.4.162-94.69.20:4.4.162-94.72.10:4.4.162-94.72.10:3-2.7.2-00:4.12.14-95.3.10:8-22.2-00:4.12.14-25.22.10:4.12.14-25.25.1(i686|x86_64)0:2.7.3-9.el7(x86_64)0:2.7.3-9.el7(x86_64)0:2012-45.20130427_r30134.el7(noarch)0:svn26555.0-45.el7(noarch)0:svn15878.1.4-45.el7(noarch)0:svn15878.0.1-45.el7(noarch)0:svn29207.0-45.el7(noarch)0:svn29208.3.04-45.el7(noarch)0:svn29327.2.14-45.el7(noarch)0:svn15878.0-45.el7(noarch)0:svn15878.1.2b-45.el7(noarch)0:svn17470.v1.1.4-45.el7(noarch)0:svn21866.v1.5b-45.el7(noarch)0:svn28614.0-45.el7(noarch)0:svn24756.3.8m-45.el7(noarch)0:svn25245.1.31-45.el7(noarch)0:2012-45.20130427_r30134.el7(noarch)0:svn29349.3.26-45.el7(noarch)0:svn20031.0-45.el7(noarch)0:svn26689.0.99d-45.el7(x86_64)0:svn26509.0-45.20130427_r30134.el7(noarch)0:svn15878.1.1a-45.el7(noarch)0:svn29650.12.2-45.el7(noarch)0:svn15878.1.61803-45.el7(noarch)0:svn15878.1.30-45.el7(noarch)0:svn29026.3.3__2013_02_03_-45.el7(noarch)0:svn18258.0-45.el7(noarch)0:svn29349.3.5c-45.el7(noarch)0:svn15878.1.0c-45.el7(noarch)0:svn17157.1.0a-45.el7(noarch)0:svn19955.5.3-45.el7(noarch)0:svn26296.4.8.3-45.el7(noarch)0:svn29581.0-45.el7(noarch)0:svn28250.0.5-45.el7(noarch)0:svn26568.0-45.el7(noarch)0:svn14075.0-45.el7(noarch)0:svn26557.0-45.el7(noarch)0:svn26314.0-45.20130427_r30134.el7(noarch)0:svn17091.0-45.20130427_r30134.el7(noarch)0:svn28082.0-45.20130427_r30134.el7(noarch)0:svn28251.0-45.20130427_r30134.el7(noarch)0:svn25030.0-45.20130427_r30134.el7(noarch)0:svn25795.0-45.20130427_r30134.el7(noarch)0:svn29634.0-45.20130427_r30134.el7(noarch)0:svn25394.v1.0a-45.el7(noarch)0:svn15878.1.5-45.el7(noarch)0:svn24393.5.1d-45.el7(noarch)0:svn26694.1.23-45.el7(noarch)0:svn29012.0.7b-45.el7(noarch)0:svn19834.2.58-45.el7(noarch)0:svn26689.0.13.2d-45.el7(noarch)0:svn13663.0-45.20130427_r30134.el7(noarch)0:svn26765.0-45.el7(noarch)0:svn26689.1.14-45.el7(noarch)0:svn29585.0-45.el7(noarch)0:svn25033.1.0-45.el7(noarch)0:svn15878.1.1e-45.el7(noarch)0:svn28602.0-45.el7(noarch)0:svn24146.3.5.2-45.el7(noarch)0:svn21461.2.7.4-45.el7(noarch)0:svn26577.0-45.el7(noarch)0:svn18336.0-45.20130427_r30134.el7(noarch)0:svn21515.2.0c-45.el7(noarch)0:svn22198.2.1-45.el7(noarch)0:svn15878.2.0-45.el7(noarch)0:svn20922.2.1-45.el7(noarch)0:svn19795.0.1h-45.el7(noarch)0:svn17261.2.5-45.el7(noarch)0:svn22191.1.1-45.el7(noarch)0:svn17265.1.4_subrfix-45.el7(noarch)0:svn17263.1.4a-45.el7(noarch)0:svn18304.1.4-45.el7(noarch)0:svn15878.3.1-45.el7(noarch)0:svn15878.0.9c-45.el7(noarch)0:svn18492.2.8-45.el7(noarch)0:svn24250.1.3-45.el7(noarch)0:svn24280.0.5d-45.el7(noarch)0:svn17133.0-45.el7(noarch)0:svn21631.1a-45.el7(noarch)0:svn15878.1.3d-45.el7(noarch)0:svn28068.2.02-45.el7(noarch)0:svn20710.v1.34-45.el7(noarch)0:svn23608.0.2-45.el7(noarch)0:svn29412.v2.3a-45.el7(noarch)0:svn26689.0-45.el7(noarch)0:svn23330.5.5b-45.el7(noarch)0:svn15878.1.002-45.el7(noarch)0:svn26789.0.96-45.el7(noarch)0:svn19716.5.6-45.el7(noarch)0:svn28576.0-45.el7(noarch)0:svn25405.1.0o-45.el7(noarch)0:svn26689.1.19.2-45.el7(noarch)0:svn28213.6.83m-45.el7(noarch)0:svn29641.0-45.el7(noarch)0:svn29197.0-45.el7(noarch)0:svn15878.2.3c-45.el7(noarch)0:svn24853.1.2-45.el7(noarch)0:svn26725.1.3-45.el7(noarch)0:svn19363.1.2a-45.el7(noarch)0:svn23979.0-45.el7(noarch)0:svn29654.0.2-45.el7(noarch)0:svn19685.0.5-45.el7(noarch)0:svn24099.4.1beta-45.el7(noarch)0:svn23409.3.13-45.el7(noarch)0:svn3006.0-45.20130427_r30134.el7(noarch)0:svn19440.0-45.el7(noarch)0:svn27255.3.11b-45.el7(noarch)0:svn28792.0-45.el7(x86_64)0:svn27347.0-45.20130427_r30134.el7(i686|x86_64)0:2012-45.20130427_r30134.el7(noarch)0:svn29361.SVN_4467-45.el7(noarch)0:svn29409.SVN_4469-45.el7(noarch)0:svn28985.1.2l-45.el7(noarch)0:svn27907.0-45.el7(noarch)0:svn14050.0-45.20130427_r30134.el7(noarch)0:svn28888.0-45.el7(noarch)0:svn28991.0-45.el7(noarch)0:svn29391.1.64-45.el7(noarch)0:svn28119.2.004-45.el7(noarch)0:svn29044.1.958-45.el7(noarch)0:svn21927.0-45.el7(noarch)0:svn29349.0.7.0-45.el7(noarch)0:svn29346.1.2-45.el7(noarch)0:svn26718.1.26-45.el7(noarch)0:svn18579.0-45.20130427_r30134.el7(noarch)0:svn26689.0.70.1-45.el7(x86_64)0:svn26912.0-45.20130427_r30134.el7(noarch)0:svn22560.0.31-45.el7(noarch)0:svn26689.2.12-45.el7(noarch)0:svn25880.v1.1i-45.el7(noarch)0:svn29349.2.2a-45.el7(noarch)0:svn15878.1.003-45.el7(noarch)0:svn15878.0.2-45.el7(noarch)0:svn15878.1.05.4-45.el7(noarch)0:svn21638.3.6j_patch_6.0g-45.el7(noarch)0:svn26689.2.718281-45.el7(noarch)0:svn18611.0.12-45.el7(noarch)0:svn26689.1.212-45.el7(noarch)0:svn17487.0-45.el7(noarch)0:svn19410.0-45.el7(noarch)0:svn29420.0-45.el7(noarch)0:svn29392.2.5-45.el7(noarch)0:svn24955.0-45.el7(noarch)0:svn18651.1.4-45.el7(noarch)0:svn18674.0-45.20130427_r30134.el7(noarch)0:svn24467.0-45.el7(noarch)0:svn18302.1.42-45.el7(noarch)0:svn17256.1.6-45.el7(noarch)0:svn20668.8.31b-45.el7(noarch)0:svn15878.3.5-45.el7(noarch)0:svn26725.0-45.el7(noarch)0:svn19712.0.53-45.el7(noarch)0:svn15878.2.3b-45.el7(noarch)0:svn19963.2.0-45.el7(noarch)0:svn27574.0.4t-45.el7(noarch)0:svn29585.1.40.11-45.el7(x86_64)0:svn27321.0-45.20130427_r30134.el7(noarch)0:svn22653.0.06d-45.el7(noarch)0:svn22614.2.10-45.el7(noarch)0:svn18651.1.1-45.el7(noarch)0:svn19848.2.2-45.el7(noarch)0:svn26647.0-45.el7(noarch)0:svn26163.v1.2.1-45.el7(noarch)0:svn25656.1.4i-45.el7(noarch)0:svn16085.0-45.el7(noarch)0:svn15878.3.04-45.el7(noarch)0:svn16416.0-45.el7(noarch)0:svn23394.9.2a-45.el7(noarch)0:svn17257.1.10-45.el7(noarch)0:svn24020.1.06-45.el7(noarch)0:svn15878.1.0-45.el7(noarch)0:svn15878.1.01-45.el7(noarch)0:svn15878.1.06-45.el7(noarch)0:svn20176.0.61-45.el7(noarch)0:svn27799.1.25-45.el7(noarch)0:svn28729.1.44-45.el7(noarch)0:svn24391.1.31-45.el7(noarch)0:svn15878.1.00-45.el7(noarch)0:svn24142.1.12-45.el7(noarch)0:svn29678.2.39-45.el7(noarch)0:svn28750.3.59-45.el7(noarch)0:svn28124.1-45.el7(noarch)0:svn29423.0.3b-45.el7(noarch)0:svn16832.2.16b-45.el7(noarch)0:svn17997.1.1-45.el7(noarch)0:svn25923.0-45.20130427_r30134.el7(noarch)0:svn20180.0-45.el7(noarch)0:svn15878.2.0.2-45.el7(noarch)0:svn18322.1.5-45.el7(noarch)0:svn20186.2.0-45.el7(noarch)0:svn24881.6.7a-45.el7(noarch)0:svn27790.v0.3j-45.el7(noarch)0:svn15878.2.4-45.el7(noarch)0:svn22027.0-45.el7(noarch)0:svn15878.1.3-45.el7(noarch)0:svn15878.2.1.5-45.el7(noarch)0:svn18017.3.1862-45.el7(noarch)0:svn29349.0-45.el7(noarch)0:svn29585.3.0-45.el7(noarch)0:svn27344.0-45.20130427_r30134.el7(noarch)0:svn26689.3.1415926-45.el7(noarch)0:svn18651.2.004-45.el7(noarch)0:svn29045.0-45.el7(noarch)0:svn29474.0-45.el7(noarch)0:svn28217.0-45.el7(x86_64)0:svn22566.0-45.20130427_r30134.el7(noarch)0:svn28261.1.7h-45.el7(noarch)0:svn29349.0.5.1-45.el7(noarch)0:svn17383.0-45.el7(noarch)0:svn26689.3.15-45.el7(noarch)0:svn6898.0-45.20130427_r30134.el7(noarch)0:svn29349.1.3-45.el7(noarch)0:svn24852.2.10.0-45.el7(noarch)0:svn15878.2.1d-45.el7(noarch)0:svn20084.2.3e-45.el7(noarch)0:svn26263.0-45.el7(noarch)0:svn21820.0-45.el7(noarch)0:svn17134.0-45.el7(noarch)0:svn27820.2.0-45.el7(noarch)0:svn27549.2.1-45.el7(noarch)0:svn16791.0-45.el7(noarch)0:svn26785.0-45.el7(noarch)0:svn18261.0-45.el7(noarch)0:svn29413.0.7d-45.el7(noarch)0:svn22357.0.92-45.el7(noarch)0:svn16864.3.2-45.el7(noarch)0:svn24104.0.92-45.el7(noarch)0:svn22576.0-45.el7(noarch)0:svn21439.0-45.el7(noarch)0:svn22048.3.6-45.el7(noarch)0:svn15878.2.11-45.el7(noarch)0:svn26689.22.85-45.el7(noarch)0:svn28816.3.1.2-45.el7(noarch)0:svn29660.0.1-45.el7(noarch)0:svn20221.1.1-45.el7(noarch)0:svn16760.0.2-45.el7(noarch)0:svn29661.12.1-45.el7(noarch)0:svn16041.0-45.el7(noarch)0:svn26330.0.9997.5-45.el7(noarch)0:svn29154.0.95-45.el7(noarch)0:svn24105.4.0-45.el7(noarch)0:svn17055.0-45.el7(noarch)0:svn28847.0.1-45.el7(noarch)0:svn28819.0-45.el7(noarch)0:svn27995.2.6a-45.el7(noarch)0:svn19809.0.5e-45.el7(noarch)0:svn28273.0.8-45.el7(noarch)0:svn29258.1.7a-45.el7(noarch)0:svn23347.2.3f-45.el7(noarch)0:svn23897.0.981-45.el7(noarch)0:1.8.3.1-20.el7(x86_64)0:1.8.3.1-20.el7(i686|x86_64)0:0.13.62-12.el7(x86_64)0:0.13.62-12.el7(x86_64)0:3.10.0-957.10.1.el7(noarch)0:3.10.0-957.10.1.el7(x86_64)0:5.7.2-47.el7(i686|x86_64)0:5.7.2-47.el7(noarch)0:2.6.0-5.el7(x86_64)0:5.16.3-294.el7_6(noarch)0:1.9800-294.el7_6(noarch)0:0.28.2.6-294.el7_6(noarch)0:1.30-294.el7_6(noarch)0:1.58-294.el7_6(noarch)0:1.10-294.el7_6(noarch)0:0.21-294.el7_6(noarch)0:2.76.02-294.el7_6(noarch)0:0.08-294.el7_6(noarch)0:0.42-294.el7_6(noarch)0:0.02-294.el7_6(noarch)0:1.04-294.el7_6(x86_64)0:1.20.1-294.el7_6(i686|x86_64)0:5.16.3-294.el7_6(i686|x86_64)0:60.5.1-1.el7_6(x86_64)0:6.0-20.el70:6-16.2-0(x86_64)0:3.10.0-957.5.1.el7(noarch)0:3.10.0-957.5.1.el7(i686|x86_64)0:60.5.0-2.el7(i686|x86_64)0:60.6.0-3.el7_6(x86_64)0:60.6.1-1.el7_6(i686|x86_64)0