Marcus Updateinfo to OVAL Converter 5.5 2022-05-20T06:27:43 SUSE Linux Enterprise Server 12 SP2 schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. Important CVE-2002-2443 SUSE bug 825985 SUSE bug 871411 SUSE bug 887734 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. Important CVE-2004-0801 SUSE bug 59233 SUSE bug 698451 SUSE bug 704608 SUSE bug 852368 SUSE bug 957531 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. Important CVE-2004-2771 SUSE bug 909208 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. Moderate CVE-2006-0855 SUSE bug 153057 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. Moderate CVE-2006-0903 SUSE bug 163157 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. Important CVE-2006-2607 SUSE bug 178863 SUSE bug 537178 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. Important CVE-2006-4197 SUSE bug 199134 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Moderate CVE-2006-4226 SUSE bug 201711 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. Moderate CVE-2006-4227 SUSE bug 201711 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. Moderate CVE-2006-4484 SUSE bug 200181 SUSE bug 355864 SUSE bug 356187 SUSE bug 357978 SUSE bug 372642 SUSE bug 374257 SUSE bug 386009 SUSE bug 709852 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. Moderate CVE-2006-7250 SUSE bug 748738 SUSE bug 883307 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. Important CVE-2007-1669 SUSE bug 271781 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. Moderate CVE-2007-2721 SUSE bug 258253 SUSE bug 339731 SUSE bug 340138 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. Moderate CVE-2007-4129 SUSE bug 304180 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc. Moderate CVE-2007-4571 SUSE bug 328404 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. Important CVE-2007-4772 SUSE bug 329282 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. Important CVE-2007-5969 SUSE bug 347223 SUSE bug 348003 SUSE bug 348307 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. Moderate CVE-2007-5970 SUSE bug 348307 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. Low CVE-2007-6303 SUSE bug 348003 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. Moderate CVE-2007-6304 SUSE bug 348003 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. Critical CVE-2007-6335 SUSE bug 343277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. Moderate CVE-2007-6600 SUSE bug 329282 SUSE bug 537706 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. Moderate CVE-2007-6698 SUSE bug 357919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. Moderate CVE-2007-6761 SUSE bug 1035720 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. Moderate CVE-2008-0928 SUSE bug 362956 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. Important CVE-2008-1420 SUSE bug 372246 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. Important CVE-2008-1483 SUSE bug 1069509 SUSE bug 373527 SUSE bug 585630 SUSE bug 647633 SUSE bug 706386 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer. Critical CVE-2008-1686 SUSE bug 377602 SUSE bug 379098 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. Important CVE-2008-1945 SUSE bug 362956 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add. Moderate CVE-2008-1947 SUSE bug 396962 SUSE bug 427726 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. Moderate CVE-2008-2079 SUSE bug 387746 SUSE bug 425079 SUSE bug 497546 SUSE bug 557669 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. Moderate CVE-2008-2382 SUSE bug 461565 SUSE bug 464142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. Moderate CVE-2008-2938 SUSE bug 417217 SUSE bug 427726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. Moderate CVE-2008-3522 SUSE bug 1178702 SUSE bug 392410 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance. Moderate CVE-2008-3825 SUSE bug 425861 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. Critical CVE-2008-3915 SUSE bug 423515 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. Important CVE-2008-4225 SUSE bug 445677 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. Critical CVE-2008-4226 SUSE bug 441368 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. Moderate CVE-2008-4316 SUSE bug 382708 SUSE bug 449927 SUSE bug 475541 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. Moderate CVE-2008-4409 SUSE bug 432486 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. Important CVE-2008-4539 SUSE bug 435135 SUSE bug 448551 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). Moderate CVE-2008-4989 SUSE bug 392947 SUSE bug 441856 SUSE bug 467911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. Moderate CVE-2008-5077 SUSE bug 459468 SUSE bug 465675 SUSE bug 465676 SUSE bug 468866 SUSE bug 470968 SUSE bug 475108 SUSE bug 552497 SUSE bug 629905 SUSE bug 708266 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. Important CVE-2008-5079 SUSE bug 450417 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers. Moderate CVE-2008-5519 SUSE bug 493575 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." Low CVE-2008-5913 SUSE bug 468762 SUSE bug 603356 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. Moderate CVE-2008-7247 SUSE bug 557669 SUSE bug 604528 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow. Moderate CVE-2009-0023 SUSE bug 510301 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. Moderate CVE-2009-0035 SUSE bug 533396 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check. Important CVE-2009-0036 SUSE bug 1085554 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. Moderate CVE-2009-0037 SUSE bug 475103 SUSE bug 527990 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. Moderate CVE-2009-0040 SUSE bug 472745 SUSE bug 478625 SUSE bug 608040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. Moderate CVE-2009-0159 SUSE bug 484653 SUSE bug 501632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. Moderate CVE-2009-0163 SUSE bug 485895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow. Critical CVE-2009-0186 SUSE bug 481769 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. Moderate CVE-2009-0269 SUSE bug 470942 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair. Moderate CVE-2009-0316 SUSE bug 470100 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. Moderate CVE-2009-0322 SUSE bug 470943 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. Moderate CVE-2009-0368 SUSE bug 480262 SUSE bug 548555 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. Moderate CVE-2009-0590 SUSE bug 459468 SUSE bug 489641 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. Moderate CVE-2009-0591 SUSE bug 489641 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. Important CVE-2009-0652 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. Moderate CVE-2009-0688 SUSE bug 499104 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. Important CVE-2009-0696 SUSE bug 526185 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. Moderate CVE-2009-0758 SUSE bug 480865 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. Critical CVE-2009-0771 SUSE bug 478625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. Critical CVE-2009-0772 SUSE bug 478625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. Critical CVE-2009-0773 SUSE bug 478625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. Critical CVE-2009-0774 SUSE bug 478625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. Critical CVE-2009-0775 SUSE bug 478625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. Important CVE-2009-0776 SUSE bug 465291 SUSE bug 478625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. Moderate CVE-2009-0777 SUSE bug 478625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. Important CVE-2009-0789 SUSE bug 459468 SUSE bug 489641 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. Moderate CVE-2009-0790 SUSE bug 487762 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." Moderate CVE-2009-0793 SUSE bug 490610 SUSE bug 521512 SUSE bug 521513 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. Moderate CVE-2009-0799 SUSE bug 487100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Important CVE-2009-0800 SUSE bug 487100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. Moderate CVE-2009-0844 SUSE bug 486722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. Important CVE-2009-0845 SUSE bug 485894 SUSE bug 486722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. Critical CVE-2009-0846 SUSE bug 486723 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. Important CVE-2009-0847 SUSE bug 486722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. Moderate CVE-2009-0945 SUSE bug 512559 SUSE bug 515124 SUSE bug 541632 SUSE bug 601349 SUSE bug 644114 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Moderate CVE-2009-0946 SUSE bug 485889 SUSE bug 496289 SUSE bug 541626 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Important CVE-2009-1044 SUSE bug 465291 SUSE bug 488955 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. Moderate CVE-2009-1046 SUSE bug 478699 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. Moderate CVE-2009-1169 SUSE bug 488955 SUSE bug 509766 SUSE bug 510964 SUSE bug 515951 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. Important CVE-2009-1179 SUSE bug 487100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. Important CVE-2009-1180 SUSE bug 487100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. Moderate CVE-2009-1181 SUSE bug 487100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Important CVE-2009-1182 SUSE bug 487100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. Moderate CVE-2009-1183 SUSE bug 487100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). Moderate CVE-2009-1187 SUSE bug 487100 SUSE bug 508153 SUSE bug 508154 SUSE bug 539875 SUSE bug 566697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. Moderate CVE-2009-1188 SUSE bug 487100 SUSE bug 508153 SUSE bug 508154 SUSE bug 539875 SUSE bug 546400 SUSE bug 566697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. Moderate CVE-2009-1191 SUSE bug 521943 SUSE bug 539571 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. Moderate CVE-2009-1195 SUSE bug 512583 SUSE bug 513080 SUSE bug 539571 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. Moderate CVE-2009-1210 SUSE bug 491449 SUSE bug 493584 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. Moderate CVE-2009-1252 SUSE bug 501632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. Moderate CVE-2009-1267 SUSE bug 493584 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. Low CVE-2009-1268 SUSE bug 493584 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file. Low CVE-2009-1269 SUSE bug 493584 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames. Moderate CVE-2009-1273 SUSE bug 492764 SUSE bug 507729 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. Critical CVE-2009-1302 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. Critical CVE-2009-1303 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. Critical CVE-2009-1304 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. Critical CVE-2009-1305 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. Moderate CVE-2009-1306 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. Important CVE-2009-1307 SUSE bug 495473 SUSE bug 515951 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. Moderate CVE-2009-1308 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. Moderate CVE-2009-1309 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. Low CVE-2009-1310 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. Moderate CVE-2009-1311 SUSE bug 465291 SUSE bug 495473 SUSE bug 515951 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. Moderate CVE-2009-1312 SUSE bug 495473 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. Important CVE-2009-1313 SUSE bug 500909 SUSE bug 502062 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." Moderate CVE-2009-1377 SUSE bug 459468 SUSE bug 504687 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." Moderate CVE-2009-1378 SUSE bug 459468 SUSE bug 504687 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. Moderate CVE-2009-1379 SUSE bug 459468 SUSE bug 504687 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. Low CVE-2009-1384 SUSE bug 507729 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. Moderate CVE-2009-1386 SUSE bug 459468 SUSE bug 509031 SUSE bug 515659 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." Moderate CVE-2009-1387 SUSE bug 459468 SUSE bug 509031 SUSE bug 515659 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. Moderate CVE-2009-1415 SUSE bug 497886 SUSE bug 505494 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Critical CVE-2009-1563 SUSE bug 522109 SUSE bug 545277 SUSE bug 546371 SUSE bug 557126 SUSE bug 557127 SUSE bug 557128 SUSE bug 557671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information. Moderate CVE-2009-1720 SUSE bug 527538 SUSE bug 527539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. Moderate CVE-2009-1721 SUSE bug 527538 SUSE bug 527539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework. Moderate CVE-2009-1885 SUSE bug 530708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename. Critical CVE-2009-1886 SUSE bug 513360 SUSE bug 515479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. Low CVE-2009-1888 SUSE bug 513360 SUSE bug 515479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Moderate CVE-2009-1890 SUSE bug 519194 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). Moderate CVE-2009-1891 SUSE bug 521906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests. Moderate CVE-2009-1892 SUSE bug 519413 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. Moderate CVE-2009-1955 SUSE bug 509825 SUSE bug 510301 SUSE bug 529591 SUSE bug 992541 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. Moderate CVE-2009-1956 SUSE bug 510301 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Moderate CVE-2009-2285 SUSE bug 518698 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. Moderate CVE-2009-2347 SUSE bug 519796 SUSE bug 616827 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Moderate CVE-2009-2412 SUSE bug 528714 SUSE bug 529591 SUSE bug 802057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Moderate CVE-2009-2417 SUSE bug 527990 SUSE bug 528372 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. Moderate CVE-2009-2470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. Moderate CVE-2009-2473 SUSE bug 528370 SUSE bug 532345 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Moderate CVE-2009-2474 SUSE bug 528370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. Moderate CVE-2009-2624 SUSE bug 570331 SUSE bug 588113 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. Important CVE-2009-2625 SUSE bug 525562 SUSE bug 530717 SUSE bug 534025 SUSE bug 534721 SUSE bug 537969 SUSE bug 540945 SUSE bug 548655 SUSE bug 550664 SUSE bug 553220 SUSE bug 558892 SUSE bug 581162 SUSE bug 581765 SUSE bug 610080 SUSE bug 611931 SUSE bug 611932 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. Moderate CVE-2009-2654 SUSE bug 527489 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Moderate CVE-2009-2666 SUSE bug 528746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs. Moderate CVE-2009-2699 SUSE bug 1078450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. Moderate CVE-2009-2813 SUSE bug 515479 SUSE bug 539517 SUSE bug 543115 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. Moderate CVE-2009-2820 SUSE bug 548317 SUSE bug 551563 SUSE bug 574336 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet. Moderate CVE-2009-2906 SUSE bug 515479 SUSE bug 543115 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. Moderate CVE-2009-2911 SUSE bug 548361 SUSE bug 574243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option. Low CVE-2009-2948 SUSE bug 515479 SUSE bug 542150 SUSE bug 543115 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3069 SUSE bug 534458 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2009-3070 SUSE bug 534458 SUSE bug 538290 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2009-3071 SUSE bug 534458 SUSE bug 538290 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. Critical CVE-2009-3072 SUSE bug 534458 SUSE bug 538290 SUSE bug 590499 SUSE bug 607935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3073 SUSE bug 534458 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2009-3074 SUSE bug 538290 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. Moderate