:60.7.0-1.el7_6(x86_64)0:60.7.0-1.el7_6(i686|x86_64)0:0.5-0.7.alpha.el7(noarch)0:0.19.8.1-3.el7(x86_64)0:0.19.8.1-3.el7(i686|x86_64)0:0.19.8.1-3.el7(x86_64)0:1.3.5-16.el7(x86_64)0:1.3.5-8.el7_6(i686|x86_64)0:0.7.5-10.el7(i686|x86_64)0:0.10.0-2.el7(noarch)0:0.10.0-2.el7(x86_64)0:0.10.0-2.el7(x86_64)0:4.9.2-4.el7_7.1(i686|x86_64)0:1.0.25-12.el7(x86_64)0:1.0.25-12.el7(i686|x86_64)0:0.112-22.el7(noarch)0:0.112-22.el7(noarch)0:1.10.2-7.el7(noarch)0:15.1.0-4.el7_8(noarch)0:9.0.3-7.el7_8(i686|x86_64)0:0.6.34-4.el7(x86_64)0:0.6.34-4.el7(i686|x86_64)0:7.4p1-23.el7_9.3(i686|x86_64)0:0.10.3-2.23.el7_9.3(i686|x86_64)0:2.1.0-12.el7(x86_64)0:2.7.5-88.el7(i686|x86_64)0:2.7.5-88.el7(i686|x86_64)0:3.6.8-13.el7(x86_64)0:3.10.0-1062.4.1.el7(noarch)0:3.10.0-1062.4.1.el7(x86_64)0:2.7.1-12.el7_7(x86_64)0:3.28.2-9.el7(i686|x86_64)0:0.26.5-42.el7(x86_64)0:0.26.5-42.el7(i686|x86_64)0:0.3.0-10.el7_9(x86_64)0:0.3.0-10.el7_9(i686|x86_64)0:5.9.7-2.el7_9(noarch)0:5.9.7-2.el7_90:4.12.14-95.68.10:14-2.2-00:4.12.14-95.71.10:13-2.2-00:4.12.14-95.74.10:10-2.2-00:4.12.14-95.77.10:9-2.2-00:4.12.14-95.80.10:4.12.14-95.83.20:4.12.14-95.83.20:4.12.14-150.66.10:4.12.14-150.69.10:4.12.14-150.72.10:4.12.14-150.75.10:4.12.14-150.78.10:4.12.14-150.78.1(i686|x86_64)0:1.2.7-20.el7_9(x86_64)0:1.7.0.171-2.6.13.0.el7_4(noarch)0:1.7.0.171-2.6.13.0.el7_4(i686|x86_64)0:1.8.0.161-0.b14.el7_4(noarch)0:1.8.0.161-0.b14.el7_4(x86_64)0:1.7.0.181-2.6.14.5.el7(noarch)0:1.7.0.181-2.6.14.5.el7(i686|x86_64)0:1.8.0.171-7.b10.el7(noarch)0:1.8.0.171-7.b10.el7(x86_64)0:1.7.0.191-2.6.15.4.el7_5(noarch)0:1.7.0.191-2.6.15.4.el7_5(i686|x86_64)0:1.8.0.181-3.b13.el7_5(noarch)0:1.8.0.181-3.b13.el7_5(x86_64)0:5.5.64-1.el7(i686|x86_64)0:5.5.64-1.el7(x86_64)0:1.7.0.201-2.6.16.1.el7_6(noarch)0:1.7.0.201-2.6.16.1.el7_6(i686|x86_64)0:1.8.0.191.b12-0.el7_5(noarch)0:1.8.0.191.b12-0.el7_5(i686|x86_64)0:11.0.1.13-3.el7_6(x86_64)0:1.7.0.181-2.6.14.8.el7_5(noarch)0:1.7.0.181-2.6.14.8.el7_5(i686|x86_64)0:1.8.0.171-8.b10.el7_5(noarch)0:1.8.0.171-8.b10.el7_5(x86_64)0:3.9.0-14.el7_5.6(i686|x86_64)0:3.9.0-14.el7_5.6(x86_64)0:1.5.3-156.el7_5.30:5-2.5-00:4-2.5-00:2-2.5-00:10-2.5-00:9-2.5-0(x86_64)0:3.10.0-862.3.3.el7(noarch)0:3.10.0-862.3.3.el7(x86_64)0:1.6.3-43.el7(i686|x86_64)0:1.6.3-43.el7(noarch)0:1.6.3-43.el7(i686|x86_64)0:52.6.0-1.el7_4(x86_64)0:52.6.0-1.el7_4(i686|x86_64)0:52.7.0-1.el7_4(x86_64)0:52.7.0-1.el7_4(i686|x86_64)0:52.7.2-1.el7_4(i686|x86_64)0:1.3.3-8.el7.1(noarch)0:1.3.3-8.el7.1(i686|x86_64)0:52.7.3-1.el7_5(i686|x86_64)0:52.8.0-1.el7_5(x86_64)0:52.8.0-1.el7_5(x86_64)0:0.7-4.el7_4(i686|x86_64)0:0.7-4.el7_4(i686|x86_64)0:0.99.22.4-5.el7_4(x86_64)0:0.99.22.4-5.el7_4(noarch)0:39.31.5.1-72.el7(noarch)0:18.168.6.1-72.el7(noarch)0:22.0.7.0-72.el7(noarch)0:15.32.2.9-72.el7(noarch)0:228.61.2.24-72.el7(noarch)0:8.83.5.1_1-72.el7(noarch)0:8.24.2.2-72.el7(noarch)0:9.221.4.1-72.el7(noarch)0:17.168.5.3-72.el7(noarch)0:17.168.5.2-72.el7(noarch)0:41.28.5.1-72.el7(noarch)0:20190429-72.gitddde598.el7(x86_64)0:1.0.2k-16.el7_6.1(i686|x86_64)0:1.0.2k-16.el7_6.1(i686|x86_64)0:1.15.1-34.el7(x86_64)0:1.15.1-34.el7(x86_64)0:4.2.5-58.el7_4.3(i686|x86_64)0:4.2.5-58.el7_4.3(x86_64)0:9.9.4-61.el7_5.1(i686|x86_64)0:9.9.4-61.el7_5.1(noarch)0:9.9.4-61.el7_5.1(x86_64)0:9.11.4-9.P2.el7(i686|x86_64)0:9.11.4-9.P2.el7(noarch)0:9.11.4-9.P2.el7(x86_64)0:9.9.4-73.el7_6(i686|x86_64)0:9.9.4-73.el7_6(noarch)0:9.9.4-73.el7_6(x86_64)0:9.9.4-74.el7_6.1(i686|x86_64)0:9.9.4-74.el7_6.1(noarch)0:9.9.4-74.el7_6.1(x86_64)0:9.11.4-16.P2.el7(i686|x86_64)0:9.11.4-16.P2.el7(noarch)0:9.11.4-16.P2.el7(i686|x86_64)0:4.10.5-5.el70:12-2.1-00:4.4.132-94.33.10:7-19.2-0(x86_64)0:2.1.15-26.el7_4.1(x86_64)0:0.8.8-4.el7_5(x86_64)0:4.5.0-10.el7(i686|x86_64)0:4.5.0-10.el7(x86_64)0:4.11.19-13.el7(noarch)0:19-23.9.el7(i686|x86_64)0:4.11.19-13.el7(noarch)0:4.11.19-13.el7(i686|x86_64)0:4.14.8-10.el7(noarch)0:4.14.8-10.el7(x86_64)0:4.14.8-10.el7(x86_64)0:4.10.5-4.el7(x86_64)0:6.1.6-7.el7(i686|x86_64)0:0.9.9-12.el7_5(i686|x86_64)0:2.3.1-14.el7(i686|x86_64)0:3.9.4-12.el7(i686|x86_64)0:0.13.62-9.el7(x86_64)0:0.13.62-9.el7(x86_64)0:1.5.3-156.el7_5.1(noarch)0:1.7.4-4.el7_4(x86_64)0:1.0.2-15.el7_6.1(i686|x86_64)0:1.0.2-15.el7_6.10:6-15.2-00:4.12.14-120.1(x86_64)0:3.10.0-1062.4.3.el7(noarch)0:3.10.0-1062.4.3.el7(x86_64)0:2.4.6-90.el7(noarch)0:2.4.6-90.el7(x86_64)0:18.2-1.el7_6.2(x86_64)0:1.0.2-5.el7_6(x86_64)0:1.0.0-5.el7_6(noarch)0:1.8.3-15.el7_7(i686|x86_64)0:1.42.4-4.el7_7(x86_64)0:1.42.4-4.el7_7(i686|x86_64)0:0.5-0.8.alpha.el7(x86_64)0:4.5.0-10.el7_6.10(i686|x86_64)0:4.5.0-10.el7_6.10(x86_64)0:3.0.13-15.el7(i686|x86_64)0:3.0.13-15.el7(noarch)0:10.5.18-12.el7_9(x86_64)0:10.5.18-12.el7_9(x86_64)0:4.2.1-24.el7(x86_64)0:2.7.5-80.el7_6(i686|x86_64)0:2.7.5-80.el7_6(x86_64)0:4.5.0-10.el7_6.12(i686|x86_64)0:4.5.0-10.el7_6.12(x86_64)0:1.7.1-2.el7_6(noarch)0:1.7.1-2.el7_6(x86_64)0:4.6.5-11.el7_7.4(noarch)0:4.6.5-11.el7_7.4(x86_64)0:4.10.4-10.el7(i686|x86_64)0:4.10.4-10.el7(noarch)0:4.10.4-10.el7(i686|x86_64)0:9.2.24-6.el7_9(x86_64)0:9.2.24-6.el7_9(i686|x86_64)0:9.25-2.el7_7.1(x86_64)0:9.25-2.el7_7.1(noarch)0:9.25-2.el7_7.10:4.12.14-95.13.10:6-2.5-00:4.12.14-95.16.10:4.12.14-150.14.20:6-2.3-00:4.12.14-150.17.1(x86_64)0:5.4.16-46.1.el7_7(i686|x86_64)0:1.1.28-6.el7(x86_64)0:1.1.28-6.el7(i686|x86_64)0:2.28.2-2.el7(noarch)0:2.28.2-2.el70:5-2.13.1-0(x86_64)0:1.5.3-167.el7_7.4(x86_64)0:3.0.13-10.el7_6(i686|x86_64)0:3.0.13-10.el7_6(x86_64)0:3.10.0-1062.1.1.el7(noarch)0:3.10.0-1062.1.1.el7(x86_64)0:0.9.169-3.el7_9.30:4.4.175-94.79.10:4.4.176-94.88.10:4.4.178-94.91.20:4.4.178-94.91.20:6-2.16.1-00:4-10.1-00:4.12.14-195.1(x86_64)0:3.10.0-957.21.3.el7(noarch)0:3.10.0-957.21.3.el70:4.4.180-94.97.10:4.4.180-94.97.1(x86_64)0:3.10.0-1062.18.1.el7(noarch)0:3.10.0-1062.18.1.el7(i686|x86_64)0:2.2.36-3.el7_7.1(x86_64)0:2.2.36-3.el7_7.1(x86_64)0:60.7.2-2.el7_6(i686|x86_64)0:60.7.2-1.el7_6(i686|x86_64)0:60.8.0-1.el7_6(x86_64)0:60.8.0-1.el7_6(i686|x86_64)0:4.25.0-2.el7_9(i686|x86_64)0:3.53.1-3.el7_9(i686|x86_64)0:3.53.1-6.el7_9(x86_64)0:3.53.1-3.el7_9(i686|x86_64)0:3.53.1-1.el7_9(i686|x86_64)0:3.44.0-7.el7_7(i686|x86_64)0:3.44.0-8.el7_7(x86_64)0:3.44.0-7.el7_7(i686|x86_64)0:3.44.0-4.el7_7(i686|x86_64)0:60.9.0-1.el7_7(x86_64)0:60.9.0-1.el7_7(i686|x86_64)0:68.2.0-1.el7_7(x86_64)0:68.2.0-1.el7_7(x86_64)0:1.5.3-167.el7_7.1(x86_64)0:12.1.0-6.el7(x86_64)0:3.4.0-6.el7(i686|x86_64)0:2.56.1-7.el7(noarch)0:2.56.1-7.el7(x86_64)0:2.56.1-7.el7(i686|x86_64)0:1.5.17-11.el7(noarch)0:1.5.17-11.el7(x86_64)0:3.5.20-15.el7_8.1(x86_64)0:3.5.20-17.el7_9.4(x86_64)0:7.4.160-6.el7_6(noarch|x86_64)0:7.4.160-6.el7_6(x86_64)0:1.10.24-15.el7(i686|x86_64)0:1.10.24-15.el7(noarch)0:1.10.24-15.el7(i686|x86_64)0:1.0.1-9.el70:3-7.2-00:4.12.14-197.4.1(x86_64)0:0.14.0-8.el7(x86_64)0:6.0-21.el7(i686|x86_64)0:1.1.0-5.el7(x86_64)0:1.1.0-5.el7(i686|x86_64)0:1.2.15-14.el7_7(x86_64)0:3.7.17-8.el7_7.1(i686|x86_64)0:3.7.17-8.el7_7.1(noarch)0:3.7.17-8.el7_7.1(noarch)0:1.8.3.1-21.el7_7(x86_64)0:1.8.3.1-21.el7_7(x86_64)0:1.8.23-4.el7_7.1(i686|x86_64)0:1.8.23-4.el7_7.1(x86_64)0:3.28.2-10.el7(i686|x86_64)0:3.28.2-10.el7(i686|x86_64)0:0.26.5-43.el7(x86_64)0:0.26.5-43.el7(noarch)0:19-23.10.el7_7(i686|x86_64)0:4.14.8-11.el7_7(noarch)0:4.14.8-11.el7_7(x86_64)0:4.14.8-11.el7_7(i686|x86_64)0:9.25-2.el7_7.2(x86_64)0:9.25-2.el7_7.2(noarch)0:9.25-2.el7_7.2(x86_64)0:3.10.0-1062.12.1.el7(noarch)0:3.10.0-1062.12.1.el7(x86_64)0:3.10.0-1062.7.1.el7(noarch)0:3.10.0-1062.7.1.el7(x86_64)0:4.4.6-3.el7_7(x86_64)0:1.3.9.1-12.el7_7(x86_64)0:2.76-16.el70:7-2.19.1-00:6-16.1-0(x86_64)0:3.10.0-1062.1.2.el7(noarch)0:3.10.0-1062.1.2.el7(x86_64)0:1.8.8-7.el7(x86_64)0:2.11-28.el7(x86_64)0:20120801-140.el7_7(i686|x86_64)0:9.25-2.el7_7.3(x86_64)0:9.25-2.el7_7.3(noarch)0:9.25-2.el7_7.30:4.12.14-95.45.10:4.12.14-197.29.1(i686|x86_64)0:1.2.15-15.el7_7(x86_64)0:4.10.16-5.el7(i686|x86_64)0:4.10.16-5.el7(noarch)0:4.10.16-5.el7(i686|x86_64)0:4.0.3-35.el7(x86_64)0:4.0.3-35.el70:4.12.14-197.18.10:4.12.14-95.29.10:4.12.14-150.32.1(i686|x86_64)0:2.7.1-8.el7_7.2(i686|x86_64)0:0.9.9-14.el7_7(x86_64)0:1.8.0-21.el7(noarch)0:1.8.0-21.el7(i686|x86_64)0:1.3.2-16.el70:4-2.2-00:4.12.14-95.54.10:4.12.14-95.54.10:4.12.14-150.52.10:4.12.14-150.52.1(i686|x86_64)0:2.0.0-20.gitd1c6db8.el7_7(x86_64)0:2.0.0-20.gitd1c6db8.el7_7(x86_64)0:2.7.5-89.el7(i686|x86_64)0:2.7.5-89.el7(i686|x86_64)0:3.6.8-17.el7(i686)0:68.3.0-1.el7_7(x86_64)0:68.3.0-1.el7_7(i686|x86_64)0:68.4.1-1.el7_7(x86_64)0:68.4.1-2.el7_7(x86_64)0:8.24.0-52.el7(noarch)0:8.24.0-52.el70:8-2.22.1-00:7-19.1-0(x86_64)0:0.27.0-3.el7_8(i686|x86_64)0:0.27.0-3.el7_8(noarch)0:0.27.0-3.el7_8(i686|x86_64)0:1.8.0-4.el7(noarch)0:1.8.0-4.el7(noarch)0:7.0.76-15.el7(x86_64)0