CVE-2009-3075 SUSE bug 534458 SUSE bug 538290 SUSE bug 590499 SUSE bug 607935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." Critical CVE-2009-3077 SUSE bug 534458 SUSE bug 538290 SUSE bug 590499 SUSE bug 607935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. Moderate CVE-2009-3078 SUSE bug 534458 SUSE bug 538290 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. Moderate CVE-2009-3079 SUSE bug 534458 SUSE bug 538290 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Moderate CVE-2009-3094 SUSE bug 538322 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Moderate CVE-2009-3095 SUSE bug 538322 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. Moderate CVE-2009-3241 SUSE bug 541654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. Moderate CVE-2009-3242 SUSE bug 541659 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. Moderate CVE-2009-3243 SUSE bug 541655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. Important CVE-2009-3274 SUSE bug 522109 SUSE bug 534458 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request. Moderate CVE-2009-3295 SUSE bug 561347 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. Low CVE-2009-3297 SUSE bug 550002 SUSE bug 550003 SUSE bug 550004 SUSE bug 577925 SUSE bug 583535 SUSE bug 583536 SUSE bug 594263 SUSE bug 620680 SUSE bug 651598 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. Moderate CVE-2009-3370 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. Critical CVE-2009-3371 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. Moderate CVE-2009-3372 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2009-3373 SUSE bug 522109 SUSE bug 545277 SUSE bug 557686 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." Critical CVE-2009-3374 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. Moderate CVE-2009-3375 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. Low CVE-2009-3376 SUSE bug 522109 SUSE bug 545277 SUSE bug 590499 SUSE bug 607935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3377 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. Critical CVE-2009-3378 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. Moderate CVE-2009-3379 SUSE bug 522109 SUSE bug 545277 SUSE bug 608192 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2009-3380 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3381 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3383 SUSE bug 522109 SUSE bug 545277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." Critical CVE-2009-3388 SUSE bug 559807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. Critical CVE-2009-3389 SUSE bug 559807 SUSE bug 581722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Moderate CVE-2009-3553 SUSE bug 554861 SUSE bug 574336 SUSE bug 578215 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Moderate CVE-2009-3555 SUSE bug 1077582 SUSE bug 459468 SUSE bug 552497 SUSE bug 553641 SUSE bug 554069 SUSE bug 554084 SUSE bug 554085 SUSE bug 555177 SUSE bug 557168 SUSE bug 564507 SUSE bug 566041 SUSE bug 584292 SUSE bug 586567 SUSE bug 588996 SUSE bug 590826 SUSE bug 592589 SUSE bug 594415 SUSE bug 604782 SUSE bug 614753 SUSE bug 622073 SUSE bug 623905 SUSE bug 629905 SUSE bug 642531 SUSE bug 646073 SUSE bug 646906 SUSE bug 648140 SUSE bug 648950 SUSE bug 659926 SUSE bug 670152 SUSE bug 704832 SUSE bug 728876 SUSE bug 729181 SUSE bug 753357 SUSE bug 791794 SUSE bug 799454 SUSE bug 815621 SUSE bug 979060 SUSE bug 986238 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. Moderate CVE-2009-3560 SUSE bug 550666 SUSE bug 558892 SUSE bug 561561 SUSE bug 581162 SUSE bug 581765 SUSE bug 611931 SUSE bug 694595 SUSE bug 725950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Critical CVE-2009-3607 SUSE bug 546393 SUSE bug 566697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Moderate CVE-2009-3608 SUSE bug 543090 SUSE bug 543410 SUSE bug 546400 SUSE bug 546404 SUSE bug 556049 SUSE bug 566697 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. Moderate CVE-2009-3612 SUSE bug 536467 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. Moderate CVE-2009-3627 SUSE bug 550076 SUSE bug 585716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode." Moderate CVE-2009-3700 SUSE bug 550930 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. Moderate CVE-2009-3720 SUSE bug 534721 SUSE bug 550664 SUSE bug 550666 SUSE bug 558892 SUSE bug 561561 SUSE bug 581162 SUSE bug 581765 SUSE bug 611931 SUSE bug 725950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. Moderate CVE-2009-3736 SUSE bug 556122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL. Moderate CVE-2009-3826 SUSE bug 550930 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory. Moderate CVE-2009-3894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. Moderate CVE-2009-3939 SUSE bug 555173 SUSE bug 557180 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3979 SUSE bug 559807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3980 SUSE bug 559807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2009-3982 SUSE bug 559807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. Moderate CVE-2009-3983 SUSE bug 559807 SUSE bug 590499 SUSE bug 607935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. Moderate CVE-2009-3984 SUSE bug 559807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. Moderate CVE-2009-3985 SUSE bug 559807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c. NOTE: some of these details are obtained from third party information. Moderate CVE-2009-4012 SUSE bug 569615 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement. Low CVE-2009-4019 SUSE bug 557669 SUSE bug 604528 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438. Important CVE-2009-4022 SUSE bug 558260 SUSE bug 570912 SUSE bug 644911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch." Important CVE-2009-4026 SUSE bug 558267 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. Important CVE-2009-4027 SUSE bug 558267 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. Moderate CVE-2009-4028 SUSE bug 557669 SUSE bug 604528 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. Low CVE-2009-4029 SUSE bug 559815 SUSE bug 770618 SUSE bug 786745 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. Low CVE-2009-4030 SUSE bug 557669 SUSE bug 604528 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Low CVE-2009-4034 SUSE bug 564710 SUSE bug 603968 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. Moderate CVE-2009-4067 SUSE bug 706375 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. Important CVE-2009-4131 SUSE bug 561018 SUSE bug 564380 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. Moderate CVE-2009-4136 SUSE bug 564360 SUSE bug 603969 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. Moderate CVE-2009-4138 SUSE bug 564712 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. Critical CVE-2009-4212 SUSE bug 561351 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. Important CVE-2009-4273 SUSE bug 574243 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. Moderate CVE-2009-4308 SUSE bug 564382 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Moderate CVE-2009-4492 SUSE bug 570616 SUSE bug 580482 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. Important CVE-2009-4536 SUSE bug 567376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. Important CVE-2009-4538 SUSE bug 567376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. Moderate CVE-2009-5029 SUSE bug 735850 SUSE bug 736174 SUSE bug 759836 SUSE bug 826666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. Moderate CVE-2009-5044 SUSE bug 698290 SUSE bug 703666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. Low CVE-2009-5080 SUSE bug 703665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. Low CVE-2009-5081 SUSE bug 703666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. Low CVE-2009-5147 SUSE bug 939860 SUSE bug 959495 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. Moderate CVE-2009-5155 SUSE bug 1127223 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. Important CVE-2010-0001 SUSE bug 570331 SUSE bug 588113 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. Critical CVE-2010-0164 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. Critical CVE-2010-0165 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. Moderate CVE-2010-0166 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. Critical CVE-2010-0167 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. Important CVE-2010-0168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. Moderate CVE-2010-0169 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. Moderate CVE-2010-0170 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. Moderate CVE-2010-0171 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. Moderate CVE-2010-0172 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2010-0173 SUSE bug 586567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2010-0174 SUSE bug 586567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." Critical CVE-2010-0176 SUSE bug 586567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." Critical CVE-2010-0177 SUSE bug 586567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. Critical CVE-2010-0178 SUSE bug 586567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. Moderate CVE-2010-0181 SUSE bug 586567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. Moderate CVE-2010-0182 SUSE bug 586567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. Important CVE-2010-0283 SUSE bug 571781 SUSE bug 576524 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. Moderate CVE-2010-0393 SUSE bug 574336 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. Moderate CVE-2010-0405 SUSE bug 636978 SUSE bug 646682 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled. Moderate CVE-2010-0407 SUSE bug 609317 SUSE bug 641823 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. Moderate CVE-2010-0408 SUSE bug 586572 SUSE bug 601151 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. Moderate CVE-2010-0411 SUSE bug 574243 SUSE bug 577382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273. Important CVE-2010-0412 SUSE bug 574243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. Moderate CVE-2010-0424 SUSE bug 579447 SUSE bug 580800 SUSE bug 589640 SUSE bug 590353 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." Critical CVE-2010-0425 SUSE bug 1078450 SUSE bug 586572 SUSE bug 601151 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Low CVE-2010-0434 SUSE bug 586572 SUSE bug 601151 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. Moderate CVE-2010-0540 SUSE bug 601830 SUSE bug 671735 SUSE bug 680210 SUSE bug 680212 SUSE bug 700987 SUSE bug 711490 SUSE bug 715643 SUSE bug 748422 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. Moderate CVE-2010-0541 SUSE bug 600752 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. Moderate CVE-2010-0542 SUSE bug 601352 SUSE bug 644521 SUSE bug 657780 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. Moderate CVE-2010-0547 SUSE bug 577868 SUSE bug 577925 SUSE bug 583535 SUSE bug 583536 SUSE bug 594263 SUSE bug 597421 SUSE bug 602694 SUSE bug 709819 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. Moderate CVE-2010-0624 SUSE bug 579475 SUSE bug 608034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token. Important CVE-2010-0628 SUSE bug 582557 SUSE bug 586981 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Moderate CVE-2010-0654 SUSE bug 583603 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. Important CVE-2010-0728 SUSE bug 586683 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. Moderate CVE-2010-0740 SUSE bug 590833 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. Moderate CVE-2010-0742 SUSE bug 610642 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. Moderate CVE-2010-0750 SUSE bug 593959 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. Moderate CVE-2010-0787 SUSE bug 550002 SUSE bug 602694 SUSE bug 620680 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. Moderate CVE-2010-0926 SUSE bug 1027147 SUSE bug 577868 SUSE bug 597421 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. Critical CVE-2010-1028 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. Critical CVE-2010-1121 SUSE bug 603356 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. Moderate CVE-2010-1125 SUSE bug 603356 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/. Moderate CVE-2010-1146 SUSE bug 593906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. Moderate CVE-2010-1163 SUSE bug 594738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list. Moderate CVE-2010-1167 SUSE bug 597673 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Perl code via a crafted script, related to the Safe module (aka Safe.pm) for Perl. NOTE: some sources report that this issue is the same as CVE-2010-1447. Moderate CVE-2010-1169 SUSE bug 605926 SUSE bug 648140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script. Moderate CVE-2010-1170 SUSE bug 605845 SUSE bug 605926 SUSE bug 634562 SUSE bug 648140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. Moderate CVE-2010-1172 SUSE bug 628607 SUSE bug 633621 SUSE bug 633622 SUSE bug 633623 SUSE bug 633629 SUSE bug 633637 SUSE bug 633639 SUSE bug 633648 SUSE bug 633652 SUSE bug 633653 SUSE bug 633654 SUSE bug 633658 SUSE bug 633660 SUSE bug 633678 SUSE bug 633679 SUSE bug 633681 SUSE bug 633682 SUSE bug 633685 SUSE bug 633686 SUSE bug 633700 SUSE bug 633701 SUSE bug 633702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. Critical CVE-2010-1196 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. Moderate CVE-2010-1197 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. Critical CVE-2010-1198 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Critical CVE-2010-1199 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2010-1200 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2010-1201 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2010-1202 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. Critical CVE-2010-1203 SUSE bug 603356 SUSE bug 617399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Important CVE-2010-1205 SUSE bug 1188284 SUSE bug 617866 SUSE bug 622506 SUSE bug 639941 SUSE bug 854395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. Moderate CVE-2010-1206 SUSE bug 618183 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. Moderate CVE-2010-1207 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. Critical CVE-2010-1208 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. Critical CVE-2010-1209 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. Moderate CVE-2010-1210 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2010-1211 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function. Critical CVE-2010-1212 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. Moderate CVE-2010-1213 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. Critical CVE-2010-1214 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope." Critical CVE-2010-1215 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. Important CVE-2010-1320 SUSE bug 596002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. Moderate CVE-2010-1321 SUSE bug 596826 SUSE bug 611090 SUSE bug 646073 SUSE bug 648950 SUSE bug 658525 SUSE bug 659926 SUSE bug 663953 SUSE bug 679560 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client. Moderate CVE-2010-1322 SUSE bug 640990 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. Moderate CVE-2010-1323 SUSE bug 650650 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key. Moderate CVE-2010-1324 SUSE bug 650650 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause an out-of-bounds write, as demonstrated by writing from an ext3 file system to a gfs2 file system. Important CVE-2010-1436 SUSE bug 599957 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. Moderate CVE-2010-1452 SUSE bug 627030 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. Moderate CVE-2010-1455 SUSE bug 603251 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. Moderate CVE-2010-1623 SUSE bug 650435 SUSE bug 693778 SUSE bug 725950 SUSE bug 997229 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information. Low CVE-2010-1633 SUSE bug 610642 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. Moderate CVE-2010-1635 SUSE bug 605935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. Moderate CVE-2010-1641 SUSE bug 608576 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request. Moderate CVE-2010-1642 SUSE bug 605935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. Moderate CVE-2010-1646 SUSE bug 594738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. Low CVE-2010-1674 SUSE bug 654270 SUSE bug 685558 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. Moderate CVE-2010-1675 SUSE bug 654270 SUSE bug 685558 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. Moderate CVE-2010-1748 SUSE bug 601352 SUSE bug 604271 SUSE bug 644521 SUSE bug 649256 SUSE bug 657780 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet. Important CVE-2010-2063 SUSE bug 611927 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. Moderate CVE-2010-2065 SUSE bug 612787 SUSE bug 612879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. Low CVE-2010-2066 SUSE bug 612457 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. Important CVE-2010-2067 SUSE bug 612787 SUSE bug 612879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. Moderate CVE-2010-2068 SUSE bug 627030 SUSE bug 627387 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Moderate CVE-2010-2074 SUSE bug 609451 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID. Moderate CVE-2010-2156 SUSE bug 612546 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input." Important CVE-2010-2233 SUSE bug 612879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. Important CVE-2010-2240 SUSE bug 1039348 SUSE bug 211997 SUSE bug 546062 SUSE bug 59807 SUSE bug 615929 SUSE bug 618152 SUSE bug 632737 SUSE bug 643986 SUSE bug 746947 SUSE bug 746949 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. Moderate CVE-2010-2242 SUSE bug 618155 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. Moderate CVE-2010-2244 SUSE bug 603289 SUSE bug 646961 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. Moderate CVE-2010-2252 SUSE bug 606317 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Important CVE-2010-2497 SUSE bug 619562 SUSE bug 635692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message. Moderate CVE-2010-2522 SUSE bug 424311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet. Moderate CVE-2010-2523 SUSE bug 424311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. Important CVE-2010-2529 SUSE bug 620837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature. Moderate CVE-2010-2547 SUSE bug 625947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Moderate CVE-2010-2640 SUSE bug 660555 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Moderate CVE-2010-2641 SUSE bug 660555 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Moderate CVE-2010-2642 SUSE bug 660555 SUSE bug 661018 SUSE bug 662411 SUSE bug 664484 SUSE bug 790421 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. Moderate CVE-2010-2643 SUSE bug 660555 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. Moderate CVE-2010-2751 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. Critical CVE-2010-2752 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. Critical CVE-2010-2753 SUSE bug 622506 SUSE bug 637303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Moderate CVE-2010-2754 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. Critical CVE-2010-2755 SUSE bug 622506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. Moderate CVE-2010-2760 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. Moderate CVE-2010-2761 SUSE bug 657343 SUSE bug 657731 SUSE bug 663396 SUSE bug 669245 SUSE bug 670476 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. Critical CVE-2010-2762 SUSE bug 637303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. Moderate CVE-2010-2764 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. Moderate CVE-2010-2765 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. Moderate CVE-2010-2766 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." Moderate CVE-2010-2767 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. Moderate CVE-2010-2768 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. Moderate CVE-2010-2769 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library. Moderate CVE-2010-2800 SUSE bug 627753 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library. Moderate CVE-2010-2801 SUSE bug 627753 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Moderate CVE-2010-2805 SUSE bug 629447 SUSE bug 635692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters. Moderate CVE-2010-2891 SUSE bug 649867 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. Moderate CVE-2010-2939 SUSE bug 489641 SUSE bug 629905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. Important CVE-2010-2941 SUSE bug 649256 SUSE bug 654627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. Moderate CVE-2010-2942 SUSE bug 632309 SUSE bug 642324 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields. Important CVE-2010-2947 SUSE bug 631582 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. Moderate CVE-2010-2954 SUSE bug 636112 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. Moderate CVE-2010-2955 SUSE bug 635413 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. Moderate CVE-2010-2993 SUSE bug 630599 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. Moderate CVE-2010-3053 SUSE bug 633938 SUSE bug 635692 SUSE bug 645982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. Moderate CVE-2010-3054 SUSE bug 633943 SUSE bug 635692 SUSE bug 645982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share. Critical CVE-2010-3069 SUSE bug 637218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010. Important CVE-2010-3081 SUSE bug 639709 SUSE bug 641575 SUSE bug 871595 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. Moderate CVE-2010-3166 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." Moderate CVE-2010-3167 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. Moderate CVE-2010-3168 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2010-3169 SUSE bug 637303 SUSE bug 638109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Moderate CVE-2010-3170 SUSE bug 637290 SUSE bug 645315 SUSE bug 652858 SUSE bug 868629 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Moderate CVE-2010-3173 SUSE bug 645315 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2010-3174 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2010-3175 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2010-3176 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. Moderate CVE-2010-3177 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. Moderate CVE-2010-3178 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. Critical CVE-2010-3179 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. Critical CVE-2010-3180 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Moderate CVE-2010-3182 SUSE bug 642502 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. Critical CVE-2010-3183 SUSE bug 645315 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call. Moderate CVE-2010-3296 SUSE bug 639481 SUSE bug 649187 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. Moderate CVE-2010-3297 SUSE bug 639482 SUSE bug 649187 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. Moderate CVE-2010-3298 SUSE bug 639483 SUSE bug 649187 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression. Important CVE-2010-3301 SUSE bug 639708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. Important CVE-2010-3310 SUSE bug 640721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. Important CVE-2010-3311 SUSE bug 635692 SUSE bug 641580 SUSE bug 645982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. Moderate CVE-2010-3430 SUSE bug 623457 SUSE bug 631802 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435. Moderate CVE-2010-3431 SUSE bug 623457 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447. Moderate CVE-2010-3433 SUSE bug 643771 SUSE bug 648140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP. Moderate CVE-2010-3445 SUSE bug 643078 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information. Moderate CVE-2010-3609 SUSE bug 642571 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. Moderate CVE-2010-3611 SUSE bug 650902 SUSE bug 667655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. Important CVE-2010-3613 SUSE bug 657129 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. Moderate CVE-2010-3614 SUSE bug 657102 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. Important CVE-2010-3615 SUSE bug 657120 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520. Moderate CVE-2010-3616 SUSE bug 659059 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. Critical CVE-2010-3765 SUSE bug 649492 SUSE bug 652858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. Moderate CVE-2010-3814 SUSE bug 647375 SUSE bug 689174 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. Moderate CVE-2010-3853 SUSE bug 647958 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. Moderate CVE-2010-3855 SUSE bug 647375 SUSE bug 689174 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. Important CVE-2010-3864 SUSE bug 629905 SUSE bug 651003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Moderate CVE-2010-4000 SUSE bug 642827 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. Moderate CVE-2010-4020 SUSE bug 650650 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." Moderate CVE-2010-4021 SUSE bug 650650 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. Moderate CVE-2010-4022 SUSE bug 662665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. Important CVE-2010-4170 SUSE bug 1085465 SUSE bug 654201 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules). Low CVE-2010-4171 SUSE bug 1085472 SUSE bug 654201 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value. Moderate CVE-2010-4267 SUSE bug 336658 SUSE bug 808355 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption. Moderate CVE-2010-4300 SUSE bug 655448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes. Moderate CVE-2010-4301 SUSE bug 655448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet. Moderate CVE-2010-4341 SUSE bug 660481 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants. Moderate CVE-2010-4352 SUSE bug 659934 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. Moderate CVE-2010-4410 SUSE bug 657343 SUSE bug 660127 SUSE bug 663396 SUSE bug 670476 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. Moderate CVE-2010-4411 SUSE bug 657343 SUSE bug 657731 SUSE bug 663396 SUSE bug 669245 SUSE bug 670476 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Moderate CVE-2010-4494 SUSE bug 1123919 SUSE bug 661471 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. Moderate CVE-2010-4523 SUSE bug 660109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. Moderate CVE-2010-4530 SUSE bug 661000 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value. Moderate CVE-2010-4531 SUSE bug 661000 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. Moderate CVE-2010-4538 SUSE bug 662029 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. Moderate CVE-2010-4651 SUSE bug 1093615 SUSE bug 1101128 SUSE bug 662957 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. Moderate CVE-2010-4665 SUSE bug 687442 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. Moderate CVE-2010-4777 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. Moderate CVE-2010-5298 SUSE bug 873351 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group. Low CVE-2010-5328 SUSE bug 1021109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value. Moderate CVE-2010-5329 SUSE bug 1035719 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. Moderate CVE-2011-0010 SUSE bug 663881 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." Moderate CVE-2011-0014 SUSE bug 670526 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. Moderate CVE-2011-0020 SUSE bug 666101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. Moderate CVE-2011-0024 SUSE bug 683335 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. Moderate CVE-2011-0064 SUSE bug 666101 SUSE bug 672502 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Low CVE-2011-0068 SUSE bug 689281 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. Moderate CVE-2011-0069 SUSE bug 689281 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. Critical CVE-2011-0070 SUSE bug 689281 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors. Critical CVE-2011-0079 SUSE bug 689281 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-0080 SUSE bug 689281 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-0081 SUSE bug 689281 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." Important CVE-2011-0084 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. Important CVE-2011-0192 SUSE bug 672510 SUSE bug 682053 SUSE bug 682871 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. Moderate CVE-2011-0226 SUSE bug 704612 SUSE bug 728044 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. Moderate CVE-2011-0281 SUSE bug 663619 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. Important CVE-2011-0282 SUSE bug 663619 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data. Moderate CVE-2011-0284 SUSE bug 671717 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition. Moderate CVE-2011-0285 SUSE bug 687469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address. Moderate CVE-2011-0413 SUSE bug 667655 SUSE bug 680298 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. Important CVE-2011-0414 SUSE bug 674431 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Moderate CVE-2011-0419 SUSE bug 693778 SUSE bug 700212 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. Moderate CVE-2011-0421 SUSE bug 681193 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. Moderate CVE-2011-0460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. Moderate CVE-2011-0461 SUSE bug 665479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. Important CVE-2011-0465 SUSE bug 674733 SUSE bug 688931 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. Moderate CVE-2011-0523 SUSE bug 666839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function. Moderate CVE-2011-0524 SUSE bug 666839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. Moderate CVE-2011-0538 SUSE bug 669908 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. Moderate CVE-2011-0541 SUSE bug 668820 SUSE bug 685055 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message. Moderate CVE-2011-0707 SUSE bug 671745 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. Moderate CVE-2011-0712 SUSE bug 672499 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. Moderate CVE-2011-0713 SUSE bug 672916 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd. Moderate CVE-2011-0719 SUSE bug 670431 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions. Important CVE-2011-0904 SUSE bug 690238 SUSE bug 691207 SUSE bug 691356 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation. Low CVE-2011-0905 SUSE bug 690238 SUSE bug 691207 SUSE bug 691356 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. Important CVE-2011-0997 SUSE bug 675052 SUSE bug 689182 SUSE bug 708527 SUSE bug 715172 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. Moderate CVE-2011-1002 SUSE bug 671797 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack. Moderate CVE-2011-1004 SUSE bug 673740 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. Moderate CVE-2011-1005 SUSE bug 673750 SUSE bug 783511 SUSE bug 783525 SUSE bug 880899 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. Important CVE-2011-1006 SUSE bug 675506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. Important CVE-2011-1018 SUSE bug 674984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. Moderate CVE-2011-1020 SUSE bug 674982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. Moderate CVE-2011-1022 SUSE bug 675048 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. Moderate CVE-2011-1097 SUSE bug 684387 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. Moderate CVE-2011-1098 SUSE bug 1007000 SUSE bug 1136195 SUSE bug 677335 SUSE bug 677336 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. Moderate CVE-2011-1138 SUSE bug 678567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. Moderate CVE-2011-1139 SUSE bug 678568 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. Moderate CVE-2011-1140 SUSE bug 678569 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. Moderate CVE-2011-1143 SUSE bug 678571 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. Moderate CVE-2011-1145 SUSE bug 678796 SUSE bug 764737 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. Moderate CVE-2011-1146 SUSE bug 678406 