:2.5-9.el7_7.1(x86_64)0:3.10.0-1160.11.1.el7(noarch)0:3.10.0-1160.11.1.el7(i686|x86_64)0:1.0.2-1.el7_7.1(x86_64)0:3.1.2-14.el7_7(i686|x86_64)0:3.1.2-14.el7_7(i686|x86_64)0:0.8.0-3.el7(x86_64)0:0.8.0-3.el7(x86_64)0:1.8.23-4.el7_7.2(i686|x86_64)0:1.8.23-4.el7_7.2(i686|x86_64)0:2.17-317.el7(x86_64)0:2.17-317.el7(x86_64)0:2.5-11.el7_9(x86_64)0:3.10.0-1127.18.2.el7(noarch)0:3.10.0-1127.18.2.el7(x86_64)0:3.10.0-1160.21.1.el7(noarch)0:3.10.0-1160.21.1.el7(i686|x86_64)0:2.9.1-6.el7.5(x86_64)0:2.9.1-6.el7.5(x86_64)0:5.0.2-34.el7_7.2(i686|x86_64)0:219-78.el7(x86_64)0:219-78.el7(x86_64)0:4.5.0-36.el7(i686|x86_64)0:4.5.0-36.el7(i686|x86_64)0:68.6.0-1.el7_7(x86_64)0:68.6.0-1.el7_7(x86_64)0:3.10.0-1160.6.1.el7(noarch)0:3.10.0-1160.6.1.el7(x86_64)0:2.7.5-90.el7(i686|x86_64)0:2.7.5-90.el7(i686|x86_64)0:3.6.8-18.el7(noarch)0:15.1.0-7.el7_9(x86_64)0:3.10.0-1160.36.2.el7(noarch)0:3.10.0-1160.36.2.el7(x86_64)0:1.7.0.211-2.6.17.1.el7_6(noarch)0:1.7.0.211-2.6.17.1.el7_6(i686|x86_64)0:1.8.0.201.b09-0.el7_6(noarch)0:1.8.0.201.b09-0.el7_6(i686|x86_64)0:11.0.2.7-0.el7_6(i686|x86_64)0:2.17-322.el7_9(x86_64)0:2.17-322.el7_9(x86_64)0:1.7.0.221-2.6.18.0.el7_6(noarch)0:1.7.0.221-2.6.18.0.el7_6(i686|x86_64)0:1.8.0.212.b04-0.el7_6(noarch)0:1.8.0.212.b04-0.el7_6(i686|x86_64)0:11.0.3.7-0.el7_6(x86_64)0:5.5.65-1.el7(i686|x86_64)0:5.5.65-1.el7(x86_64)0:1.7.0.231-2.6.19.1.el7_6(noarch)0:1.7.0.231-2.6.19.1.el7_6(i686|x86_64)0:1.8.0.222.b10-0.el7_6(noarch)0:1.8.0.222.b10-0.el7_6(i686|x86_64)0:11.0.4.11-0.el7_6(x86_64)0:1.7.0.241-2.6.20.0.el7_7(noarch)0:1.7.0.241-2.6.20.0.el7_7(i686|x86_64)0:1.8.0.232.b09-0.el7_7(noarch)0:1.8.0.232.b09-0.el7_7(i686|x86_64)0:11.0.5.10-0.el7_7(x86_64)0:5.5.68-1.el7(i686|x86_64)0:5.5.68-1.el7(x86_64)0:4.3.2-12.el7(i686|x86_64)0:4.3.2-12.el7(noarch)0:4.3.2-12.el7(x86_64)0:0.14.0-6.el7_6.1(i686|x86_64)0:2.2.36-6.el7(x86_64)0:2.2.36-6.el7(i686|x86_64)0:219-62.el7_6.3(x86_64)0:219-62.el7_6.3(i686|x86_64)0:2.6.3-6.git4391e5c.el7_6(x86_64)0:2.6.3-6.git4391e5c.el7_6(i686|x86_64)0:0.19.4-1.el7(x86_64)0:0.6.50-7.el7(i686|x86_64)0:0.6.50-7.el7(x86_64)0:1.3.4-2.el7(i686|x86_64)0:1.3.4-2.el7(noarch)0:1.3.4-2.el7(i686|x86_64)0:3.28.1-6.el7(x86_64)0:3.28.1-6.el7(i686|x86_64)0:3.28.2-22.el7(noarch)0:3.28.1-11.el7(i686|x86_64)0:3.28.1-8.el7(x86_64)0:3.28.3-24.el7(noarch)0:3.28.1-7.el7(i686|x86_64)0:3.28.0-3.el7(x86_64)0:3.22.30-5.el7(i686|x86_64)0:3.22.30-5.el7(i686|x86_64)0:0.30-9.el7(i686|x86_64)0:3.28.2-3.el7(i686|x86_64)0:3.28.3-20.el7(i686|x86_64)0:3.26.3.1-7.el7(noarch)0:20190805-2.el7(x86_64)0:1.8-5.el7(i686|x86_64)0:1.10.5-8.el7(noarch)0:1.10.5-8.el7(x86_64)0:1.10.5-8.el7(x86_64)0:2.8.8-25.el7(i686|x86_64)0:1.36.2-3.el7(x86_64)0:1.36.2-3.el7(i686|x86_64)0:2.6.3-7.git4391e5c.el7(x86_64)0:2.6.3-7.git4391e5c.el7(i686|x86_64)0:9.07-31.el7_6.10(x86_64)0:9.07-31.el7_6.10(noarch)0:9.07-31.el7_6.10(i686|x86_64)0:9.07-31.el7_6.11(x86_64)0:9.07-31.el7_6.11(noarch)0:9.07-31.el7_6.11(x86_64)0:4.5.0-23.el7(i686|x86_64)0:4.5.0-23.el7(i686|x86_64)0:1.4.3-12.el7_6.2(noarch)0:1.4.3-12.el7_6.2(noarch)0:1.8.0-3.el7(i686|x86_64)0:1.4.3-12.el7_6.3(noarch)0:1.4.3-12.el7_6.3(x86_64)0:0.14.0-2.el7_6.4(x86_64)0:4.9.1-6.el7(i686|x86_64)0:4.9.1-6.el7(noarch)0:4.9.1-6.el7(x86_64)0:1.3.8.4-25.1.el7_6(x86_64)0:1.42.9-19.el7(i686|x86_64)0:1.42.9-19.el70:3-6.2-00:10-28.2-0(x86_64)0:7.29.0-57.el7(i686|x86_64)0:7.29.0-57.el7(x86_64)0:7.29.0-59.el7(i686|x86_64)0:7.29.0-59.el7(i686|x86_64)0:2.0.0-8.el7_7(x86_64)0:2.0.0-8.el7_7(x86_64)0:1.14-18.el7_6.1(x86_64)0:7.4p1-16.el7.PTF.1122802.1(i686|x86_64)0:0.10.3-2.16.el7.PTF.1122802.1(i686|x86_64)0:0.112-18.el7_6.1(noarch)0:0.112-18.el7_6.1(i686|x86_64)0:219-62.el7_6.5(x86_64)0:219-62.el7_6.5(x86_64)0:4.2.5-77.el7(i686|x86_64)0:4.2.5-77.el7(x86_64)0:1.5.3-160.el7_6.30:4-2.10.2-0(x86_64)0:3.10.0-957.12.1.el7(noarch)0:3.10.0-957.12.1.el7(i686|x86_64)0:0.2.8.4-44.el7(i686|x86_64)0:1.2.15-17.el7(x86_64)0:1.0.2-4.el7_6(x86_64)0:1.0.0-4.el7_6(x86_64)0:2.0.0.648-35.el7_6(noarch)0:2.0.0.648-35.el7_6(i686|x86_64)0:2.0.0.648-35.el7_6(x86_64)0:1.2.0-35.el7_6(x86_64)0:0.4.2-35.el7_6(x86_64)0:1.7.7-35.el7_6(noarch)0:4.3.2-35.el7_6(x86_64)0:2.0.0-35.el7_6(noarch)0:0.9.6-35.el7_6(noarch)0:4.0.0-35.el7_6(noarch)0:2.0.14.1-35.el7_6(x86_64)0:1.15-21.el7(x86_64)0:1.15-22.el70:4.4.175-94.79.1(i686|x86_64)0:0.6.22-1.el7(x86_64)0:0.6.22-1.el70:4.12.14-95.48.10:4.12.14-197.37.1(x86_64)0:2.7.5-77.el7_6(i686|x86_64)0:2.7.5-77.el7_6(x86_64)0:7.2-3.el7(i686|x86_64)0:60.6.1-1.el7_6(x86_64)0:1.5.3-167.el7(x86_64)0:4.2.46-34.el70:4.12.14-95.57.10:4.12.14-95.60.10:4.12.14-95.60.10:4.12.14-150.55.10:4.12.14-150.58.10:4.12.14-150.58.10:7-18.2-00:4.12.14-197.40.10:4.12.14-150.63.10:4.12.14-150.69.1(i686|x86_64)0:0.6.22-2.el7_9(x86_64)0:0.6.22-2.el7_90:4.12.14-95.65.10:4.12.14-95.65.10:4.12.14-122.23.10:4.12.14-122.26.10:4.12.14-122.29.10:4.12.14-122.32.10:4.12.14-122.37.10:4.12.14-122.41.10:4.12.14-122.46.10:4.12.14-122.51.20:4.12.14-122.54.10:4.12.14-122.54.10:4.12.14-150.63.10:4.12.14-197.45.10:4.12.14-197.48.10:4.12.14-197.51.10:4.12.14-197.56.10:4.12.14-197.61.10:4.12.14-197.64.10:4.12.14-197.67.10:4.12.14-197.72.10:4.12.14-197.75.10:4.12.14-197.75.10:5.3.18-22.20:7-5.2-00:5.3.18-24.12.10:5.3.18-24.15.10:5.3.18-24.9.10:5.3.18-24.9.1(x86_64)0:3.10.0-1160.59.1.el7(noarch)0:3.10.0-1160.59.1.el70:5.3.18-24.24.10:5.3.18-24.29.20:5.3.18-24.34.10:5.3.18-24.37.10:5.3.18-24.43.2(x86_64)0:2.1-73.11.el7_9(x86_64)0:5.44-7.el7(i686|x86_64)0:5.44-7.el7(i686|x86_64)0:5.9.7-4.el7(noarch)0:5.9.7-4.el7(x86_64)0:5.9.7-4.el7(x86_64)0:12.1.0-7.el7_8(x86_64)0:0.17-65.el7_8(x86_64)0:50.2-4.el7_7(i686|x86_64)0:50.2-4.el7_7(noarch)0:50.2-4.el7_7(x86_64)0:5.16.3-299.el7_9(noarch)0:1.9800-299.el7_9(noarch)0:0.28.2.6-299.el7_9(noarch)0:1.30-299.el7_9(noarch)0:1.58-299.el7_9(noarch)0:1.10-299.el7_9(noarch)0:0.21-299.el7_9(noarch)0:2.76.02-299.el7_9(noarch)0:0.08-299.el7_9(noarch)0:0.42-299.el7_9(noarch)0:0.02-299.el7_9(noarch)0:1.04-299.el7_9(x86_64)0:1.20.1-299.el7_9(i686|x86_64)0:5.16.3-299.el7_9(x86_64)0:1.18.8-1.el7(noarch)0:1.18.8-1.el7(i686|x86_64)0:1.18.8-1.el7(x86_64)0:1.6.6-5.el7_8(i686|x86_64)0:1.6.6-5.el7_8(noarch)0:1.8.3.1-23.el7_8(x86_64)0:1.8.3.1-23.el7_8(x86_64)0:2.1.1-2.el7(i686|x86_64)0:2.1.1-2.el7(x86_64)0:4.2.1-41.el7_9.2(x86_64)0:4.1.1-61.el7_9.4(x86_64)0:1.7.1-8.el7(i686|x86_64)0:1.7.1-8.el7(x86_64)0:4.2.6p5-29.el7_8.2(noarch)0:4.2.6p5-29.el7_8.2(x86_64)0:1.10.24-14.el7_8(i686|x86_64)0:1.10.24-14.el7_8(noarch)0:1.10.24-14.el7_8(i686|x86_64)0:2.2.36-6.el7_8.1(x86_64)0:2.2.36-6.el7_8.1(i686|x86_64)0:2.4.44-22.el7(x86_64)0:2.4.44-22.el7(noarch)0:39.31.5.1-80.el7_9(noarch)0:18.168.6.1-80.el7_9(noarch)0:25.30.13.0-80.el7_9(noarch)0:15.32.2.9-80.el7_9(noarch)0:228.61.2.24-80.el7_9(noarch)0:8.83.5.1_1-80.el7_9(noarch)0:8.24.2.2-80.el7_9(noarch)0:9.221.4.1-80.el7_9(noarch)0:41.28.5.1-80.el7_9(noarch)0:20200421-80.git78c0348.el7_90:4.12.14-197.61.1(x86_64)0:3.10.0-1160.31.1.el7(noarch)0:3.10.0-1160.31.1.el7(i686|x86_64)0:68.8.0-1.el7_8(x86_64)0:68.8.0-1.el7_8(x86_64)0:68.9.0-1.el7_8(i686|x86_64)0:68.9.0-1.el7_8(i686|x86_64)0:68.10.0-1.el7_8(x86_64)0:68.10.0-1.el7_8(i686|x86_64)0:78.3.0-1.el7_90:4-9.1-00:11-31.2-0(x86_64)0:1.6.6-4.el7_8(i686|x86_64)0:1.6.6-4.el7_8(i686|x86_64)0:0.6.12-6.el7_9(x86_64)0:3.10.0-1127.13.1.el7(noarch)0:3.10.0-1127.13.1.el7(i686|x86_64)0:0.6.21-7.el7_8(x86_64)0:0.6.21-7.el7_8(x86_64)0:2.0.0-4.rc4.el7_8.1(i686|x86_64)0:2.0.0-4.rc4.el7_8.1(noarch)0:9.2.1002-8.el7_8(x86_64)0:1.5.3-175.el7_9.3(noarch)0:2.1.53-1.el7_9(noarch)0:2.1.74-1.el7_9(x86_64)0:4.10.16-9.el7_9(i686|x86_64)0:4.10.16-9.el7_9(noarch)0:4.10.16-9.el7_90:4.12.14-95.57.10:4.12.14-150.55.10:4.12.14-197.51.10:2-5.2-00:2-2.3-0(x86_64)0:1.20.4-12.el7_9(i686|x86_64)0:1.20.4-12.el7_9(noarch)0:1.20.4-12.el7_9(x86_64)0:1.20.4-15.el7_9(i686|x86_64)0:1.20.4-15.el7_9(noarch)0:1.20.4-15.el7_9(i686|x86_64)0:1.8.1-8.el7_9(x86_64)0:1.8.1-8.el7_9(i686|x86_64)0:0.35-5.el7_9.1(x86_64)0:0.35-5.el7_9.1(x86_64)0:0.14.0-9.el7_9.1(i686|x86_64)0:1.6.7-3.el7_9(noarch)0:1.6.7-3.el7_9(x86_64)0:1.5.3-175.el7_9.1(x86_64)0:2.02-0.87.el7_9.2(noarch)0:2.02-0.87.el7_9.20:4.12.14-197.56.1(i686|x86_64)0:1.8.0.262.b10-0.el7_8(noarch)0:1.8.0.262.b10-0.el7_8(i686|x86_64)0:11.0.8.10-0.el7_8(i686|x86_64)0:1.8.0.272.b10-1.el7_9(noarch)0:1.8.0.272.b10-1.el7_9(i686|x86_64)0:11.0.9.11-0.el7_9(x86_64)0:3.10.0-1160.15.2.el7(noarch)0:3.10.0-1160.15.2.el7(i686|x86_64)0:68.11.0-1.el7_8(x86_64)0:68.11.0-1.el7_8(i686|x86_64)0:68.12.0-1.el7_8(x86_64)0:68.12.0-1.el7_8(x86_64)0:78.3.1-1.el7_9(i686|x86_64)0:78.4.0-1.el7_9(x86_64)0:78.4.0-1.el7_9(x86_64)0:78.7.0-1.el7_90:4.12.14-197.45.10:5.3.18-22.2(x86_64)0:5.7.2-49.el7_9.1(i686|x86_64)0:5.7.2-49.el7_9.1(i686|x86_64)0:2.8-14.el7_9.1(x86_64)0:2.8-14.el7_9.1(i686|x86_64)0:78.5.0-1.el7_9(x86_64)0:78.5.0-1.el7_9(i686|x86_64)0:78.6.0-1.el7_9(x86_64)0:78.6.0-1.el7_9(i686|x86_64)0:78.6.1-1.el7_9(x86_64)0:78.6.1-1.el7_9(i686|x86_64)0:4.8.7-9.el7_9(x86_64)0:4.8.7-9.el7_9(noarch)0:4.8.7-9.el7_9(i686|x86_64)0:5.9.7-5.el7_9(noarch)0:5.9.7-5.el7_9(x86_64)0:5.9.7-5.el7_9(noarch)0:7.0.76-16.el7_9(noarch)0:7.0.76-11.el7_7(x86_64)0:1.0.2k-21.el7_9(i686|x86_64)0:1.0.2k-21.el7_9(i686|x86_64)0:1.8.0-4.el7_9.1(noarch)0:1.8.0-4.el7_9.1(x86_64)0:2.1-73.9.el7_9(x86_64)0:3.5.20-17.el7_9.6(x86_64)0:4.5.0-36.el7_9.3(i686|x86_64)0:4.5.0-36.el7_9.3(i686|x86_64)0:3.53.1-7.el7_9(x86_64)0:3.53.1-7.el7_9(x86_64)0:1.1.23-1.el7_9.1(i686|x86_64)0:1.1.23-1.el7_9.10:9-3.2-00:4.12.14-197.67.10:5-5.2-00:4.12.14-95.71.10:4.12.14-122.60.10:4.12.14-122.63.10:4.12.14-122.63.10:4.12.14-197.83.10:4.12.14-197.86.10:4.12.14-197.86.10:5.3.18-24.49.20:5.3.18-24.52.10:5.3.18-24.52.10:5.3.18-57.30:10-3.2-00:5.3.18-57.3(x86_64)0:2.76-16.el7_9.1(i686|x86_64)0:2.4.44-23.el7_9(x86_64)0:2.4.44-23.el7_9(x86_64)0:3.10.0-1160.53.1.el7(noarch)0:3.10.0-1160.53.1.el7(i686|x86_64)0:2.4.44-25.el7_9(x86_64)0:2.4.44-25.el7_9(x86_64)0:4.6.8-5.el7_9.10(noarch)0:4.6.8-5.el7_9.10(x86_64)0:1.7.0.251-2.6.21.0.el7_7(noarch)0:1.7.0.251-2.6.21.0.el7_7(i686|x86_64)0:1.8.0.242.b08-0.el7_7(noarch)0:1.8.0.242.b08-0.el7_7(i686|x86_64)0:11.0.6.10-1.el7_7(x86_64)0:2.7.5-92.el7_9(i686|x86_64)0:2.7.5-92.el7_9(noarch)0:1.3.1-12.el7_9(i686|x86_64)0:78.4.1-1.el7_9(x86_64)0:78.4.3-1.el7_9(x86_64)0:78.5.1-1.el7_9(i686|x86_64)0:78.7.0-2.el7_9(i686|x86_64)0:1.8.0.252.b09-2.el7_8(noarch)0:1.8.0.252.b09-2.el7_8(i686|x86_64)0:11.0.7.10-4.el7_8(x86_64)0:1.7.0.261-2.6.22.2.el7_8(noarch)0:1.7.0.261-2.6.22.2.el7_8(x86_64)0:3.10.0-1160.41.1.el7(noarch)0:3.10.0-1160.41.1.el70:11-2.2-00:4.12.14-122.57.10:4.12.14-122.60.10:4.12.14-197.78.10:4.12.14-197.78.10:8-5.2-0(noarch)0:1.9.4-23.el7_90:4.12.14-95.68.10:4.12.14-150.66.10:4.12.14-197.83.10:5.3.18-24.46.10:6-5.2-0(x86_64)0:1.5.3-175.el7_9.40:4.12.14-122.57.1(i686|x86_64)0:6.9.10.68-5.el7_9(x86_64)0:6.9.10.68-5.el7_9(x86_64)0:2.4.6-99.el7_9.2(noarch)0:2.4.6-99.el7_9.2(x86_64)0:1.3.10.2-12.el7_90:12-2.2-00:4.12.14-122.66.20:4.12.14-122.66.20:11-5.2-00:5.3.18-24.53.4.10:4.12.14-95.77.10:15-2.2-00:4.12.14-122.71.10:4.12.14-122.74.10:4.12.14-122.77.10:4.12.14-122.77.10:4.12.14-150.72.10:4.12.14-197.89.20:4.12.14-197.92.10:4.12.14-197.92.10:14-5.2-00:5.3.18-24.61.10:5.3.18-24.64.10:5.3.18-24.67.3(x86_64)0:3.10.0-1160.49.1.el7(noarch)0:3.10.0-1160.49.1.el70:4.12.14-95.102.10:4.12.14-95.105.10:13-2.3-00:4.12.14-95.88.10:9-2.3-00:4.12.14-95.93.10:8-2.3-00:4.12.14-95.96.10:4.12.14-95.99.30:4.12.14-95.99.30:4.12.14-122.103.10:14-2.3-00:4.12.14-122.106.10:12-2.3-00:4.12.14-122.110.10:10-2.3-00:4.12.14-122.113.10:4.12.14-122.116.10:4.12.14-122.121.20:5-2.3-00:4.12.14-122.124.30:4.12.14-122.127.10:4.12.14-122.130.10:4.12.14-122.88.10:16-2.3-00:4.12.14-122.91.20:4.12.14-122.98.10:4.12.14-122.98.10:4.12.14-150000.150.89.10:7-150000.2.2-00:4.12.14-150000.150.92.20:4-150000.2.1-00:4.12.14-150000.150.95.10:2-150000.2.1-00:4.12.14-150000.150.98.10:13-150000.2.2-00:4.12.14-150.83.10:9-150000.2.2-00:4.12.14-150.86.10:8-150000.2.2-00:4.12.14-150.86.10:4.12.14-150100.197.111.10:7-150100.2.2-00:4.12.14-150100.197.114.20:4-150100.2.1-00:4.12.14-150100.197.117.10:2-150100.2.1-00:4.12.14-150100.197.120.10:4.12.14-197.102.20:13-150100.2.2-00:4.12.14-197.105.10:9-150100.2.2-00:4.12.14-197.108.10:8-150100.2.2-00:4.12.14-197.108.10:5.3.18-150200.24.112.10:7-150200.2.2-00:5.3.18-150200.24.115.10:5-150200.2.1-00:5.3.18-150200.24.126.10:2-150200.2.1-00:5.3.18-24.102.10:12-150200.2.2-00:5.3.18-24.107.10:11-150200.2.2-00:5.3.18-24.83.20:16-150200.2.2-00:5.3.18-24.86.20:5.3.18-24.93.10:15-150200.2.2-00:5.3.18-24.96.10:14-150200.2.2-00:5.3.18-24.99.10:13-150200.2.2-00:5.3.18-24.99.10:5.3.18-150300.59.43.10:13-150300.2.2-00:5.3.18-150300.59.46.10:5.3.18-150300.59.49.10:12-150300.2.2-00:5.3.18-150300.59.54.10:11-150300.2.2-00:5.3.18-150300.59.60.40:10-150300.2.2-00:5.3.18-150300.59.63.10:7-150300.2.2-00:5.3.18-150300.59.68.10:6-150300.2.2-00:5.3.18-150300.59.71.20:5-150300.2.1-00:5.3.18-150300.59.76.10:4-150300.2.1-00:5.3.18-150300.59.87.10:3-150300.2.1-00:5.3.18-59.24.10:16-150300.2.2-00:5.3.18-59.27.10:5.3.18-59.34.10:15-150300.2.2-00:5.3.18-59.37.20:14-150300.2.2-00:5.3.18-59.40.10:5.3.18-59.40.10:5.14.21-150400.22.10:5-150400.4.12.3-00:5.14.21-150400.24.11.10:2-150400.2.1-00:5.14.21-150400.24.18.10:5.14.21-150400.24.18.10:6-150000.2.1-00:15-150000.2.2-00:11-150000.2.2-00:10-150000.2.2-0(x86_64)0:3.10.0-1160.118.1.el7(noarch)0:3.10.0-1160.118.1.el70:4.12.14-95.80.10:4.12.14-122.80.10:4.12.14-122.83.10:4.12.14-122.88.10:4.12.14-150.75.10:4.12.14-197.99.10:4.12.14-197.99.10:5.3.18-24.70.10:5.3.18-24.75.30:5.3.18-24.78.10:5.3.18-24.78.10:5.3.18-59.10.10:8-150300.2.2-00:5.3.18-59.13.10:5.3.18-59.16.10:5.3.18-59.19.10:5.3.18-59.5.20:5.3.18-59.5.2(noarch)0:1.8.18-9.el7_7(x86_64)0:1.8.18-9.el7_7(noarch)0:1.8.3.1-22.el7_8(x86_64)0:1.8.3.1-22.el7_8(i686|x86_64)0:2.0.0-21.gitd1c6db8.el7(x86_64)0:2.0.0-21.gitd1c6db8.el7(i686|x86_64)0:20120731b-13.el7(x86_64)0:68.5.0-1.el7_7(i686|x86_64)0:68.5.0-2.el7_7(i686|x86_64)0:68.6.1-1.el7_8(x86_64)0:68.7.0-1.el7_8(i686|x86_64)0:68.7.0-2.el7_8(i686|x86_64)0:2.3.1-2.el7_7(noarch)0:2.3.1-2.el7_7(x86_64)0:1.5.3-173.el7(i686|x86_64)0:2.3.1-3.el7_7(noarch)0:2.3.1-3.el7_7(x86_64)0:7.29.0-59.el7_9.1(i686|x86_64)0:7.29.0-59.el7_9.1(x86_64)0:2.4.5-34.el7_7(i686|x86_64)0:2.4.5-34.el7_7(x86_64)0:1.5.3-173.el7_8.1(x86_64)0:9.11.4-16.P2.el7_8.6(i686|x86_64)0:9.11.4-16.P2.el7_8.6(noarch)0:9.11.4-16.P2.el7_8.6(x86_64)0:9.11.4-26.P2.el7_9.2(i686|x86_64)0:9.11.4-26.P2.el7_9.2(noarch)0:9.11.4-26.P2.el7_9.2(x86_64)0:9.11.4-26.P2.el7_9.4(i686|x86_64)0:9.11.4-26.P2.el7_9.4(noarch)0:9.11.4-26.P2.el7_9.40:4.12.14-197.64.1(x86_64)0:4.10.5-9.el7(i686|x86_64)0:4.10.5-9.el7(noarch)0:7.0.76-12.el7_80:13-5.2-00:4.12.14-122.32.10:13-2.1-00:2-150300.2.1-00:12-3.1-00:10-150300.2.1-00:9-150300.2.1-00:8-150300.2.1-00:6-150300.2.1-00:5.3.18-24.53.4.10:9-3.1-0(x86_64)0:4.10.16-15.el7_9(i686|x86_64)0:4.10.16-15.el7_9(noarch)0:4.10.16-15.el7_9(x86_64)0:4.11.3-48.el7_9(noarch)0:4.11.3-48.el7_9(i686|x86_64)0:4.11.3-48.el7_9(x86_64)0:1.5.4-2.el7_9(i686|x86_64)0:1.5.4-2.el7_9(i686|x86_64)0:2.7.1-9.el7_90:5.3.18-24.93.1(x86_64)0:1.0.9-10.el7_9(x86_64)0:1.0.0-10.el7_9(noarch)0:1.3.1-13.el7_9(x86_64)0:1.0.9-11.el7_9(x86_64)0:1.0.0-11.el7_9(i686|x86_64)0:1.8.0.292.b10-1.el7_9(noarch)0:1.8.0.292.b10-1.el7_9(i686|x86_64)0:11.0.11.0.9-1.el7_90:16-2.2-00:4.12.14-122.80.10:5.3.18-24.75.30:5-3.1-0(x86_64)0:3.10.0-1160.45.1.el7(noarch)0:3.10.0-1160.45.1.el70:4.12.14-95.74.10:4.12.14-122.71.10:4.12.14-197.89.20:5.3.18-24.64.1(i686|x86_64)0:1.8.0.302.b08-0.el7_9(noarch)0:1.8.0.302.b08-0.el7_9(i686|x86_64)0:11.0.12.0.7-0.el7_9(x86_64)0:1.0.2k-22.el7_9(i686|x86_64)0:1.0.2k-22.el7_9(i686|x86_64)0:78.10.0-1.el7_9(x86_64)0:78.10.0-1.el7_9(i686|x86_64)0:78.8.0-1.el7_9(x86_64)0:78.8.0-1.el7_9(i686|x86_64)0:78.9.0-1.el7_9(x86_64)0:78.9.0-3.el7_9(x86_64)0:78.9.1-1.el7_9(x86_64)0:9.11.4-26.P2.el7_9.7(i686|x86_64)0:9.11.4-26.P2.el7_9.7(noarch)0:9.11.4-26.P2.el7_9.7(x86_64)0:9.11.4-26.P2.el7_9.5(i686|x86_64)0:9.11.4-26.P2.el7_9.5(noarch)0:9.11.4-26.P2.el7_9.5(x86_64)0:4.2.5-83.el7_9.1(i686|x86_64)0:4.2.5-83.el7_9.1(x86_64)0:9.11.4-26.P2.el7_9.13(i686|x86_64)0:9.11.4-26.P2.el7_9.13(noarch)0:9.11.4-26.P2.el7_9.13(x86_64)0:3.10.0-1160.83.1.el7(noarch)0:3.10.0-1160.83.1.el7(x86_64)0:2.4.6-97.el7_9.4(noarch)0:2.4.6-97.el7_9.40:10-5.2-0(x86_64)0:4.1.0-0.27.20120314git3c2946.el7_9(x86_64)0:295-3.el7_9.1(i686|x86_64)0:2.56.1-9.el7_9(noarch)0:2.56.1-9.el7_9(x86_64)0:2.56.1-9.el7_90:9-5.2-0(x86_64)0:3.10.0-1160.24.1.el7(noarch)0:3.10.0-1160.24.1.el7(x86_64)0:2.6-12.el7_9.2(i686|x86_64)0:2.5.1-8.el7_9(x86_64)0:2.5.1-8.el7_9(noarch)0:1.3.1-14.el7_9(x86_64)0:78.11.0-1.el7_9(i686|x86_64)0:78.11.0-3.el7_9(x86_64)0:78.12.0-2.el7_9(i686|x86_64)0:78.12.0-1.el7_9(i686|x86_64)0:78.13.0-2.el7_9(x86_64)0:78.13.0-1.el7_9(i686|x86_64)0:2.28.2-3.el7(noarch)0:2.28.2-3.el7(i686|x86_64)0:0.23-2.el7_9(i686|x86_64)0:0.26-3.el7_9(x86_64)0:0.27.0-4.el7_8(i686|x86_64)0:0.27.0-4.el7_8(noarch)0:0.27.0-4.el7_8(i686|x86_64)0:1.6.7-4.el7_9(noarch)0:1.6.7-4.el7_9(x86_64)0:1.8.23-10.el7_9.1(i686|x86_64)0:1.8.23-10.el7_9.1(i686|x86_64)0:9.2.24-7.el7_9(x86_64)0:9.2.24-7.el7_9(i686|x86_64)0:0.19.4-2.el7_90:12-5.2-0(i686|x86_64)0:1.0.25-12.el7_9.1(x86_64)0:1.0.25-12.el7_9.1(i686|x86_64)0:91.2.0-4.el7_9(x86_64)0:91.2.0-1.el7_9(i686|x86_64)0:1.0.2-6.el7_9(noarch)0:1.0.2-6.el7_90:6-150100