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. Moderate CVE-2011-1154 SUSE bug 677335 SUSE bug 679661 SUSE bug 681984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. Moderate CVE-2011-1155 SUSE bug 677335 SUSE bug 679662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks. Moderate CVE-2011-1164 SUSE bug 680072 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value. Moderate CVE-2011-1167 SUSE bug 683337 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. Moderate CVE-2011-1176 SUSE bug 681176 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Moderate CVE-2011-1187 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. Low CVE-2011-1202 SUSE bug 689281 SUSE bug 692619 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. Moderate CVE-2011-1485 SUSE bug 1032717 SUSE bug 688788 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. Important CVE-2011-1493 SUSE bug 681175 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. Moderate CVE-2011-1521 SUSE bug 682554 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. Moderate CVE-2011-1526 SUSE bug 698471 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions. Important CVE-2011-1527 SUSE bug 719393 SUSE bug 743742 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151. Important CVE-2011-1528 SUSE bug 719393 SUSE bug 743742 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. Important CVE-2011-1529 SUSE bug 719393 SUSE bug 743742 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error. Moderate CVE-2011-1530 SUSE bug 730393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. Moderate CVE-2011-1577 SUSE bug 687113 SUSE bug 692784 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. Moderate CVE-2011-1585 SUSE bug 687812 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. Moderate CVE-2011-1590 SUSE bug 688109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. Moderate CVE-2011-1591 SUSE bug 688109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. Moderate CVE-2011-1592 SUSE bug 688109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. Moderate CVE-2011-1709 SUSE bug 694858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. Moderate CVE-2011-1758 SUSE bug 691135 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information. Moderate CVE-2011-1761 SUSE bug 691137 SUSE bug 710726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call. Important CVE-2011-1831 SUSE bug 709771 SUSE bug 711539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. Important CVE-2011-1832 SUSE bug 709771 SUSE bug 711539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. Moderate CVE-2011-1833 SUSE bug 709771 SUSE bug 711539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call. Important CVE-2011-1834 SUSE bug 709771 SUSE bug 711539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. Important CVE-2011-1835 SUSE bug 709771 SUSE bug 711539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. Moderate CVE-2011-1836 SUSE bug 709771 SUSE bug 711539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors. Important CVE-2011-1837 SUSE bug 709771 SUSE bug 711539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." Important CVE-2011-1898 SUSE bug 702025 SUSE bug 724906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query. Moderate CVE-2011-1907 SUSE bug 692210 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. Important CVE-2011-1910 SUSE bug 696585 SUSE bug 698286 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. Low CVE-2011-1928 SUSE bug 693778 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. Moderate CVE-2011-1944 SUSE bug 1123919 SUSE bug 697372 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts. Important CVE-2011-1946 SUSE bug 695627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets. Moderate CVE-2011-1947 SUSE bug 697368 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. Moderate CVE-2011-1957 SUSE bug 697516 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. Moderate CVE-2011-1958 SUSE bug 697516 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. Moderate CVE-2011-1959 SUSE bug 697516 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. Important CVE-2011-2054 SUSE bug 709167 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. Moderate CVE-2011-2174 SUSE bug 697516 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. Moderate CVE-2011-2175 SUSE bug 697516 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2011-2186 SUSE bug 698456 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. Moderate CVE-2011-2199 SUSE bug 699714 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. Moderate CVE-2011-2203 SUSE bug 699709 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Moderate CVE-2011-2366 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors. Moderate CVE-2011-2367 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Critical CVE-2011-2368 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. Moderate CVE-2011-2369 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. Moderate CVE-2011-2370 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. Critical CVE-2011-2371 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Critical CVE-2011-2372 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. Critical CVE-2011-2373 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-2374 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-2375 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. Critical CVE-2011-2377 SUSE bug 701296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. Moderate CVE-2011-2464 SUSE bug 703907 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. Moderate CVE-2011-2483 SUSE bug 700876 SUSE bug 701489 SUSE bug 701491 SUSE bug 713727 SUSE bug 738221 SUSE bug 749299 SUSE bug 749301 SUSE bug 749303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. Moderate CVE-2011-2485 SUSE bug 702028 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line. Important CVE-2011-2489 SUSE bug 698772 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes. Important CVE-2011-2490 SUSE bug 698772 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. Moderate CVE-2011-2501 SUSE bug 702578 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. Moderate CVE-2011-2511 SUSE bug 703084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. Moderate CVE-2011-2522 SUSE bug 705241 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. Moderate CVE-2011-2597 SUSE bug 706728 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. Moderate CVE-2011-2690 SUSE bug 706387 SUSE bug 706388 SUSE bug 854395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. Moderate CVE-2011-2691 SUSE bug 706388 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. Moderate CVE-2011-2692 SUSE bug 706389 SUSE bug 854395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). Moderate CVE-2011-2694 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. Moderate CVE-2011-2696 SUSE bug 705681 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. Moderate CVE-2011-2697 SUSE bug 59233 SUSE bug 698451 SUSE bug 704608 SUSE bug 852368 SUSE bug 957531 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. Moderate CVE-2011-2698 SUSE bug 706728 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. Moderate CVE-2011-2707 SUSE bug 707337 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs. Moderate CVE-2011-2709 SUSE bug 694598 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. Moderate CVE-2011-2721 SUSE bug 708263 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. Low CVE-2011-2722 SUSE bug 59233 SUSE bug 698451 SUSE bug 704608 SUSE bug 713717 SUSE bug 808355 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. Moderate CVE-2011-2729 SUSE bug 715656 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. Moderate CVE-2011-2748 SUSE bug 712653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. Important CVE-2011-2749 SUSE bug 712653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. Moderate CVE-2011-2895 SUSE bug 709851 SUSE bug 711487 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-2985 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. Moderate CVE-2011-2986 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. Critical CVE-2011-2988 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Critical CVE-2011-2989 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. Moderate CVE-2011-2990 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Critical CVE-2011-2991 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Critical CVE-2011-2992 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. Critical CVE-2011-2993 SUSE bug 712224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-2995 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-2996 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-2997 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. Critical CVE-2011-3000 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. Moderate CVE-2011-3001 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. Critical CVE-2011-3002 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. Critical CVE-2011-3003 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. Critical CVE-2011-3004 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. Critical CVE-2011-3005 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Important CVE-2011-3026 SUSE bug 747311 SUSE bug 747327 SUSE bug 747328 SUSE bug 773612 SUSE bug 854395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. Moderate CVE-2011-3045 SUSE bug 752008 SUSE bug 754456 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. Moderate CVE-2011-3048 SUSE bug 754745 SUSE bug 854395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. Moderate CVE-2011-3062 SUSE bug 754458 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products. Critical CVE-2011-3101 SUSE bug 762481 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. Moderate CVE-2011-3146 SUSE bug 714980 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. Moderate CVE-2011-3148 SUSE bug 724480 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). Low CVE-2011-3149 SUSE bug 724480 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. Critical CVE-2011-3172 SUSE bug 1149683 SUSE bug 707645 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks. Low CVE-2011-3177 SUSE bug 713661 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Important CVE-2011-3192 SUSE bug 713966 SUSE bug 714306 SUSE bug 716634 SUSE bug 718106 SUSE bug 722545 SUSE bug 726139 SUSE bug 732051 SUSE bug 983778 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Moderate CVE-2011-3193 SUSE bug 714984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message. Moderate CVE-2011-3200 SUSE bug 714658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. Moderate CVE-2011-3207 SUSE bug 716143 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. Moderate CVE-2011-3210 SUSE bug 716144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. Critical CVE-2011-3232 SUSE bug 720264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. Moderate CVE-2011-3256 SUSE bug 728044 SUSE bug 730124 SUSE bug 748083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. Moderate CVE-2011-3266 SUSE bug 718032 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. Moderate CVE-2011-3328 SUSE bug 720017 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. Moderate CVE-2011-3360 SUSE bug 718032 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. Moderate CVE-2011-3368 SUSE bug 722545 SUSE bug 723308 SUSE bug 728876 SUSE bug 729181 SUSE bug 754831 SUSE bug 791794 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. Moderate CVE-2011-3389 SUSE bug 716002 SUSE bug 719047 SUSE bug 725167 SUSE bug 726096 SUSE bug 739248 SUSE bug 739256 SUSE bug 742306 SUSE bug 751718 SUSE bug 759666 SUSE bug 763598 SUSE bug 814655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. Moderate CVE-2011-3439 SUSE bug 730124 SUSE bug 748083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. Moderate CVE-2011-3464 SUSE bug 745029 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." Moderate CVE-2011-3483 SUSE bug 718032 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. Moderate CVE-2011-3563 SUSE bug 747208 SUSE bug 758470 SUSE bug 763805 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. NOTE: this CVE identifier was accidentally used for a Concurrency issue in Java Runtime Environment, but that issue has been reassigned to CVE-2012-0507. Critical CVE-2011-3571 SUSE bug 742115 SUSE bug 747208 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files. Low CVE-2011-3602 SUSE bug 721968 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. Moderate CVE-2011-3607 SUSE bug 728876 SUSE bug 729181 SUSE bug 729183 SUSE bug 806721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. Moderate CVE-2011-3627 SUSE bug 724856 SUSE bug 809945 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. Moderate CVE-2011-3630 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. Moderate CVE-2011-3631 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. Low CVE-2011-3632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." Moderate CVE-2011-3640 SUSE bug 726096 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. Moderate CVE-2011-3648 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. Moderate CVE-2011-3650 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2011-3651 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Critical CVE-2011-3652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Critical CVE-2011-3654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. Critical CVE-2011-3655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. Critical CVE-2011-3658 SUSE bug 737533 SUSE bug 746591 SUSE bug 750044 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Critical CVE-2011-3659 SUSE bug 744275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. Critical CVE-2011-3660 SUSE bug 737533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. Critical CVE-2011-3661 SUSE bug 737533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. Critical CVE-2011-3663 SUSE bug 737533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling. Moderate CVE-2011-3922 SUSE bug 739904 SUSE bug 740493 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Moderate CVE-2011-4108 SUSE bug 739719 SUSE bug 742821 SUSE bug 758060 SUSE bug 778825 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. Moderate CVE-2011-4128 SUSE bug 729486 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. Moderate CVE-2011-4182 SUSE bug 735394 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. Important CVE-2011-4313 SUSE bug 730995 SUSE bug 738156 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. Moderate CVE-2011-4317 SUSE bug 722545 SUSE bug 728876 SUSE bug 729181 SUSE bug 791794 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id. Moderate CVE-2011-4349 SUSE bug 698250 SUSE bug 732996 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories. Moderate CVE-2011-4405 SUSE bug 733542 SUSE bug 735322 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. Moderate CVE-2011-4539 SUSE bug 735610 SUSE bug 741239 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. Moderate CVE-2011-4576 SUSE bug 739719 SUSE bug 758060 SUSE bug 778825 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. Moderate CVE-2011-4577 SUSE bug 739719 SUSE bug 758060 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. Low CVE-2011-4600 SUSE bug 736082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Moderate CVE-2011-4619 SUSE bug 739719 SUSE bug 758060 SUSE bug 799454 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Important CVE-2011-4815 SUSE bug 739122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Important CVE-2011-4862 SUSE bug 738632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update. Moderate CVE-2011-4868 SUSE bug 741239 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Low CVE-2011-4944 SUSE bug 754447 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. Moderate CVE-2011-4971 SUSE bug 817781 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Moderate CVE-2011-5035 SUSE bug 747208 SUSE bug 757762 SUSE bug 758470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. Moderate CVE-2012-0021 SUSE bug 1078450 SUSE bug 743744 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. Moderate CVE-2012-0027 SUSE bug 739719 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. Important CVE-2012-0029 SUSE bug 740165 SUSE bug 747331 SUSE bug 757537 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Moderate CVE-2012-0031 SUSE bug 