.2.1-00:15-150100.2.2-00:11-150100.2.2-00:10-150100.2.2-00:10-150200.2.2-00:8-150200.2.1-00:18-150200.2.2-00:17-150200.2.2-00:9-150300.2.2-00:7-150300.2.1-00:18-150300.2.2-00:17-150300.2.2-00:8-150400.4.21.1-00:5-150400.2.1-00:5.14.21-150400.24.11.1(x86_64)0:1.20.4-16.el7_9(i686|x86_64)0:1.20.4-16.el7_9(noarch)0:1.20.4-16.el7_9(x86_64)0:0.56.5-4.el7_90:8-3.2-0(i686|x86_64)0:1.3.10-6.11.el7_9(x86_64)0:1.3.10-6.11.el7_9(i686|x86_64)0:1.8.0.312.b07-1.el7_9(noarch)0:1.8.0.312.b07-1.el7_9(i686|x86_64)0:11.0.13.0.8-1.el7_9(x86_64)0:2.0-2.el7_9.10:4.12.14-122.83.10:5.3.18-24.70.1(i686|x86_64)0:1.16.5-10.el7_9.10(x86_64)0:1.16.5-10.el7_9.10(noarch)0:1.16.5-10.el7_9.10(i686|x86_64)0:1.3.10-6.12.el7_9(x86_64)0:1.3.10-6.12.el7_9(x86_64)0:1.3.10.2-13.el7_90:11-2.3-00:6-3.2-0(x86_64)0:1.0.2k-23.el7_9(i686|x86_64)0:1.0.2k-23.el7_9(x86_64)0:3.10.0-1160.42.2.el7(noarch)0:3.10.0-1160.42.2.el7(i686|x86_64)0:1.15.1-51.el7_9(x86_64)0:1.15.1-51.el7_9(i686|x86_64)0:78.14.0-1.el7_9(x86_64)0:78.14.0-1.el7_9(i686|x86_64)0:91.3.0-1.el7_9(x86_64)0:91.3.0-2.el7_9(noarch)0:1.3.1-16.el7_90:2-150200.2.2-00:3-150200.2.2-00:5.3.18-150200.24.129.10:5.3.18-150200.24.134.10:4-150200.2.1-00:3-150200.2.1-00:12-150200.2.1-00:14-150200.2.1-00:11-150200.2.1-00:10-150200.2.1-00:7-150200.2.1-00:6-150200.2.1-00:2-150300.2.2-00:3-150300.2.2-00:5.3.18-150300.59.90.10:5.3.18-150300.59.93.10:5.3.18-150300.59.98.10:14-150200.3.1-00:12-150300.2.1-00:11-150300.2.1-00:2-150400.4.3.3-00:5.14.21-150400.24.21.20:2-150400.2.2-00:5.14.21-150400.24.28.10:5.14.21-150400.24.33.20:5.14.21-150400.24.33.20:15-2.1-00:14-2.1-00:4.12.14-95.96.10:15-150000.2.1-00:12-150000.2.1-00:7-150000.2.1-00:3-150000.2.1-00:13-150200.3.1-0(x86_64)0:1.20.4-17.el7_9(i686|x86_64)0:1.20.4-17.el7_9(noarch)0:1.20.4-17.el7_9(i686|x86_64)0:6.9.10.68-7.el7_9(x86_64)0:6.9.10.68-7.el7_90:4-150300.2.2-0(x86_64)0:3.10.0-1160.62.1.el7(noarch)0:3.10.0-1160.62.1.el7(i686|x86_64)0:0.112-26.el7_9.1(noarch)0:0.112-26.el7_9.1(x86_64)0:2.4.6-97.el7_9.1(noarch)0:2.4.6-97.el7_9.10:5.3.18-24.96.10:11-3.2-00:5-150300.2.2-0(x86_64)0:1.3.10.2-15.el7_9(x86_64)0:1.0.9-12.el7_9(x86_64)0:1.0.0-12.el7_9(x86_64)0:2.1.1-5.el7_9(i686|x86_64)0:2.1.1-5.el7_9(i686|x86_64)0:91.5.0-1.el7_9(x86_64)0:91.5.0-1.el7_9(x86_64)0:7.4p1-22.el7_9(i686|x86_64)0:0.10.3-2.22.el7_90:4.12.14-122.91.20:5.3.18-24.86.2(x86_64)0:2.27-44.base.el7_9.1(i686|x86_64)0:2.27-44.base.el7_9.1(i686|x86_64)0:3.67.0-4.el7_9(x86_64)0:3.67.0-4.el7_9(x86_64)0:91.4.0-3.el7_9(i686|x86_64)0:91.4.0-1.el7_9(x86_64)0:4.10.16-18.el7_9(i686|x86_64)0:4.10.16-18.el7_9(noarch)0:4.10.16-18.el7_9(x86_64)0:0.15.1-13.el7_9.1(i686|x86_64)0:0.2.0-19.el7_9.1(i686|x86_64)0:2.1.0-14.el7_9(x86_64)0:3.5.20-17.el7_9.70:4.12.14-122.162.10:4.12.14-122.165.10:4.12.14-122.173.10:4.12.14-122.176.10:4.12.14-122.179.10:4.12.14-122.183.10:4.12.14-122.186.10:4.12.14-122.189.10:4.12.14-122.194.10:4.12.14-122.201.10:11-8.10.1-00:4.12.14-122.216.10:9-8.6.1-00:4.12.14-122.216.10:5.3.18-150200.24.154.10:5.3.18-150200.24.157.10:5.3.18-150200.24.160.20:5.3.18-150200.24.163.10:5.3.18-150200.24.166.10:5.3.18-150200.24.169.10:5.3.18-150200.24.172.10:8-150200.2.2-00:5.3.18-150200.24.175.10:9-150200.2.2-00:5.3.18-150200.24.178.10:6-150200.2.2-00:5.3.18-150200.24.183.10:10-150200.5.6.1-00:5.3.18-150200.24.188.10:9-150200.5.6.1-00:5.3.18-150200.24.188.10:5.3.18-150300.59.124.10:5.3.18-150300.59.127.10:5.3.18-150300.59.130.10:5.3.18-150300.59.133.10:5.3.18-150300.59.138.10:5.3.18-150300.59.141.20:5.3.18-150300.59.144.10:5.3.18-150300.59.147.20:5.3.18-150300.59.150.10:5.3.18-150300.59.153.20:12-150300.7.6.1-00:5.3.18-150300.59.158.10:11-150300.7.6.1-00:5.3.18-150300.59.158.10:18-150300.2.1-00:15-150300.2.1-00:14-150300.2.1-00:5.3.18-150300.59.161.10:13-150300.2.1-00:5.3.18-150300.59.161.10:13-150200.2.1-00:5.3.18-150200.24.191.10:8-150200.5.6.1-00:5.3.18-150200.24.194.10:5-150200.5.6.1-00:5.3.18-150200.24.197.10:4-150200.5.6.1-00:5.3.18-150200.24.197.10:10-150300.7.6.1-00:5.3.18-150300.59.164.10:7-150300.7.6.1-00:5.3.18-150300.59.167.10:6-150300.7.6.1-00:5.3.18-150300.59.167.10:9-150200.2.1-00:5.3.18-150200.24.191.10:5.14.21-150500.55.36.10:14-150500.2.1-00:5.14.21-150500.55.39.10:5.14.21-150500.55.44.10:13-150500.2.1-00:5.14.21-150500.55.49.10:13-150500.11.8.1-00:5.14.21-150500.55.52.10:11-150500.11.6.1-00:5.14.21-150500.55.59.10:11-150500.11.10.1-00:5.14.21-150500.55.62.20:9-150500.11.6.1-00:5.14.21-150500.55.65.10:5.14.21-150500.55.68.10:8-150500.11.6.1-00:5.14.21-150500.55.73.10:3-150500.11.6.1-00:5.14.21-150500.55.73.10:15-150200.2.1-00:5.14.21-150400.24.100.20:13-150400.2.1-00:5.14.21-150400.24.103.10:11-150400.2.1-00:5.14.21-150400.24.108.10:13-150400.9.8.1-00:5.14.21-150400.24.111.20:11-150400.9.6.1-00:5.14.21-150400.24.116.10:11-150400.9.8.1-00:5.14.21-150400.24.119.10:10-150400.9.6.1-00:5.14.21-150400.24.122.20:8-150400.9.6.1-00:5.14.21-150400.24.125.10:5-150400.9.6.1-00:5.14.21-150400.24.88.10:15-150400.2.1-00:5.14.21-150400.24.92.10:14-150400.2.1-00:5.14.21-150400.24.97.10:5.14.21-150400.24.97.10:5.14.21-150500.55.28.10:15-150500.2.1-00:5.14.21-150500.55.31.10:12-150500.2.1-00:5.14.21-150500.55.68.10:16-2.1-00:16-150000.2.1-00:13-150000.2.1-00:8-150000.2.1-00:8-150100.2.1-00:16-150100.2.1-00:15-150100.2.1-00:13-150100.2.1-00:16-150200.2.1-00:16-150200.3.1-00:10-150000.2.1-00:5-150000.2.1-00:5-150100.2.1-00:12-150100.2.1-00:10-150100.2.1-00:4.12.14-95.88.10:4.12.14-150.83.1(x86_64)0:3.10.0-1160.66.1.el7(noarch)0:3.10.0-1160.66.1.el7(x86_64)0:91.7.0-2.el7_9(x86_64)0:1.0.2k-25.el7_9(i686|x86_64)0:1.0.2k-25.el7_9(x86_64)0:1.3.10.2-16.el7_90:7-150100.2.1-00:3-150100.2.1-00:14-150100.2.1-00:15-150200.3.1-0(x86_64)0:3.10.0-1160.123.1.el7(noarch)0:3.10.0-1160.123.1.el70:4.12.14-95.93.10:5.14.21-150400.22.10:14-150000.2.2-00:5-150000.2.2-00:4-150000.2.2-00:5-150100.2.2-00:4-150100.2.2-00:16-150100.2.2-00:14-150100.2.2-00:18-150200.3.2-0(i686|x86_64)0:91.8.0-1.el7_9(x86_64)0:91.8.0-1.el7_90:4-150200.2.2-00:19-150200.3.2-0(x86_64)0:1.5-11.el7_9(x86_64)0:5.2.2-2.el7_9(i686|x86_64)0:5.2.2-2.el7_90:17-150200.3.1-00:17-2.2-00:6-150000.2.2-00:12-150000.2.2-00:6-150100.2.2-00:12-150100.2.2-0(x86_64)0:91.9.0-3.el7_9(i686|x86_64)0:91.9.1-1.el7_9(x86_64)0:91.9.1-1.el7_9(i686|x86_64)0:9.2.24-8.el7_9(x86_64)0:9.2.24-8.el7_90:6-150400.4.15.3-00:4-150400.4.9.3-00:18-2.3-00:17-2.3-00:5-150000.2.3-00:16-150000.2.3-00:11-150000.2.3-00:7-150000.2.3-00:6-150000.2.3-00:5-150100.2.3-00:11-150100.2.3-00:7-150100.2.3-00:6-150100.2.3-00:16-150100.2.3-00:5-150200.2.3-00:10-150200.2.3-00:9-150200.2.3-00:18-150200.2.3-00:17-150200.2.3-00:16-150200.2.3-00:14-150200.2.3-00:13-150200.2.3-00:12-150200.2.3-00:11-150200.2.3-00:11-150300.2.3-00:10-150300.2.3-00:9-150300.2.3-00:8-150300.3.2-00:5-150300.2.3-00:4-150300.2.3-00:18-150300.2.3-00:17-150300.2.3-00:16-150300.2.3-00:14-150300.2.3-00:13-150300.2.3-00:12-150300.2.3-00:3-150400.4.6.2-0(x86_64)0:3.10.0-1160.71.1.el7(noarch)0:3.10.0-1160.71.1.el7(x86_64)0:91.10.0-1.el7_9(x86_64)0:3.10.0-1160.76.1.el7(noarch)0:3.10.0-1160.76.1.el7(i686|x86_64)0:1.8.0.322.b06-1.el7_9(noarch)0:1.8.0.322.b06-1.el7_9(i686|x86_64)0:11.0.14.0.9-1.el7_9(x86_64)0:18.11.8-2.el7_9(noarch)0:18.11.8-2.el7_9(i686|x86_64)0:1.8.0.332.b09-1.el7_9(noarch)0:1.8.0.332.b09-1.el7_9(i686|x86_64)0:11.0.15.0.9-2.el7_9(i686|x86_64)0:1.8.0.342.b07-1.el7_9(noarch)0:1.8.0.342.b07-1.el7_9(i686|x86_64)0:11.0.16.0.8-1.el7_9(i686|x86_64)0:11.0.17.0.8-2.el7_9(i686|x86_64)0:1.8.0.352.b08-2.el7_9(noarch)0:1.8.0.352.b08-2.el7_9(i686|x86_64)0:91.11.0-2.el7_9(x86_64)0:91.11.0-2.el7_9(x86_64)0:2.4.6-97.el7_9.5(noarch)0:2.4.6-97.el7_9.5(i686|x86_64)0:91.6.0-1.el7_9(x86_64)0:91.6.0-1.el7_9(i686|x86_64)0:2.0.0-23.gitd1c6db8.el7_9(x86_64)0:2.0.0-23.gitd1c6db8.el7_90:11-150100.2.1-0(x86_64)0:1.20.4-18.el7_9(i686|x86_64)0:1.20.4-18.el7_9(noarch)0:1.20.4-18.el7_9(noarch)0:1.8.3.1-24.el7_9(x86_64)0:1.8.3.1-24.el7_9(x86_64)0:3.10.0-1160.80.1.el7(noarch)0:3.10.0-1160.80.1.el7(noarch)0:10.5.18-23.el7_9(x86_64)0:10.5.18-23.el7_9(noarch)0:10.5.18-24.el7_9(x86_64)0:10.5.18-24.el7_9(i686|x86_64)0:2.1.26-24.el7_9(x86_64)0:12.1.0-8.el7_9(x86_64)0:8.24.0-57.el7_9.3(noarch)0:8.24.0-57.el7_9.3(i686|x86_64)0:91.12.0-2.el7_9(x86_64)0:91.12.0-1.el7_9(i686|x86_64)0:1.5.2-6.el7_9.1(x86_64)0:1.5.2-6.el7_9.1(i686|x86_64)0:91.7.0-3.el7_9(i686|x86_64)0:219-78.el7_9.7(x86_64)0:219-78.el7_9.7(x86_64)0:2.02-0.87.el7_9.14(noarch)0:2.02-0.87.el7_9.140:5.3.18-150300.59.101.10:5.3.18-150300.59.98.10:10-150400.4.2-00:7-150400.2.1-00:6-150400.2.1-00:4-150400.2.1-00:3-150400.2.1-0(noarch)0:39.31.5.1-83.el7_9(noarch)0:18.168.6.1-83.el7_9(noarch)0:25.30.13.0-83.el7_9(noarch)0:15.32.2.9-83.el7_9(noarch)0:228.61.2.24-83.el7_9(noarch)0:8.83.5.1_1-83.el7_9(noarch)0:8.24.2.2-83.el7_9(noarch)0:9.221.4.1-83.el7_9(noarch)0:41.28.5.1-83.el7_9(noarch)0:20200421-83.git78c0348.el7_90:14-150000.2.1-00:11-150000.2.1-0(x86_64)0:1.3.10.2-17.el7_9(x86_64)0:2.02-0.87.el7_9.11(noarch)0:2.02-0.87.el7_9.11(x86_64)0:3.1.2-11.el7_90:3-150100.2.2-00:3-150400.2.2-00:16-150000.2.2-00:19-150300.2.2-0(i686|x86_64)0:91.9.0-1.el7_90:4.12.14-122.130.10:4.12.14-150100.197.120.10:5.3.18-150200.24.126.1(x86_64)0:102.3.0-3.el7_90:3-150000.2.2-0(x86_64)0:11.0.5-3.el7_9.4(i686|x86_64)0:91.10.0-1.el7_90:4.12.14-95.108.10:4.12.14-95.111.10:4.12.14-122.133.10:4.12.14-122.136.10:4.12.14-122.136.10:4.12.14-150100.197.123.10:4.12.14-150100.197.126.10:5.14.21-150400.24.28.1(i686|x86_64)0:1.3.0-6.el7_90:4.12.14-150000.150.101.10:4.12.14-150000.150.104.10:9-150400.4.24.1-0(x86_64)0:1.20.4-19.el7_9(i686|x86_64)0:1.20.4-19.el7_9(noarch)0:1.20.4-19.el7_9(x86_64)0:0.109-11.el7_90:4.12.14-95.114.10:4.12.14-122.139.10:4.12.14-122.144.10:4.12.14-122.144.10:9-150100.2.1-00:4.12.14-150100.197.131.10:5.3.18-150200.24.139.10:5.3.18-24.107.10:11-150400.7.2-00:8-150400.2.1-0(x86_64)0:3.10.0-1160.95.1.el7(noarch)0:3.10.0-1160.95.1.el7(x86_64)0:3.10.0-1160.143.1.el7(noarch)0:3.10.0-1160.143.1.el7(i686|x86_64)0:1.2.7-21.el7_9(x86_64)0:4.10.16-24.el7_9(i686|x86_64)0:4.10.16-24.el7_9(noarch)0:4.10.16-24.el7_9(x86_64)0:9.11.4-26.P2.el7_9.10(i686|x86_64)0:9.11.4-26.P2.el7_9.10(noarch)0:9.11.4-26.P2.el7_9.10(i686|x86_64)0:91.13.0-1.el7_9(x86_64)0:91.13.0-1.el7_90:7-150400.4.18.3-00:5.14.21-150400.24.21.2(x86_64)0:102.4.0-1.el7_9(i686|x86_64)0:2.1.0-15.el7_9(i686|x86_64)0:102.3.0-7.el7_9(x86_64)0:102.3.0-4.el7_9(i686|x86_64)0:102.3.0-6.el7_9(x86_64)0:3.10.0-1160.105.1.el7(noarch)0:3.10.0-1160.105.1.el7(x86_64)0:3.5.20-17.el7_9.8(noarch)0:1.8.1.3-15.el7_9(x86_64)0:0.4.9-136.el7_9(i686|x86_64)0:0.4.9-136.el7_9(i686|x86_64)0:1.16.5-10.el7_9.15(x86_64)0:1.16.5-10.el7_9.15(noarch)0:1.16.5-10.el7_9.15(x86_64)0:3.10.0-1160.88.1.el7(noarch)0:3.10.0-1160.88.1.el7(x86_64)0:1.8.0-23.el7_9(noarch)0:1.8.0-23.el7_9(x86_64)0:1.20.4-21.el7_9(i686|x86_64)0:1.20.4-21.el7_9(noarch)0:1.20.4-21.el7_9(x86_64)0:3.10.0-1160.114.2.el7(noarch)0:3.10.0-1160.114.2.el7(i686|x86_64)0:1.15.1-55.el7_9(x86_64)0:1.15.1-55.el7_9(noarch)0:5.2-19.el7_9(i686|x86_64)0:102.4.0-1.el7_9(x86_64)0:7.29.0-59.el7_9.2(i686|x86_64)0:7.29.0-59.el7_9.2(x86_64)0:3.10.0-1160.90.1.el7(noarch)0:3.10.0-1160.90.1.el70:5.14.21-150400.24.38.10:5.14.21-150400.24.38.1(i686|x86_64)0:102.5.0-1.el7_9(x86_64)0:102.5.0-2.el7_9(x86_64)0:102.6.0-2.el7_9(i686|x86_64)0:102.7.0-1.el7_9(x86_64)0:102.7.1-1.el7_9(i686|x86_64)0:102.6.0-1.el7_90:5.3.18-150200.24.142.10:5-150200.2.2-00:5.3.18-150200.24.145.10:5.3.18-150200.24.145.10:5.3.18-150300.59.106.10:5.3.18-150300.59.109.10:5.3.18-150300.59.112.10:5.3.18-150300.59.115.20:12-150400.2.3-0(i686|x86_64)0:1.3.0-7.el7_9(x86_64)0:24.3-23.el7_9.1(noarch)0:24.3-23.el7_9.10:4.12.14-122.159.10:4.12.14-122.201.10:5.3.18-150200.24.151.10:5.3.18-150300.59.121.20:5.14.21-150400.24.60.10:5.14.21-150400.24.63.10:5.14.21-150400.24.66.10:12-150400.2.1-00:5.14.21-150400.24.69.10:5.14.21-150400.24.74.10:5.14.21-150400.24.81.10:10-150400.2.1-00:9-150400.2.1-00:5.14.21-150500.11.20:13-150500.3.1-00:5.14.21-150500.53.20:12-150500.6.1-00:5.14.21-150500.55.12.10:11-150500.2.1-00:5.14.21-150500.55.19.10:10-150500.2.1-00:9-150500.2.1-00:8-150500.2.1-00:7-150500.2.1-00:6-150500.2.1-00:5.14.21-150500.55.7.10:5.14.21-150500.55.7.10:11-150400.2.2-00:9-150400.2.2-00:14-150400.2.2-00:13-150400.2.2-00:12-150400.2.2-00:14-150500.2.2-00:13-150500.2.2-00:12-150500.2.2-00:11-150500.2.2-00:10-150500.2.2-00:5.14.21-150500.55.59.10:14-150500.6.1-00:13-150500.9.1-00:5.14.21-150500.53.2(x86_64)0:3.10.0-1160.141.1.el7(noarch)0:3.10.0-1160.141.1.el70:4.12.14-122.219.10:4.12.14-122.222.10:4.12.14-122.225.10:4.12.14-122.228.10:4.12.14-122.228.10:16-150300.2.1-00:5.3.18-150300.59.170.10:5.3.18-150300.59.170.10:4.12.14-122.222.1(i686|x86_64)0:3.5.12-2.el7_90:5.3.18-150300.59.174.10:5.3.18-150300.59.174.10:16-150400.2.1-00:5.14.21-150400.24.128.10:5.14.21-150400.24.133.20:5.14.21-150400.24.133.20:16-150500.2.1-00:5.14.21-150500.55.80.20:5-150500.2.1-00:5.14.21-150500.55.80.20:17-150300.2.1-00:5.14.21-150400.24.128.10:4-150500.2.1-00:5.14.21-150500.55.65.10:6-8.6.1-00:4-8.6.1-00:3-8.6.1-00:2-8.6.1-00:4.12.14-122.231.10:18-4.1-00:4.12.14-122.231.10:4-150300.7.6.1-00:3-150300.7.6.1-00:5.3.18-150300.59.179.10:2-150300.7.6.1-00:5.3.18-150300.59.179.10:3-150400.9.6.1-00:2-150400.9.6.1-00:5.14.21-150400.24.136.10:5.14.21-150400.24.136.10:2-150500.11.6.1-00:5.14.21-150500.55.83.10:5.14.21-150500.55.83.1(x86_64)0:3.10.0-1160.142.1.el7(noarch)0:3.10.0-1160.142.1.el70:4.12.14-122.234.10:4.12.14-122.237.10:4.12.14-122.244.10:4.12.14-122.247.10:4.12.14-122.250.10:4.12.14-122.250.10:5.3.18-150300.59.182.10:5.3.18-150300.59.185.10:5.3.18-150300.59.188.10:5.3.18-150300.59.195.10:5.3.18-150300.59.198.10:5.3.18-150300.59.198.10:5.14.21-150400.24.141.10:5.14.21-150400.24.144.10:5.14.21-150400.24.147.10:5.14.21-150400.24.150.10:5.14.21-150400.24.153.10:5.14.21-150400.24.158.10:5.14.21-150400.24.158.10:5.14.21-150500.55.88.10:5.14.21-150500.55.91.10:5.14.21-150500.55.94.10:5.14.21-150500.55.97.10:5.14.21-150500.55.97.10:17-2.1-00:4.12.14-122.247.10:5.3.18-150300.59.195.10:18-150400.2.2-00:16-150400.2.2-00:8-150400.2.2-00:7-150400.2.2-00:6-150400.2.2-00:5.14.21-150400.24.150.10:17-150500.2.2-00:16-150500.2.2-00:9-150500.2.2-00:5-150500.2.2-00:2-150500.2.2-00:5.14.21-150500.55.94.10:18-2.1-00:4.12.14-122.255.10:4.12.14-122.255.10:18-150400.2.1-0(x86_64)0:3.10.0-1160.137.1.el7(noarch)0:3.10.0-1160.137.1.el7(x86_64)0:3.10.0-1160.136.1.el7(noarch)0:3.10.0-1160.136.1.el70:4.12.14-122.258.10:4.12.14-122.261.10:4.12.14-122.266.10:4.12.14-122.269.10:4.12.14-122.272.10:4.12.14-122.272.10:19-150400.2.1-00:5.14.21-150400.24.161.10:5.14.21-150400.24.164.10:5.14.21-150400.24.167.10:5.14.21-150400.24.170.20:5.14.21-150400.24.173.10:5.14.21-150400.24.176.10:5.14.21-150400.24.176.10:19-150300.4.1-00:17-150300.4.1-00:15-150300.4.1-00:11-150300.4.1-00:5.3.18-150300.59.201.10:9-150300.4.1-00:5.3.18-150300.59.204.10:5.3.18-150300.59.207.10:8-150300.4.1-00:5.3.18-150300.59.211.10:5.3.18-150300.59.215.10:5.3.18-150300.59.218.10:5.3.18-150300.59.218.10:14-4.1-00:13-4.1-00:11-4.1-00:18-150400.4.1-00:17-150400.4.1-00:16-150400.4.1-00:15-150400.4.1-00:10-150400.4.1-00:9-150400.4.1-00:8-150400.4.1-00:7-150400.4.1-00:3-150400.4.1-00:5.14.21-150500.55.100.10:9-150500.4.1-00:5.14.21-150500.55.103.10:5.14.21-150500.55.110.10:8-150500.4.1-00:5.14.21-150500.55.113.10:5.14.21-150500.55.116.10:6-150500.4.1-00:5.14.21-150500.55.121.20:3-150500.4.1-00:18-150500.4.1-00:14-150500.4.1-00:10-150500.4.1-00:4.12.14-122.275.10:4.12.14-122.275.10:5.14.21-150400.24.179.10:5.14.21-150400.24.179.10:5.14.21-150500.55.124.10:3-150500.2.1-00:17-150500.2.1-0(x86_64)0:3.10.0-1160.144.1.el7(noarch)0:3.10.0-1160.144.1.el70:5.3.18-150300.59.221.10:5.3.18-150300.59.221.1(x86_64)0:3.10.0-1160.147.1.el7(noarch)0:3.10.0-1160.147.1.el70:4.12.14-122.280.10:4.12.14-122.283.10:4.12.14-122.290.10:4.12.14-122.290.10:15-150400.2.2-00:5.14.21-150400.24.184.10:5.14.21-150400.24.187.30:5.14.21-150400.24.187.30:15-150500.2.2-00:5.14.21-150500.55.127.10:5.14.21-150500.55.130.30:5.14.21-150500.55.133.10:4.12.14-122.283.10:2-150500.2.1-00:5.14.21-150400.24.41.10:5.14.21-150400.24.41.10:4.12.14-122.147.10:4.12.14-122.147.10:6-150200.2.3-00:3-150200.2.3-00:5.3.18-150200.24.139.10:3-150300.2.3-00:8-150300.2.3-00:6-150300.2.3-00:12-150400.10.3-00:9-150400.2.3-00:8-150400.2.3-00:6-150400.2.3-00:5-150400.2.3-00:4-150400.2.3-00:3-150400.2.3-0(x86_64)0:1.0.2k-26.el7_9(i686|x86_64)0:1.0.2k-26.el7_90:5.14.21-150400.15.11.10:4-150400.2.2-00:14-150400.16.1-00:11-150400.2.3-00:10-150400.2.3-00:7-150400.2.3-00:5.14.21-150400.24.46.10:5.14.21-150400.24.55.30:2-150400.2.3-00:5.14.21-150400.24.60.1(x86_64)0:102.7.1-2.el7_90:8-150200.2.3-00:4-150200.2.3-00:7-150300.2.3-00:5.14.21-150400.24.46.10:9-150500.6.2-0(x86_64)0:1.8.0-24.el7_9(noarch)0:1.8.0-24.el7_9(x86_64)0:1.20.4-22.el7_9(i686|x86_64)0:1.20.4-22.el7_9(noarch)0:1.20.4-22.el7_9(x86_64)0:102.10.0-2.el7_90:4.12.14-95.117.10:4.12.14-150100.197.134.10:4.12.14-150100.197.134.10:5.3.18-150200.24.142.10:13-150400.13.2-00:10-150400.2.2-00:5-150400.2.2-0(x86_64)0:102.8.0-2.el7_9(i686|x86_64)0:102.8.0-2.el7_9(i686|x86_64)0:3.79.0-5.el7_9(x86_64)0:3.79.0-5.el7_90:4.12.14-122.150.10:4.12.14-122.153.10:4.12.14-122.156.10:4.12.14-122.162.10:8-150100.2.3-00:4.12.14-150100.197.137.20:4.12.14-150100.197.142.10:4.12.14-150100.197