741243 SUSE bug 806721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. Moderate CVE-2012-0035 SUSE bug 740447 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. Moderate CVE-2012-0037 SUSE bug 37195 SUSE bug 734781 SUSE bug 740453 SUSE bug 745298 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. Important CVE-2012-0050 SUSE bug 739719 SUSE bug 742821 SUSE bug 758060 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Moderate CVE-2012-0053 SUSE bug 743743 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. Important CVE-2012-0056 SUSE bug 1171985 SUSE bug 742028 SUSE bug 742279 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. Important CVE-2012-0217 SUSE bug 757537 SUSE bug 764077 SUSE bug 785429 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. Moderate CVE-2012-0247 SUSE bug 746880 SUSE bug 752879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. Moderate CVE-2012-0248 SUSE bug 746880 SUSE bug 752879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. Moderate CVE-2012-0390 SUSE bug 739898 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. Moderate CVE-2012-0441 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2012-0442 SUSE bug 744275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2012-0443 SUSE bug 744275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. Moderate CVE-2012-0444 SUSE bug 744275 SUSE bug 747912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. Moderate CVE-2012-0445 SUSE bug 744275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. Moderate CVE-2012-0446 SUSE bug 744275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. Moderate CVE-2012-0447 SUSE bug 744275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. Critical CVE-2012-0449 SUSE bug 744275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. Moderate CVE-2012-0451 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. Important CVE-2012-0452 SUSE bug 746616 SUSE bug 746663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. Moderate CVE-2012-0455 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. Critical CVE-2012-0456 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. Critical CVE-2012-0457 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. Critical CVE-2012-0458 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. Critical CVE-2012-0459 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. Moderate CVE-2012-0460 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2012-0461 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2012-0462 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. Important CVE-2012-0463 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. Important CVE-2012-0464 SUSE bug 746591 SUSE bug 750044 SUSE bug 752168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2012-0467 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. Critical CVE-2012-0468 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. Moderate CVE-2012-0469 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." Moderate CVE-2012-0470 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. Moderate CVE-2012-0471 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Moderate CVE-2012-0472 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. Moderate CVE-2012-0473 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." Moderate CVE-2012-0474 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. Moderate CVE-2012-0475 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. Moderate CVE-2012-0477 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. Moderate CVE-2012-0478 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. Moderate CVE-2012-0479 SUSE bug 758408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Critical CVE-2012-0497 SUSE bug 747208 SUSE bug 758470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. Low CVE-2012-0501 SUSE bug 747208 SUSE bug 758470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. Moderate CVE-2012-0502 SUSE bug 747208 SUSE bug 758470 SUSE bug 763805 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. Moderate CVE-2012-0503 SUSE bug 747208 SUSE bug 758470 SUSE bug 763805 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. Moderate CVE-2012-0505 SUSE bug 747208 SUSE bug 758470 SUSE bug 763805 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. Moderate CVE-2012-0506 SUSE bug 747208 SUSE bug 758470 SUSE bug 763805 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references." Low CVE-2012-0547 SUSE bug 777499 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771. Critical CVE-2012-0759 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. Moderate CVE-2012-0786 SUSE bug 853044 SUSE bug 885003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response. Moderate CVE-2012-0804 SUSE bug 744059 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. Moderate CVE-2012-0817 SUSE bug 743986 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. Moderate CVE-2012-0845 SUSE bug 747125 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. Low CVE-2012-0862 SUSE bug 762294 SUSE bug 844230 SUSE bug 855685 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. Moderate CVE-2012-0866 SUSE bug 701489 SUSE bug 749299 SUSE bug 749301 SUSE bug 749303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. Low CVE-2012-0867 SUSE bug 701489 SUSE bug 749299 SUSE bug 749301 SUSE bug 749303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. Low CVE-2012-0868 SUSE bug 701489 SUSE bug 749299 SUSE bug 749301 SUSE bug 749303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion. Important CVE-2012-0870 SUSE bug 747934 SUSE bug 752797 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. Moderate CVE-2012-0876 SUSE bug 750914 SUSE bug 751464 SUSE bug 751465 SUSE bug 983215 SUSE bug 983216 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. Moderate CVE-2012-0884 SUSE bug 749210 SUSE bug 749735 SUSE bug 751977 SUSE bug 754640 SUSE bug 761819 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege. Moderate CVE-2012-1012 SUSE bug 766109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. Moderate CVE-2012-1013 SUSE bug 765485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request. Moderate CVE-2012-1014 SUSE bug 770172 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request. Important CVE-2012-1015 SUSE bug 770172 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request. Moderate CVE-2012-1016 SUSE bug 807556 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. Moderate CVE-2012-1096 SUSE bug 738073 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. Moderate CVE-2012-1126 SUSE bug 750937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. Moderate CVE-2012-1127 SUSE bug 750947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. Moderate CVE-2012-1128 SUSE bug 750942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. Low CVE-2012-1129 SUSE bug 750952 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. Moderate CVE-2012-1130 SUSE bug 750951 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. Moderate CVE-2012-1131 SUSE bug 750953 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. Low CVE-2012-1132 SUSE bug 750950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. Moderate CVE-2012-1133 SUSE bug 750940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. Moderate CVE-2012-1134 SUSE bug 750945 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. Low CVE-2012-1135 SUSE bug 750946 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field. Moderate CVE-2012-1136 SUSE bug 750939 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. Moderate CVE-2012-1137 SUSE bug 750943 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. Moderate CVE-2012-1138 SUSE bug 750941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. Low CVE-2012-1139 SUSE bug 750938 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. Moderate CVE-2012-1140 SUSE bug 750954 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. Low CVE-2012-1141 SUSE bug 750955 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. Moderate CVE-2012-1142 SUSE bug 750948 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. Moderate CVE-2012-1143 SUSE bug 750949 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. Moderate CVE-2012-1144 SUSE bug 750944 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. Moderate CVE-2012-1147 SUSE bug 750914 SUSE bug 751464 SUSE bug 751465 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Important CVE-2012-1148 SUSE bug 750914 SUSE bug 751464 SUSE bug 751465 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Moderate CVE-2012-1150 SUSE bug 751718 SUSE bug 755383 SUSE bug 826682 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. Moderate CVE-2012-1152 SUSE bug 751503 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." Moderate CVE-2012-1162 SUSE bug 751829 SUSE bug 751830 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. Moderate CVE-2012-1163 SUSE bug 751829 SUSE bug 751830 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. Moderate CVE-2012-1165 SUSE bug 749210 SUSE bug 749213 SUSE bug 751946 SUSE bug 754640 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. Moderate CVE-2012-1173 SUSE bug 753362 SUSE bug 767852 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." Moderate CVE-2012-1174 SUSE bug 752281 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. Important CVE-2012-1182 SUSE bug 747934 SUSE bug 752797 SUSE bug 754443 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. Moderate CVE-2012-1185 SUSE bug 752879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. Moderate CVE-2012-1186 SUSE bug 752879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Moderate CVE-2012-1457 SUSE bug 753611 SUSE bug 767574 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. Moderate CVE-2012-1458 SUSE bug 753613 SUSE bug 767574 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Moderate CVE-2012-1459 SUSE bug 753610 SUSE bug 767574 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. Moderate CVE-2012-1569 SUSE bug 752193 SUSE bug 753301 SUSE bug 924966 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. Moderate CVE-2012-1571 SUSE bug 753303 SUSE bug 883306 SUSE bug 884986 SUSE bug 987530 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. Moderate CVE-2012-1573 SUSE bug 752193 SUSE bug 754223 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. Moderate CVE-2012-1586 SUSE bug 754443 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. Moderate CVE-2012-1667 SUSE bug 765315 SUSE bug 792926 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder." Critical CVE-2012-1682 SUSE bug 777499 SUSE bug 780897 SUSE bug 785433 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. Critical CVE-2012-1711 SUSE bug 766802 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Critical CVE-2012-1713 SUSE bug 766802 SUSE bug 778629 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Critical CVE-2012-1716 SUSE bug 766802 SUSE bug 778629 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. Moderate CVE-2012-1717 SUSE bug 766802 SUSE bug 778629 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security. Moderate CVE-2012-1718 SUSE bug 778629 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA. Moderate CVE-2012-1719 SUSE bug 766802 SUSE bug 778629 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Critical CVE-2012-1723 SUSE bug 766802 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP. Moderate CVE-2012-1724 SUSE bug 766802 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Important CVE-2012-1725 SUSE bug 766802 SUSE bug 778629 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Important CVE-2012-1726 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2012-1937 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. Critical CVE-2012-1938 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Critical CVE-2012-1940 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Critical CVE-2012-1941 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document. Moderate CVE-2012-1944 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. Moderate CVE-2012-1945 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. Critical CVE-2012-1946 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Critical CVE-2012-1947 SUSE bug 765204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2012-1948 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2012-1949 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. Important CVE-2012-1950 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. Important CVE-2012-1951 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. Critical CVE-2012-1952 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. Critical CVE-2012-1953 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. Critical CVE-2012-1954 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. Important CVE-2012-1955 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Moderate CVE-2012-1956 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. Important CVE-2012-1957 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. Important CVE-2012-1958 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. Important CVE-2012-1959 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. Low CVE-2012-1960 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. Important CVE-2012-1961 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. Important CVE-2012-1962 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. Important CVE-2012-1963 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. Important CVE-2012-1965 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. Important CVE-2012-1966 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. Important CVE-2012-1967 SUSE bug 771583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2012-1970 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1972 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1973 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1974 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1975 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-1976 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. Important CVE-2012-2110 SUSE bug 758060 SUSE bug 778825 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. Moderate CVE-2012-2111 SUSE bug 754443 SUSE bug 757576 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Moderate CVE-2012-2113 SUSE bug 767852 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. Moderate CVE-2012-2141 SUSE bug 759352 SUSE bug 826684 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. Moderate CVE-2012-2143 SUSE bug 766797 SUSE bug 766798 SUSE bug 766799 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. Low CVE-2012-2150 SUSE bug 939367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. Important CVE-2012-2337 SUSE bug 762327 SUSE bug 826687 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." Moderate CVE-2012-2388 SUSE bug 1107874 SUSE bug 761325 SUSE bug 815236 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. Moderate CVE-2012-2392 SUSE bug 763634 SUSE bug 763855 SUSE bug 769578 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. Moderate CVE-2012-2393 SUSE bug 763634 SUSE bug 763855 SUSE bug 763857 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. Moderate CVE-2012-2394 SUSE bug 763634 SUSE bug 763859 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. Moderate CVE-2012-2396 SUSE bug 760496 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries. Low CVE-2012-2451 SUSE bug 760459 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image. Moderate CVE-2012-2625 SUSE bug 762484 SUSE bug 773393 SUSE bug 773401 SUSE bug 787163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. Moderate CVE-2012-2655 SUSE bug 765069 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message. Moderate CVE-2012-2669 SUSE bug 761200 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. Moderate CVE-2012-2673 SUSE bug 765444 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. Moderate CVE-2012-2686 SUSE bug 802648 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Low CVE-2012-2687 SUSE bug 777260 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition. Moderate CVE-2012-2737 SUSE bug 768807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. Moderate CVE-2012-2738 SUSE bug 772761 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. Moderate CVE-2012-2812 SUSE bug 771229 SUSE bug 831515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. Moderate CVE-2012-2813 SUSE bug 771229 SUSE bug 831515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. Moderate CVE-2012-2814 SUSE bug 771229 SUSE bug 831515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. Moderate CVE-2012-2836 SUSE bug 771229 SUSE bug 831515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. Moderate CVE-2012-2837 SUSE bug 771229 SUSE bug 831515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. Moderate CVE-2012-2840 SUSE bug 771229 SUSE bug 831515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. Moderate CVE-2012-2841 SUSE bug 771229 SUSE bug 831515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters. Important CVE-2012-2944 SUSE bug 764699 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682. Critical CVE-2012-3136 SUSE bug 777499 SUSE bug 780897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114. Moderate CVE-2012-3174 SUSE bug 798324 SUSE bug 798521 SUSE bug 798535 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Low CVE-2012-3216 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. Moderate CVE-2012-3386 SUSE bug 770618 SUSE bug 786745 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. Moderate CVE-2012-3401 SUSE bug 770816 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. Moderate CVE-2012-3406 SUSE bug 770891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions. Moderate CVE-2012-3432 SUSE bug 773393 SUSE bug 773401 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown. Moderate CVE-2012-3433 SUSE bug 773393 SUSE bug 773401 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. Moderate CVE-2012-3445 SUSE bug 773955 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. Moderate CVE-2012-3449 SUSE bug 774332 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. Moderate CVE-2012-3466 SUSE bug 775235 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. Moderate CVE-2012-3482 SUSE bug 775988 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. Moderate CVE-2012-3488 SUSE bug 776523 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue. Low CVE-2012-3489 SUSE bug 776524 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. Moderate CVE-2012-3499 SUSE bug 806458 SUSE bug 807511 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. Moderate CVE-2012-3502 SUSE bug 777119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Important CVE-2012-3515 SUSE bug 777084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." Important CVE-2012-3524 SUSE bug 697105 SUSE bug 852781 SUSE bug 912016 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate. Moderate CVE-2012-3547 SUSE bug 777834 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. Moderate CVE-2012-3548 SUSE bug 778000 SUSE bug 783275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter. Moderate CVE-2012-3570 SUSE bug 772924 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. Moderate CVE-2012-3571 SUSE bug 772924 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. Moderate CVE-2012-3817 SUSE bug 772945 SUSE bug 792926 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. Moderate CVE-2012-3868 SUSE bug 772946 SUSE bug 792926 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Moderate CVE-2012-3954 SUSE bug 772924 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. Moderate CVE-2012-3955 SUSE bug 780167 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3956 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-3957 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3958 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3959 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3960 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3961 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. Critical CVE-2012-3962 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-3963 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-3964 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. Critical CVE-2012-3965 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. Critical CVE-2012-3966 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. Critical CVE-2012-3967 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. Critical CVE-2012-3968 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. Critical CVE-2012-3969 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. Critical CVE-2012-3970 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Moderate CVE-2012-3971 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. Moderate CVE-2012-3972 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. Critical CVE-2012-3973 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. Low CVE-2012-3975 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. Moderate CVE-2012-3976 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. Moderate CVE-2012-3978 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. Important CVE-2012-3980 SUSE bug 777588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2012-3982 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2012-3983 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. Critical CVE-2012-3984 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. Moderate CVE-2012-3985 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. Moderate CVE-2012-3986 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. Moderate CVE-2012-3988 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. Critical CVE-2012-3989 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Moderate CVE-2012-3990 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. Moderate CVE-2012-3991 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. Moderate CVE-2012-3992 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. Moderate CVE-2012-3993 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. Moderate CVE-2012-3994 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Moderate CVE-2012-3995 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. Moderate CVE-2012-4024 SUSE bug 773015 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. Moderate CVE-2012-4025 SUSE bug 773015 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. Moderate CVE-2012-4048 SUSE bug 772738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. Moderate CVE-2012-4049 SUSE bug 772738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4179 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-4180 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4181 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4182 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4183 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. Moderate CVE-2012-4184 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Moderate CVE-2012-4185 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-4186 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. Critical CVE-2012-4187 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-4188 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Critical CVE-2012-4191 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. Critical CVE-2012-4192 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. Critical CVE-2012-4193 SUSE bug 783533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Moderate CVE-2012-4194 SUSE bug 786522 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. Moderate CVE-2012-4195 SUSE bug 786522 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. Moderate CVE-2012-4196 SUSE bug 786522 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. Moderate CVE-2012-4201 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. Critical CVE-2012-4202 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. Moderate CVE-2012-4203 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Critical CVE-2012-4204 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. Moderate CVE-2012-4205 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. Moderate CVE-2012-4207 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. Moderate CVE-2012-4208 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. Moderate CVE-2012-4209 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. Critical CVE-2012-4210 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4212 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4213 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. Critical CVE-2012-4214 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4215 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4216 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4217 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2012-4218 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. Important CVE-2012-4244 SUSE bug 780157 SUSE bug 792926 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. Moderate CVE-2012-4285 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. Low CVE-2012-4286 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. Moderate CVE-2012-4287 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. Moderate CVE-2012-4288 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. Moderate CVE-2012-4289 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. Moderate CVE-2012-4290 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Moderate CVE-2012-4291 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2012-4292 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. Moderate CVE-2012-4293 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. Moderate CVE-2012-4294 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. Moderate CVE-2012-4295 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. Moderate CVE-2012-4296 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. Moderate CVE-2012-4297 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. Moderate CVE-2012-4298 SUSE bug 776083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. Moderate CVE-2012-4398 SUSE bug 778463 SUSE bug 779488 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. Important CVE-2012-4411 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Moderate CVE-2012-4412 SUSE bug 779320 SUSE bug 848783 SUSE bug 882910 SUSE bug 920169 SUSE bug 920338 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. Moderate CVE-2012-4414 SUSE bug 779476 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. Moderate CVE-2012-4416 SUSE bug 779714 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. Moderate CVE-2012-4425 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. Moderate CVE-2012-4453 SUSE bug 1008340 SUSE bug 782734 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit. Moderate CVE-2012-4502 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. Moderate CVE-2012-4503 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. Moderate CVE-2012-4504 SUSE bug 784523 SUSE bug 795039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources. Moderate CVE-2012-4510 SUSE bug 783488 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." Moderate CVE-2012-4535 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read. Moderate CVE-2012-4536 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." Moderate CVE-2012-4537 SUSE bug 779212 SUSE bug 786516 SUSE bug 786517 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. Moderate CVE-2012-4538 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability." Moderate CVE-2012-4539 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. Moderate CVE-2012-4544 SUSE bug 779212 SUSE bug 786516 SUSE bug 786518 SUSE bug 786519 SUSE bug 786520 SUSE bug 787163 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. Moderate CVE-2012-4564 SUSE bug 781995 SUSE bug 787892 SUSE bug 791607 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class. Important CVE-2012-4681 SUSE bug 777499 SUSE bug 778629 SUSE bug 780897 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 798324 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. Moderate CVE-2012-4929 SUSE bug 1011293 SUSE bug 779952 SUSE bug 793420 SUSE bug 803004 SUSE bug 847895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Important CVE-2012-5068 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. Important CVE-2012-5069 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. Moderate CVE-2012-5070 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. Important CVE-2012-5071 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. Moderate CVE-2012-5072 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079. Moderate CVE-2012-5073 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. Important CVE-2012-5074 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. Moderate CVE-2012-5075 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. Critical CVE-2012-5076 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. Low CVE-2012-5077 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. Moderate CVE-2012-5079 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. Moderate CVE-2012-5081 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Important CVE-2012-5084 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. Low CVE-2012-5085 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Critical CVE-2012-5086 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Critical CVE-2012-5087 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Critical CVE-2012-5088 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. Important CVE-2012-5089 SUSE bug 785429 SUSE bug 785433 SUSE bug 785814 SUSE bug 788750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-5112 SUSE bug 786698 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters. Important CVE-2012-5133 SUSE bug 791234 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Moderate CVE-2012-5134 SUSE bug 1123919 SUSE bug 791234 SUSE bug 793334 SUSE bug 795039 SUSE bug 804033 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. Moderate CVE-2012-5166 SUSE bug 784602 SUSE bug 792926 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2012-5237 SUSE bug 783275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. Moderate CVE-2012-5238 SUSE bug 783275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5239 SUSE bug 783275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. Moderate CVE-2012-5240 SUSE bug 783275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. Moderate CVE-2012-5510 SUSE bug 789945 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. Moderate CVE-2012-5511 SUSE bug 789944 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range. Important CVE-2012-5513 SUSE bug 789951 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. Moderate CVE-2012-5514 SUSE bug 789948 SUSE bug 789988 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. Moderate CVE-2012-5515 SUSE bug 789950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. Important CVE-2012-5519 SUSE bug 1180148 SUSE bug 789566 SUSE bug 882905 SUSE bug 924208 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. Moderate CVE-2012-5525 SUSE bug 789952 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. Low CVE-2012-5532 SUSE bug 791605 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5592 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5593 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6054. Reason: This candidate is a reservation duplicate of CVE-2012-6054. Notes: All CVE users should reference CVE-2012-6054 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5594 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5595 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6057. Reason: This candidate is a reservation duplicate of CVE-2012-6057. Notes: All CVE users should reference CVE-2012-6057 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5596 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5597 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6060. Reason: This candidate is a reservation duplicate of CVE-2012-6060. Notes: All CVE users should reference CVE-2012-6060 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5598 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6061. Reason: This candidate is a reservation duplicate of CVE-2012-6061. Notes: All CVE users should reference CVE-2012-6061 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5599 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6062. Reason: This candidate is a reservation duplicate of CVE-2012-6062. Notes: All CVE users should reference CVE-2012-6062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5600 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5601 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candidate is a reservation duplicate of CVE-2012-6058. Notes: All CVE users should reference CVE-2012-6058 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2012-5602 SUSE bug 792005 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. Moderate CVE-2012-5611 SUSE bug 792362 SUSE bug 792444 SUSE bug 798753 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. Moderate CVE-2012-5612 SUSE bug 792443 SUSE bug 798753 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. Moderate CVE-2012-5615 SUSE bug 792440 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. Moderate CVE-2012-5627 SUSE bug 792679 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. Moderate CVE-2012-5634 SUSE bug 794316 SUSE bug 800275 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Moderate CVE-2012-5643 SUSE bug 794954 SUSE bug 796999 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. Moderate CVE-2012-5668 SUSE bug 795826 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. Moderate CVE-2012-5669 SUSE bug 795826 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. Moderate CVE-2012-5670 SUSE bug 795826 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. Important CVE-2012-5688 SUSE bug 792926 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. Moderate CVE-2012-5689 SUSE bug 800822 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Moderate CVE-2012-5783 SUSE bug 1132354 SUSE bug 803332 SUSE bug 803333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Moderate CVE-2012-5784 SUSE bug 1134598 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2012-5829 SUSE bug 790140 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. Moderate CVE-2012-5830 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. Critical CVE-2012-5833 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. Critical CVE-2012-5835 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Critical CVE-2012-5836 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. Moderate CVE-2012-5837 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. Critical CVE-2012-5838 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2012-5839 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. Critical CVE-2012-5840 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. Moderate CVE-2012-5841 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2012-5842 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2012-5843 SUSE bug 790140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Moderate CVE-2012-6075 SUSE bug 797523 SUSE bug 800275 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. Moderate CVE-2012-6093 SUSE bug 797006 SUSE bug 802634 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system Moderate CVE-2012-6094 SUSE bug 795624 SUSE bug 857372 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. Low CVE-2012-6150 SUSE bug 844720 SUSE bug 853347 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. Moderate CVE-2012-6702 SUSE bug 983215 SUSE bug 983216 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. Low CVE-2012-6703 SUSE bug 986811 SUSE bug 986941 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. Moderate CVE-2012-6704 SUSE bug 1013531 SUSE bug 1013542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. Critical CVE-2012-6706 SUSE bug 1045315 SUSE bug 1045490 SUSE bug 1053919 SUSE bug 1083915 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs. Moderate CVE-2013-0151 SUSE bug 797285 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled. Moderate CVE-2013-0152 SUSE bug 797287 SUSE bug 800798 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. Moderate CVE-2013-0153 SUSE bug 800275 SUSE bug 800802 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. Low CVE-2013-0157 SUSE bug 797002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. Low CVE-2013-0160 SUSE bug 797175 SUSE bug 841063 SUSE bug 871595 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. Moderate CVE-2013-0166 SUSE bug 802648 SUSE bug 802746 SUSE bug 813366 SUSE bug 821818 SUSE bug 833408 SUSE bug 905106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. Moderate CVE-2013-0169 SUSE bug 1070148 SUSE bug 1103036 SUSE bug 1103597 SUSE bug 802184 SUSE bug 802648 SUSE bug 802746 SUSE bug 803379 SUSE bug 804654 SUSE bug 809839 SUSE bug 813366 SUSE bug 813939 SUSE bug 821818 SUSE bug 905106 SUSE bug 977584 SUSE bug 977616 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. Moderate CVE-2013-0170 SUSE bug 800976 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. Moderate CVE-2013-0172 SUSE bug 798364 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. Low CVE-2013-0179 SUSE bug 798458 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. Low CVE-2013-0211 SUSE bug 800024 SUSE bug 979005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Moderate CVE-2013-0213 SUSE bug 799641 SUSE bug 800982 SUSE bug 880220 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. Moderate CVE-2013-0214 SUSE bug 799641 SUSE bug 880220 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. Moderate CVE-2013-0219 SUSE bug 801036 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. Moderate CVE-2013-0220 SUSE bug 801036 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. Moderate CVE-2013-0221 SUSE bug 798538 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. Moderate CVE-2013-0222 SUSE bug 796243 SUSE bug 798538 SUSE bug 798541 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. Moderate CVE-2013-0223 SUSE bug 798538 SUSE bug 798541 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. Moderate CVE-2013-0231 SUSE bug 801178 SUSE bug 841063 SUSE bug 871595 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. Moderate CVE-2013-0240 SUSE bug 802409 SUSE bug 808534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. Moderate CVE-2013-0242 SUSE bug 801246 SUSE bug 848783 SUSE bug 882910 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. Important CVE-2013-0249 SUSE bug 802411 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. Moderate CVE-2013-0254 SUSE bug 802634 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Moderate CVE-2013-0255 SUSE bug 802679 SUSE bug 803057 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." Moderate CVE-2013-0262 SUSE bug 802795 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time. Moderate CVE-2013-0263 SUSE bug 802794 SUSE bug 809839 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. Moderate CVE-2013-0287 SUSE bug 809153 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. Moderate CVE-2013-0292 SUSE bug 792095 SUSE bug 804392 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 OpenStack nova base images permissions are world readable Moderate CVE-2013-0326 SUSE bug 837817 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Moderate CVE-2013-0338 SUSE bug 1123919 SUSE bug 805233 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. Critical CVE-2013-0401 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. Moderate CVE-2013-0422 SUSE bug 798324 SUSE bug 798521 SUSE bug 798535 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. Moderate CVE-2013-0424 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Important CVE-2013-0425 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Important CVE-2013-0426 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. Important CVE-2013-0427 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. Important CVE-2013-0428 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. Important CVE-2013-0429 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. Important CVE-2013-0431 SUSE bug 798535 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." Important CVE-2013-0432 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. Important CVE-2013-0433 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. Important CVE-2013-0434 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." Important CVE-2013-0435 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. Important CVE-2013-0440 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." Important CVE-2013-0441 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. Important CVE-2013-0442 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. Important CVE-2013-0443 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. Important CVE-2013-0444 SUSE bug 798535 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. Important CVE-2013-0450 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. Low CVE-2013-0454 SUSE bug 811975 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none. Moderate CVE-2013-0743 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. Critical CVE-2013-0744 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. Critical CVE-2013-0745 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. Critical CVE-2013-0746 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. Moderate CVE-2013-0747 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. Moderate CVE-2013-0748 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0749 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. Critical CVE-2013-0750 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. Moderate CVE-2013-0751 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. Critical CVE-2013-0752 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. Critical CVE-2013-0753 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. Critical CVE-2013-0754 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. Critical CVE-2013-0755 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. Critical CVE-2013-0756 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. Critical CVE-2013-0757 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Critical CVE-2013-0758 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. Critical CVE-2013-0760 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0761 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0762 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. Critical CVE-2013-0763 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. Important CVE-2013-0764 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Critical CVE-2013-0765 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0766 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Critical CVE-2013-0767 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. Critical CVE-2013-0768 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0769 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0770 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. Critical CVE-2013-0771 SUSE bug 796895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. Moderate CVE-2013-0772 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. Moderate CVE-2013-0773 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. Critical CVE-2013-0774 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. Critical CVE-2013-0775 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. Moderate CVE-2013-0776 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0777 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Critical CVE-2013-0778 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Critical CVE-2013-0779 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. Critical CVE-2013-0780 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-0781 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. Critical CVE-2013-0782 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0783 SUSE bug 804248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. Critical CVE-2013-0787 SUSE bug 808243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2013-0788 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. Critical CVE-2013-0789 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. Moderate CVE-2013-0791 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. Moderate CVE-2013-0792 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. Moderate CVE-2013-0793 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. Moderate CVE-2013-0794 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. Critical CVE-2013-0795 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. Critical CVE-2013-0796 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. Important CVE-2013-0800 SUSE bug 813026 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-0801 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Moderate CVE-2013-0809 SUSE bug 806786 SUSE bug 807487 SUSE bug 809386 SUSE bug 813939 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. Moderate CVE-2013-0913 SUSE bug 808829 SUSE bug 871595 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. Moderate CVE-2013-1415 SUSE bug 806715 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. Moderate CVE-2013-1416 SUSE bug 770172 SUSE bug 816413 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal. Moderate CVE-2013-1417 SUSE bug 850660 SUSE bug 879587 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Moderate CVE-2013-1418 SUSE bug 849240 SUSE bug 866059 SUSE bug 879587 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. Moderate CVE-2013-1430 SUSE bug 1015567 SUSE bug 442182 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCPU after touching other restored extended registers, which allows local guest OSes to obtain sensitive information by reading the registers. Moderate CVE-2013-1442 SUSE bug 839596 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. Important CVE-2013-1475 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." Important CVE-2013-1476 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. Important CVE-2013-1478 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. Important CVE-2013-1480 SUSE bug 798535 SUSE bug 801972 SUSE bug 803379 SUSE bug 806786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Critical CVE-2013-1484 SUSE bug 798535 SUSE bug 803379 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2013-1485 SUSE bug 798535 SUSE bug 803379 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Important CVE-2013-1486 SUSE bug 798535 SUSE bug 803379 SUSE bug 804654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. Critical CVE-2013-1488 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. Moderate CVE-2013-1493 SUSE bug 806786 SUSE bug 807487 SUSE bug 809386 SUSE bug 813939 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. Important CVE-2013-1500 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions." Moderate CVE-2013-1518 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code. Critical CVE-2013-1537 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method. Critical CVE-2013-1557 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. Important CVE-2013-1569 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. Moderate CVE-2013-1571 SUSE bug 824397 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1572 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1573 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1574 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1575 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1576 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1577 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. Moderate CVE-2013-1578 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1579 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-1580 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. Moderate CVE-2013-1581 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. Moderate CVE-2013-1582 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1583 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1584 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1585 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1586 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1587 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1588 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1589 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-1590 SUSE bug 801131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. Moderate CVE-2013-1620 SUSE bug 802184 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. Moderate CVE-2013-1667 SUSE bug 804415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1669 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. Moderate CVE-2013-1670 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. Moderate CVE-2013-1671 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. Critical CVE-2013-1674 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. Critical CVE-2013-1675 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Critical CVE-2013-1676 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. Critical CVE-2013-1677 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. Critical CVE-2013-1678 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-1679 