.145.10:4.12.14-150100.197.145.10:5.3.18-150200.24.148.10:5.3.18-150200.24.154.10:5.3.18-150300.59.118.10:5.14.21-150400.24.66.10:3-150500.6.2-00:2-150200.2.3-00:2-150300.2.3-00:4.12.14-95.120.40:4.12.14-122.150.10:4.12.14-122.179.10:2-150100.2.2-00:4.12.14-150100.197.157.10:4.12.14-150100.197.157.10:5.14.21-150400.24.55.30:4.12.14-95.120.40:4.12.14-122.153.10:4.12.14-150100.197.137.2(x86_64)0:1.8.0-25.el7_9(noarch)0:1.8.0-25.el7_9(x86_64)0:1.20.4-23.el7_9(i686|x86_64)0:1.20.4-23.el7_9(noarch)0:1.20.4-23.el7_90:4.12.14-150100.197.148.10:4.12.14-150100.197.151.10:4.12.14-150100.197.154.10:4.12.14-150100.197.160.10:4.12.14-150100.197.165.10:4.12.14-150100.197.168.10:4.12.14-150100.197.168.10:4-150500.9.2-00:5.3.18-150200.24.148.1(i686|x86_64)0:102.10.0-1.el7_90:4.12.14-122.156.10:4.12.14-150100.197.142.1(i686|x86_64)0:0.3.0-11.el7(x86_64)0:0.3.0-11.el70:4.12.14-150100.197.148.10:2-150500.3.1-0(noarch)0:39.31.5.1-81.el7_9(noarch)0:18.168.6.1-81.el7_9(noarch)0:25.30.13.0-81.el7_9(noarch)0:15.32.2.9-81.el7_9(noarch)0:228.61.2.24-81.el7_9(noarch)0:8.83.5.1_1-81.el7_9(noarch)0:8.24.2.2-81.el7_9(noarch)0:9.221.4.1-81.el7_9(noarch)0:41.28.5.1-81.el7_9(noarch)0:20200421-81.git78c0348.el7_9(noarch)0:39.31.5.1-82.el7_9(noarch)0:18.168.6.1-82.el7_9(noarch)0:25.30.13.0-82.el7_9(noarch)0:15.32.2.9-82.el7_9(noarch)0:228.61.2.24-82.el7_9(noarch)0:8.83.5.1_1-82.el7_9(noarch)0:8.24.2.2-82.el7_9(noarch)0:9.221.4.1-82.el7_9(noarch)0:41.28.5.1-82.el7_9(noarch)0:20200421-82.git78c0348.el7_9(x86_64)0:3.10.0-1160.99.1.el7(noarch)0:3.10.0-1160.99.1.el7(x86_64)0:11.0.5-3.el7_9.6(x86_64)0:11.0.5-3.el7_9.70:5.14.21-150400.24.74.10:5.3.18-150200.24.166.10:5.3.18-150300.59.138.10:5.14.21-150400.24.92.10:6-150500.15.1-00:4.12.14-122.159.1(i686|x86_64)0:1.8.0.362.b08-1.el7_9(noarch)0:1.8.0.362.b08-1.el7_9(i686|x86_64)0:11.0.18.0.10-1.el7_9(i686|x86_64)0:1.8.0.372.b07-1.el7_9(noarch)0:1.8.0.372.b07-1.el7_9(i686|x86_64)0:11.0.19.0.7-1.el7_9(i686|x86_64)0:11.0.20.0.8-1.el7_9(i686|x86_64)0:1.8.0.382.b05-1.el7_9(noarch)0:1.8.0.382.b05-1.el7_9(i686|x86_64)0:1.8.0.392.b08-2.el7_9(noarch)0:1.8.0.392.b08-2.el7_9(i686|x86_64)0:11.0.21.0.9-1.el7_9(x86_64)0:1.8.23-10.el7_9.3(i686|x86_64)0:1.8.23-10.el7_9.30:5.3.18-150200.24.151.10:5.14.21-150400.24.63.10:4.12.14-95.114.10:4.12.14-150100.197.131.1(x86_64)0:2.7.5-93.el7_9(i686|x86_64)0:2.7.5-93.el7_9(i686|x86_64)0:3.6.8-19.el7_9(noarch)0:1.8.3.1-25.el7_9(x86_64)0:1.8.3.1-25.el7_9(x86_64)0:2.4.6-98.el7_9.7(noarch)0:2.4.6-98.el7_9.7(i686|x86_64)0:102.9.0-3.el7_9(x86_64)0:102.9.0-1.el7_90:13-150100.2.3-00:10-150100.2.3-00:3-150100.2.3-00:2-150100.2.3-0(i686|x86_64)0:219-78.el7_9.11(x86_64)0:219-78.el7_9.11(x86_64)0:9.11.4-26.P2.el7_9.14(i686|x86_64)0:9.11.4-26.P2.el7_9.14(noarch)0:9.11.4-26.P2.el7_9.140:5.14.21-150400.24.69.1(noarch)0:39.31.5.1-999.34.el7_9(noarch)0:18.168.6.1-999.34.el7_9(noarch)0:22.0.7.0-999.34.el7_9(noarch)0:15.32.2.9-999.34.el7_9(noarch)0:228.61.2.24-999.34.el7_9(noarch)0:8.83.5.1_1-999.34.el7_9(noarch)0:8.24.2.2-999.34.el7_9(noarch)0:9.221.4.1-999.34.el7_9(noarch)0:17.168.5.3-999.34.el7_9(noarch)0:17.168.5.2-999.34.el7_9(noarch)0:41.28.5.1-999.34.el7_9(noarch)0:20240715-999.34.el7_9(noarch)0:20240715-999.34.git4c8fb21e.el7_90:4.12.14-95.125.10:4.12.14-95.125.1(x86_64)0:5.16.3-299.el7_9.1(noarch)0:1.9800-299.el7_9.1(noarch)0:0.28.2.6-299.el7_9.1(noarch)0:1.30-299.el7_9.1(noarch)0:1.58-299.el7_9.1(noarch)0:1.10-299.el7_9.1(noarch)0:0.21-299.el7_9.1(noarch)0:2.76.02-299.el7_9.1(noarch)0:0.08-299.el7_9.1(noarch)0:0.42-299.el7_9.1(noarch)0:0.02-299.el7_9.1(noarch)0:1.04-299.el7_9.1(x86_64)0:1.20.1-299.el7_9.1(i686|x86_64)0:5.16.3-299.el7_9.1(i686|x86_64)0:1.10.0-3.el7_9.1(i686|x86_64)0:102.11.0-2.el7_9(x86_64)0:102.11.0-1.el7_9(x86_64)0:3.10.0-1160.102.1.el7(noarch)0:3.10.0-1160.102.1.el7(x86_64)0:1.6.3-52.el7_9(i686|x86_64)0:1.6.3-52.el7_9(noarch)0:1.6.3-52.el7_9(x86_64)0:9.11.4-26.P2.el7_9.15(i686|x86_64)0:9.11.4-26.P2.el7_9.15(noarch)0:9.11.4-26.P2.el7_9.150:5.3.18-150200.24.157.10:12-150300.2.4-00:10-150300.2.4-00:9-150300.2.4-00:13-150400.2.3-00:5-150500.12.2-0(x86_64)0:11.0.5-3.el7_9.9(x86_64)0:102.14.0-1.el7_9(i686|x86_64)0:102.12.0-1.el7_9(x86_64)0:102.12.0-1.el7_9(x86_64)0:2.1-73.23.el7_90:4.12.14-122.165.10:4.12.14-150100.197.151.1(i686|x86_64)0:115.3.1-1.el7_9(x86_64)0:115.3.1-1.el7_90:5.14.21-150400.24.81.1(i686|x86_64)0:102.13.0-2.el7_9(x86_64)0:102.13.0-2.el7_9(noarch)0:2.4.2-6.el7_9(i686|x86_64)0:3.1.1-10.el7_9.1(noarch)0:3.1.1-10.el7_9.10:4.12.14-122.173.10:4.12.14-150100.197.154.1(i686|x86_64)0:3.1.7-3.el7_9(x86_64)0:7.4p1-23.el7_9(i686|x86_64)0:0.10.3-2.23.el7_90:8-150500.2.3-00:7-150500.2.3-00:6-150500.2.3-00:5-150500.2.3-00:4.12.14-122.183.10:5.3.18-150200.24.169.10:5.3.18-150300.59.141.20:8-150500.3.1-0(x86_64)0:2.7.5-94.el7_9(i686|x86_64)0:2.7.5-94.el7_9(i686|x86_64)0:3.6.8-21.el7_9(i686|x86_64)0:102.14.0-1.el7_9(i686|x86_64)0:102.15.0-1.el7_9(x86_64)0:102.15.0-1.el7_9(x86_64)0:15.8-2.el70:5.3.18-150200.24.160.20:5.3.18-150200.24.163.10:5.3.18-150300.59.133.10:5.14.21-150400.24.88.10:10-150500.9.1-00:10-150500.9.2-0(x86_64)0:3.10.0-1160.108.1.el7(noarch)0:3.10.0-1160.108.1.el7(x86_64)0:9.11.4-26.P2.el7_9.16(i686|x86_64)0:9.11.4-26.P2.el7_9.16(x86_64)0:11.1-7.el7_9.1(noarch)0:9.11.4-26.P2.el7_9.16(x86_64)0:4.2.5-83.el7_9.2(i686|x86_64)0:4.2.5-83.el7_9.2(i686|x86_64)0:2.0.0-24.gitd1c6db8.el7_9(x86_64)0:2.0.0-24.gitd1c6db8.el7_9(i686|x86_64)0:0.10.23-24.el7_9(x86_64)0:0.10.23-24.el7_9(i686|x86_64)0:1.10.4-4.el7_9(i686|x86_64)0:115.4.0-1.el7_90:4.12.14-122.176.10:12-150100.2.3-00:9-150100.2.3-0(x86_64)0:3.5.20-17.el7_9.10(x86_64)0:3.5.20-17.el7_9.9(noarch)0:10.5.18-32.el7_9(x86_64)0:10.5.18-32.el7_9(i686|x86_64)0:102.15.1-1.el7_9(x86_64)0:102.15.1-1.el7_9(x86_64)0:1.6.6-5.el7_9.1(i686|x86_64)0:1.6.6-5.el7_9.1(i686|x86_64)0:2.0.0-25.gitd1c6db8.el7_9(x86_64)0:2.0.0-25.gitd1c6db8.el7_9(x86_64)0:115.6.0-1.el7_90:4.12.14-122.186.10:7-150200.2.3-00:5.3.18-150200.24.172.10:5.3.18-150300.59.144.10:4-150500.2.3-00:7-150500.3.1-00:4.12.14-122.189.10:5.3.18-150200.24.175.10:5.3.18-150300.59.147.20:4.12.14-122.194.10:5.3.18-150200.24.178.10:5.3.18-150300.59.150.10:4.12.14-122.219.10:5.3.18-150200.24.194.10:5.3.18-150300.59.164.10:6.4.0-150600.21.30:6-150600.4.10.1-00:6.4.0-150600.23.14.20:7-150600.13.6.1-00:6.4.0-150600.23.17.10:6.4.0-150600.23.22.10:3-150600.13.6.1-00:6.4.0-150600.23.7.30:6.4.0-150600.8.10:5-150600.3.1-00:6.4.0-150600.8.10:4-150600.1.1-00:2-150600.3.3.2-00:2-150600.2.1-00:6.4.0-150600.23.7.3(x86_64)0:3.10.0-1160.133.1.el7(noarch)0:3.10.0-1160.133.1.el70:18-150500.2.1-00:17-150400.2.1-0(x86_64)0:1.8.0-26.el7_9(noarch)0:1.8.0-26.el7_9(x86_64)0:1.20.4-24.el7_9(i686|x86_64)0:1.20.4-24.el7_9(noarch)0:1.20.4-24.el7_9(x86_64)0:3.10.0-1160.145.1.el7(noarch)0:3.10.0-1160.145.1.el70:6.4.0-150600.23.30.10:17-150600.2.1-00:6.4.0-150600.23.33.10:6.4.0-150600.23.38.10:12-150600.2.1-00:6.4.0-150600.23.42.20:6.4.0-150600.23.47.20:11-150600.2.1-00:6.4.0-150600.23.50.10:10-150600.2.1-00:6.4.0-150600.23.53.10:6.4.0-150600.23.60.50:9-150600.2.1-00:6.4.0-150600.23.65.10:5-150600.2.1-00:6.4.0-150600.23.70.10:6.4.0-150600.23.73.10:6.4.0-150600.23.73.10:6.4.0-150700.5.10:9-150700.3.1-00:6.4.0-150700.51.10:9-150700.3.24.1-00:6.4.0-150700.53.11.10:5-150700.2.1-00:6.4.0-150700.53.16.10:6.4.0-150700.53.19.10:2-150700.2.1-00:6.4.0-150700.53.3.10:9-150700.2.1-00:6.4.0-150700.53.6.10:6.4.0-150700.53.6.10:4.12.14-122.293.10:4.12.14-122.293.1(i686|x86_64)0:115.9.1-1.el7_9(x86_64)0:115.9.0-1.el7_9(x86_64)0:4.6.8-5.el7_9.16(noarch)0:4.6.8-5.el7_9.160:11-150500.12.1-00:11-150500.3.1-0(i686|x86_64)0:9.2.24-9.el7_9(x86_64)0:9.2.24-9.el7_9(i686|x86_64)0:115.5.0-1.el7_9(x86_64)0:115.5.0-1.el7_9(x86_64)0:1.8.0-28.el7_9(noarch)0:1.8.0-28.el7_9(x86_64)0:1.20.4-25.el7_9(i686|x86_64)0:1.20.4-25.el7_9(noarch)0:1.20.4-25.el7_90:5.3.18-150200.24.183.10:5.3.18-150300.59.153.2(x86_64)0:1.8.0-31.el7_9(noarch)0:1.8.0-31.el7_9(x86_64)0:1.20.4-27.el7_9(i686|x86_64)0:1.20.4-27.el7_9(noarch)0:1.20.4-27.el7_9(i686|x86_64)0:115.6.0-1.el7_90:4.12.14-150100.197.165.1(i686|x86_64)0:115.7.0-1.el7_9(x86_64)0:115.7.0-1.el7_90:12-150500.3.1-0(i686|x86_64)0:9.2.24-9.el7_9.2(x86_64)0:9.2.24-9.el7_9.2(x86_64)0:9.11.4-26.P2.el7_9.18(i686|x86_64)0:9.11.4-26.P2.el7_9.18(noarch)0:9.11.4-26.P2.el7_9.18(x86_64)0:3.1.2-12.el7_9.1(x86_64)0:3.1.2-12.el7_9.2(i686|x86_64)0:115.8.0-1.el7_9(x86_64)0:115.8.0-1.el7_9(x86_64)0:9.11.4-26.P2.el7_9.17(i686|x86_64)0:9.11.4-26.P2.el7_9.17(noarch)0:9.11.4-26.P2.el7_9.17(i686|x86_64)0:1.8.0.402.b06-1.el7_9(noarch)0:1.8.0.402.b06-1.el7_9(i686|x86_64)0:11.0.22.0.7-1.el7_9(i686|x86_64)0:1.8.0.412.b08-1.el7_9(noarch)0:1.8.0.412.b08-1.el7_9(i686|x86_64)0:11.0.23.0.9-2.el7_9(i686|x86_64)0:1.8.0.422.b05-1.el7_9(noarch)0:1.8.0.422.b05-1.el7_9(i686|x86_64)0:11.0.24.0.8-1.el7_9(x86_64)0:1.13.1-210.git7d71120.el7_9(x86_64)0:1.0.0-70.rc10.el7_9(x86_64)0:1.3.11.1-5.el7_9(x86_64)0:3.10.0-1160.125.1.el7(noarch)0:3.10.0-1160.125.1.el70:15-150500.9.2-00:14-150500.12.1-0(i686|x86_64)0:115.10.0-1.el7_90:5.14.21-150400.24.167.10:18-150600.2.1-00:19-150600.3.1-00:6.4.0-150600.21.30:9-150600.4.19.1-0(x86_64)0:2.1-73.24.el7_9(i686|x86_64)0:2.17-326.el7_9.3(x86_64)0:2.17-326.el7_9.3(x86_64)0:1.8.0-33.el7_9(noarch)0:1.8.0-33.el7_9(x86_64)0:1.20.4-29.el7_9(i686|x86_64)0:1.20.4-29.el7_9(noarch)0:1.20.4-29.el7_9(x86_64)0:4.6.8-5.el7_9.17(noarch)0:4.6.8-5.el7_9.17(x86_64)0:1.0.9-13.el7_9(x86_64)0:1.0.0-13.el7_9(x86_64)0:458-10.el7_9(i686|x86_64)0:9.25-5.el7_9.1(x86_64)0:9.25-5.el7_9.1(noarch)0:9.25-5.el7_9.10:5.14.21-150400.24.122.20:11-150600.4.25.1-00:10-150600.3.1-00:5.14.21-150500.55.52.10:3-150600.3.2-00:4-150600.3.1-00:5.14.21-150400.24.119.10:7-150600.4.13.1-00:6-150600.3.2-0(x86_64)0:3.0.13-15.el7_9.1(i686|x86_64)0:3.0.13-15.el7_9.1(i686|x86_64)0:1.15.1-55.el7_9.3(x86_64)0:1.15.1-55.el7_9.3(noarch)0:2.4-2.el7_90:8-150600.3.1-00:20-150600.3.1-00:5.14.21-150400.24.125.10:5.3.18-150300.59.207.1(i686|x86_64)0:1.15.1-55.el7_9.2(x86_64)0:1.15.1-55.el7_9.2(x86_64)0:2.4.6-99.el7_9.3(noarch)0:2.4.6-99.el7_9.3(x86_64)0:2.4.6-99.el7_9.4(noarch)0:2.4.6-99.el7_9.4(i686|x86_64)0:5.9.7-6.el7_9(noarch)0:5.9.7-6.el7_9(x86_64)0:5.9.7-6.el7_90:19-150400.2.2-00:17-150500.3.1-00:18-150600.4.46.1-00:16-150600.2.1-00:17-150600.3.1-00:4.12.14-122.225.10:13-150600.4.31.1-00:12-150600.3.1-00:14-150600.4.34.1-00:13-150600.3.1-00:12-150600.4.28.1-00:11-150600.3.1-00:19-150600.4.49.1-00:18-150600.3.1-0(x86_64)0:1.0.9-15.el7_9(x86_64)0:1.0.0-15.el7_9(i686|x86_64)0:115.11.0-1.el7_9(x86_64)0:115.11.0-1.el7_90:5.3.18-150200.24.200.10:2-150200.5.6.1-00:5.3.18-150200.24.200.10:17-150400.2.2-00:18-150500.2.2-00:16-150600.4.40.2-00:14-150600.2.2-00:15-150600.3.1-00:4.12.14-122.234.10:10-150600.4.22.1-00:8-150600.2.1-00:4-150600.2.1-00:6.4.0-150600.23.25.10:3-150600.2.1-00:9-150600.3.1-0(x86_64)0:2.02-0.87.0.4.el7_9(noarch)0:2.02-0.87.0.4.el7_9(x86_64)0:3.5.20-17.el7_9.110:6-150600.2.1-0(x86_64)0:1.0.35-29.el7_9.3(i686|x86_64)0:1.0.35-29.el7_9.3(x86_64)0:2.4.6-99.el7_9.6(noarch)0:2.4.6-99.el7_9.60:20-150600.2.1-00:15-150600.2.1-00:21-150600.3.1-00:17-150600.4.43.2-00:15-150600.2.2-00:11-150600.2.2-00:10-150600.2.2-00:16-150600.3.1-00:6.4.0-150600.23.22.10:19-150300.2.1-00:19-150600.2.1-00:6.4.0-150600.23.25.10:5.3.18-150300.59.182.10:5.14.21-150400.24.141.10:8-150500.2.2-00:9-150600.2.2-00:10-150500.3.1-00:16-150600.2.2-00:13-150600.2.1-00:2-150400.9.8.1-00:8-150600.4.16.1-00:2-150600.13.6.1-00:7-150600.3.1-0(noarch)0:2.11.0-13.el7_9(i686|x86_64)0:2.62.2-3.el7_90:15-150600.4.37.1-00:14-150600.3.1-00:5.3.18-150300.59.188.10:5.14.21-150400.24.147.1(x86_64)0:3.10.0-1160.132.1.el7(noarch)0:3.10.0-1160.132.1.el70:5.14.21-150500.55.88.10:14-150600.2.1-00:19-2.1-00:4.12.14-122.237.10:6.4.0-150600.23.30.1(x86_64)0:3.10.0-1160.135.1.el7(noarch)0:3.10.0-1160.135.1.el70:5.3.18-150300.59.185.10:5.14.21-150400.24.144.1(x86_64)0:3.10.0-1160.134.1.el7(noarch)0:3.10.0-1160.134.1.el70:5.3.18-150300.59.211.10:5.14.21-150400.24.170.20:15-150600.4.1-00:6.4.0-150600.23.33.10:5.14.21-150500.55.91.10:4.12.14-122.258.10:5.3.18-150300.59.204.10:5.14.21-150400.24.164.1(i686|x86_64)0:3.1.7-3.el7_9.1(noarch)0:15.1.0-7.el7_9.1(i686|x86_64)0:1.1.28-9.el7_9(i686|x86_64)0:1.2-10.el7_9(i686|x86_64)0:2.9.1-6.el7_9.9(x86_64)0:2.9.1-6.el7_9.9(noarch)0:2.7.2-5.el7_90:7-150600.2.2-00:4.12.14-122.244.10:7-150600.2.1-00:6-150500.2.2-0(i686|x86_64)0:115.12.0-1.el7_9(x86_64)0:115.12.1-1.el7_9(x86_64)0:6.1.6-8.el7_9(i686|x86_64)0:2.0.9-5.el7_90:5.14.21-150400.24.153.10:6-150600.2.2-00:2-150600.2.2-00:5.14.21-150400.24.173.1(x86_64)0:1.3.11.1-6.el7_9(noarch)0:0.9.8-7.el7_9.1(noarch)0:39.2.0-10.el7_9.1(i686|x86_64)0:9.2.24-9.el7_9.1(x86_64)0:9.2.24-9.el7_9.1(x86_64)0:1.3.11.1-7.el7_9(x86_64)0:1.2.4-4.el7_9(x86_64)0:1.8.0-34.el7_9(noarch)0:1.8.0-34.el7_9(i686|x86_64)0:9.2.24-9.el7_9.3(x86_64)0:9.2.24-9.el7_9.3(i686|x86_64)0:1.16.5-10.el7_9.17(x86_64)0:1.16.5-10.el7_9.17(noarch)0:1.16.5-10.el7_9.17(x86_64)0:2.7.5-94.el7_9.3.1(i686|x86_64)0:2.7.5-94.el7_9.3.1(i686|x86_64)0:3.6.8-21.el7_9.3(x86_64)0:24.3-23.el7_9.2(noarch)0:24.3-23.el7_9.2(i686|x86_64)0:2.56.1-11.el7_9(noarch)0:2.56.1-11.el7_9(x86_64)0:2.56.1-11.el7_9(x86_64)0:2.7.5-94.el7_9.3.2(i686|x86_64)0:2.7.5-94.el7_9.3.2(i686|x86_64)0:3.6.8-21.el7_9.4(i686|x86_64)0:1.8.0.452.b09-1.el7_9(noarch)0:1.8.0.452.b09-1.el7_9(x86_64)0:11.0.27.0.6-1.el7_90:3-150700.3.6.2-00:6.4.0-150700.51.10:6.4.0-150600.23.38.10:2-150700.3.1-00:2-150700.3.3.2-00:5.14.21-150500.55.136.10:5.3.18-150300.59.201.10:5.14.21-150400.24.161.10:6.4.0-150600.23.42.20:4.12.14-122.261.10:5.3.18-150300.59.215.10:6-150700.3.15.1-00:5-150700.3.12.2-00:6.4.0-150600.23.47.20:8-150700.3.1-00:8-150700.3.21.2-0(i686|x86_64)0:1.15.1-55.el7_9.4(x86_64)0:1.15.1-55.el7_9.4(i686|x86_64)0:1.1.28-8.el7_9(x86_64)0:1.1.28-8.el7_9(x86_64)0:1.8.0-36.el7_9(noarch)0:1.8.0-36.el7_9(x86_64)0:1.20.4-30.el7_9(i686|x86_64)0:1.20.4-30.el7_9(noarch)0:1.20.4-30.el7_9(i686|x86_64)0:2.8-15.el7_9.1(i686|x86_64)0:2.62.2-6.el7_9(i686|x86_64)0:1.8.0.462.b08-1.el7_9(noarch)0:1.8.0.462.b08-1.el7_9(x86_64)0:11.0.28.0.6-1.el7_9(i686|x86_64)0:2.9.1-6.el7_9.10(x86_64)0:2.9.1-6.el7_9.10(i686|x86_64)0:2.9.1-6.el7_9.13(x86_64)0:2.9.1-6.el7_9.13(x86_64)0:1.8.23-10.el7_9.4(i686|x86_64)0:1.8.23-10.el7_9.40:6.4.0-150700.53.3.10:3-150700.3.1-00:3-150700.2.1-00:4.12.14-122.266.1(x86_64)0:3.10.0-1160.138.1.el7(noarch)0:3.10.0-1160.138.1.el70:6.4.0-150600.23.53.10:5-150700.3.1-00:4-150700.3.2-00:4-150700.3.9.2-00:4-150700.2.1-00:6-150700.3.1-00:6-150700.2.1-00:10-150700.3.1-00:10-150700.3.27.1-00:10-150700.2.1-00:11-150700.3.1-00:11-150700.3.30.1-00:11-150700.2.1-00:15-150600.2.3-00:12-150700.3.1-00:12-150700.3.33.1-00:12-150700.2.1-00:6.4.0-150600.23.50.10:6.4.0-150600.23.60.5(x86_64)0:3.10.0-1160.139.1.el7(noarch)0:3.10.0-1160.139.1.el70:4.12.14-122.269.10:7-150700.5.1-00:7-150700.3.18.1-00:7-150700.2.1-00:7-150700.4.1-00:6.4.0-150600.23.70.10:6.4.0-150600.23.65.10:8-150700.2.1-00:10-150600.4.1-00:9-150600.4.1-00:8-150600.4.1-00:7-150600.4.1-00:3-150600.4.1-00:3-150700.4.1-0(x86_64)0:3.10.0-1160.146.1.el7(noarch)0:3.10.0-1160.146.1.el70:13-150700.3.1-00:13-150700.3.36.1-00:13-150700.2.1-00:6.4.0-150600.23.78.10:6.4.0-150600.23.78.10:6.4.0-150700.53.22.10:6.4.0-150600.23.81.30:6.4.0-150600.23.81.30:6.4.0-150700.53.25.1(x86_64)0:9.11.4-26.P2.el7_9.19(i686|x86_64)0:9.11.4-26.P2.el7_9.19(noarch)0:9.11.4-26.P2.el7_9.19(x86_64)0:0.74-8.el7_9.1(noarch)0:0.9.8-7.el7_9.2(noarch)0:39.2.0-10.el7_9.2(i686|x86_64)0:2.17-326.el7_9.5(x86_64)0:2.17-326.el7_9.5(noarch)0:1.8.3.1-25.el7_9.1(x86_64)0:1.8.3.1-25.el7_9.1(x86_64)0:2.8.22-1.el7_9.2(i686|x86_64)0:2.8.22-1.el7_9.2(x86_64)0:4.10.5-5.el7_9.1(x86_64)0:1.8.0-36.el7_9.2(noarch)0:1.8.0-36.el7_9.2(x86_64)0:1.20.4-32.el7_9(i686|x86_64)0:1.20.4-32.el7_9(noarch)0:1.20.4-32.el7_9(i686|x86_64)0:1.3.0-8.el7_9.1(x86_64)0:1.3.0-8.el7_9.1(i686|x86_64)0:1.8.0.472.b08-1.el7_9(noarch)0:1.8.0.472.b08-1.el7_9(x86_64)0:11.0.29.0.7-1.el7_9(x86_64)0:1.6.3-52.el7_9.1(i686|x86_64)0:1.6.3-52.el7_9.1(noarch)0:1.6.3-52.el7_9.1(x86_64)0:2.4.6-99.el7_9.7(noarch)0:2.4.6-99.el7_9.7(x86_64)0:3.1.2-14.el7_9.1(i686|x86_64)0:3.1.2-14.el7_9.1(i686|x86_64)0:2.18-5.el7_9.1(x86_64)0:2.18-5.el7_9.1(i686|x86_64)0:1.1.8-23.el7_9.1(x86_64)0:2.02-0.87.0.5.el7_9(noarch)0:2.02-0.87.0.5.el7_9(x86_64)0:1.8.0-36.el7_9.3(noarch)0:1.8.0-36.el7_9.3(noarch)0:39.31.5.1-999.44.1.el7(noarch)0:18.168.6.1-999.44.1.el7(noarch)0:22.0.7.0-999.44.1.el7(noarch)0:15.32.2.9-999.44.1.el7(noarch)0:228.61.2.24-999.44.1.el7(noarch)0:8.83.5.1_1-999.44.1.el7(noarch)0:8.24.2.2-999.44.1.el7(noarch)0:9.221.4.1-999.44.1.el7(noarch)0:17.168.5.3-999.44.1.el7(noarch)0:17.168.5.2-999.44.1.el7(noarch)0:41.28.5.1-999.44.1.el7(noarch)0:20251030-999.44.1.el7(noarch)0:20251030-999.44.1.gite9292517.el7(x86_64)0:11.0.30.0.7-1.el7_90:6.4.0-150600.23.84.10:6.4.0-150600.23.84.10:6.4.0-150700.53.28.1(x86_64)0:3.7.17-9.el7_9.1(i686|x86_64)0:3.7.17-9.el7_9.1(noarch)0:3.7.17-9.el7_9.1(i686|x86_64)0:9.2.24-9.el7_9.4(x86_64)0:9.2.24-9.el7_9.4(i686|x86_64)0:1.1.8-23.el7_9.2(x86_64)0:1.0.2k-26.el7_9.1(i686|x86_64)0:1.0.2k-26.el7_9.1(i686|x86_64)0:1.8.0.482.b08-1.el7_9(noarch)0:1.8.0.482.b08-1.el7_90:6.4.0-150600.23.87.10:6.4.0-150600.23.87.10:6.4.0-150700.53.31.10:5.14.21-150400.24.194.10:5.14.21-150400.24.194.1(noarch)0:0.1.9-7.el7_9.2