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-1680 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-1681 SUSE bug 819204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1682 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2013-1683 SUSE bug 1150035 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. Critical CVE-2013-1684 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. Critical CVE-2013-1685 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Critical CVE-2013-1686 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. Critical CVE-2013-1687 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site. Moderate CVE-2013-1688 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. Critical CVE-2013-1690 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. Moderate CVE-2013-1692 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. Moderate CVE-2013-1693 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. Moderate CVE-2013-1694 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. Moderate CVE-2013-1695 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. Moderate CVE-2013-1696 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. Moderate CVE-2013-1697 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements. Moderate CVE-2013-1698 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters. Moderate CVE-2013-1699 SUSE bug 825935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1701 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1702 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. Important CVE-2013-1704 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. Critical CVE-2013-1705 SUSE bug 833389 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. Moderate CVE-2013-1708 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. Moderate CVE-2013-1709 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. Critical CVE-2013-1710 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. Moderate CVE-2013-1711 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. Moderate CVE-2013-1713 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. Moderate CVE-2013-1714 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. Moderate CVE-2013-1717 SUSE bug 833389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-1718 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2013-1719 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. Moderate CVE-2013-1720 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site. Important CVE-2013-1721 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. Critical CVE-2013-1722 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. Important CVE-2013-1723 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. Important CVE-2013-1724 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. Important CVE-2013-1725 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. Important CVE-2013-1728 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Important CVE-2013-1730 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. Critical CVE-2013-1732 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. Critical CVE-2013-1735 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. Critical CVE-2013-1736 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. Moderate CVE-2013-1737 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. Important CVE-2013-1738 SUSE bug 840485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Moderate CVE-2013-1739 SUSE bug 842979 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. Moderate CVE-2013-1740 SUSE bug 859055 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions. Moderate CVE-2013-1752 SUSE bug 856835 SUSE bug 856836 SUSE bug 863741 SUSE bug 885882 SUSE bug 898572 SUSE bug 912739 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. Moderate CVE-2013-1753 SUSE bug 856835 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. Important CVE-2013-1762 SUSE bug 807440 SUSE bug 807450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Moderate CVE-2013-1775 SUSE bug 806919 SUSE bug 806921 SUSE bug 815325 SUSE bug 845568 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. Low CVE-2013-1776 SUSE bug 806921 SUSE bug 817349 SUSE bug 817350 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. Moderate CVE-2013-1788 SUSE bug 806793 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. Moderate CVE-2013-1789 SUSE bug 806793 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. Moderate CVE-2013-1790 SUSE bug 806793 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. Moderate CVE-2013-1799 SUSE bug 808534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. Moderate CVE-2013-1863 SUSE bug 809624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Moderate CVE-2013-1881 SUSE bug 840753 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. Moderate CVE-2013-1896 SUSE bug 829056 SUSE bug 829057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen). Important CVE-2013-1899 SUSE bug 812525 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." Important CVE-2013-1900 SUSE bug 812525 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. Important CVE-2013-1901 SUSE bug 812525 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Moderate CVE-2013-1914 SUSE bug 813121 SUSE bug 826666 SUSE bug 882910 SUSE bug 941444 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. Moderate CVE-2013-1917 SUSE bug 813673 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." Moderate CVE-2013-1918 SUSE bug 813673 SUSE bug 816159 SUSE bug 823011 SUSE bug 826882 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." Moderate CVE-2013-1919 SUSE bug 813673 SUSE bug 813675 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004. Moderate CVE-2013-1922 SUSE bug 814059 SUSE bug 934753 SUSE bug 934768 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. Low CVE-2013-1940 SUSE bug 814653 SUSE bug 815870 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. Important CVE-2013-1944 SUSE bug 814655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ruby193 uses an insecure LD_LIBRARY_PATH setting. Low CVE-2013-1945 SUSE bug 1160788 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. Moderate CVE-2013-1952 SUSE bug 813673 SUSE bug 816163 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. Moderate CVE-2013-1960 SUSE bug 817573 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. Moderate CVE-2013-1961 SUSE bug 817573 SUSE bug 818117 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool." Moderate CVE-2013-1962 SUSE bug 820397 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. Moderate CVE-2013-1969 SUSE bug 815665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. Moderate CVE-2013-1976 SUSE bug 822177 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. Moderate CVE-2013-1981 SUSE bug 815451 SUSE bug 821664 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions. Moderate CVE-2013-1982 SUSE bug 815451 SUSE bug 821665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. Moderate CVE-2013-1983 SUSE bug 815451 SUSE bug 821667 SUSE bug 880221 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. Moderate CVE-2013-1984 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. Moderate CVE-2013-1985 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. Moderate CVE-2013-1986 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. Moderate CVE-2013-1987 SUSE bug 815451 SUSE bug 821669 SUSE bug 880221 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. Moderate CVE-2013-1988 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. Moderate CVE-2013-1989 SUSE bug 815451 SUSE bug 821671 SUSE bug 880221 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. Moderate CVE-2013-1990 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions. Moderate CVE-2013-1991 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. Moderate CVE-2013-1992 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. Moderate CVE-2013-1995 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. Moderate CVE-2013-1997 SUSE bug 815451 SUSE bug 821664 SUSE bug 824294 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. Moderate CVE-2013-1998 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. Moderate CVE-2013-1999 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. Moderate CVE-2013-2000 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. Moderate CVE-2013-2001 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function. Moderate CVE-2013-2002 SUSE bug 815451 SUSE bug 821670 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. Moderate CVE-2013-2003 SUSE bug 1065386 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. Low CVE-2013-2004 SUSE bug 815451 SUSE bug 821664 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions. Moderate CVE-2013-2005 SUSE bug 815451 SUSE bug 821670 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. Moderate CVE-2013-2007 SUSE bug 818181 SUSE bug 818182 SUSE bug 818183 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions. Moderate CVE-2013-2062 SUSE bug 815451 SUSE bug 821668 SUSE bug 880221 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. Moderate CVE-2013-2063 SUSE bug 815451 SUSE bug 821663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Moderate CVE-2013-2064 SUSE bug 815451 SUSE bug 821584 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. Moderate CVE-2013-2066 SUSE bug 815451 SUSE bug 821671 SUSE bug 880221 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. Moderate CVE-2013-2067 SUSE bug 822177 SUSE bug 831112 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Moderate CVE-2013-2124 SUSE bug 828006 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. Moderate CVE-2013-2131 SUSE bug 828003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. Moderate CVE-2013-2139 SUSE bug 828009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/. Low CVE-2013-2142 SUSE bug 823250 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. Moderate CVE-2013-2168 SUSE bug 824607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Moderate CVE-2013-2174 SUSE bug 824517 SUSE bug 917692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. Important CVE-2013-2186 SUSE bug 846174 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Moderate CVE-2013-2207 SUSE bug 830257 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command. Moderate CVE-2013-2218 SUSE bug 827741 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." Low CVE-2013-2230 SUSE bug 827801 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. Moderate CVE-2013-2249 SUSE bug 831113 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. Moderate CVE-2013-2266 SUSE bug 811876 SUSE bug 811934 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2. Critical CVE-2013-2383 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2. Critical CVE-2013-2384 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." Moderate CVE-2013-2407 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box. Moderate CVE-2013-2412 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions. Low CVE-2013-2415 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. Moderate CVE-2013-2417 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. Moderate CVE-2013-2419 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. Critical CVE-2013-2420 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions. Critical CVE-2013-2421 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. Moderate CVE-2013-2422 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager. Moderate CVE-2013-2423 SUSE bug 816720 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator. Moderate CVE-2013-2424 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox. Critical CVE-2013-2426 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption. Important CVE-2013-2429 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code. Important CVE-2013-2430 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames." Critical CVE-2013-2431 SUSE bug 816720 SUSE bug 817157 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. Critical CVE-2013-2436 SUSE bug 816720 SUSE bug 819288 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. Moderate CVE-2013-2443 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files. Moderate CVE-2013-2444 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." Moderate CVE-2013-2445 SUSE bug 825624 SUSE bug 828665 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams. Moderate CVE-2013-2446 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost. Moderate CVE-2013-2447 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." Moderate CVE-2013-2448 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path. Moderate CVE-2013-2449 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass. Moderate CVE-2013-2450 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. Low CVE-2013-2451 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class. Moderate CVE-2013-2452 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector. Moderate CVE-2013-2453 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. Moderate CVE-2013-2454 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods. Moderate CVE-2013-2455 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class. Moderate CVE-2013-2456 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions. Moderate CVE-2013-2457 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via "an error related to method handles." Moderate CVE-2013-2458 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." Critical CVE-2013-2459 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component. Critical CVE-2013-2460 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." Moderate CVE-2013-2461 SUSE bug 825624 SUSE bug 828665 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. Critical CVE-2013-2463 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. Critical CVE-2013-2465 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D. Critical CVE-2013-2469 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." Critical CVE-2013-2470 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks." Critical CVE-2013-2471 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D. Critical CVE-2013-2472 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D. Critical CVE-2013-2473 SUSE bug 825624 SUSE bug 828665 SUSE bug 829212 SUSE bug 829708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2475 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. Moderate CVE-2013-2476 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2477 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. Moderate CVE-2013-2478 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. Moderate CVE-2013-2479 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2480 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. Moderate CVE-2013-2481 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-2482 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. Moderate CVE-2013-2483 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-2484 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Moderate CVE-2013-2485 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. Moderate CVE-2013-2486 SUSE bug 807942 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. Moderate CVE-2013-2487 SUSE bug 807942 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. Moderate CVE-2013-2488 SUSE bug 807942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. Important CVE-2013-2850 SUSE bug 821560 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image. Moderate CVE-2013-2869 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request. Moderate CVE-2013-2870 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. Moderate CVE-2013-2871 SUSE bug 828893 SUSE bug 871792 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors. Moderate CVE-2013-2872 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources. Moderate CVE-2013-2873 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. Moderate CVE-2013-2874 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Moderate CVE-2013-2875 SUSE bug 828893 SUSE bug 879607 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page. Moderate CVE-2013-2876 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. Moderate CVE-2013-2877 SUSE bug 1123919 SUSE bug 828893 SUSE bug 829077 SUSE bug 854869 SUSE bug 877506 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text. Moderate CVE-2013-2878 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site. Moderate CVE-2013-2879 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Moderate CVE-2013-2880 SUSE bug 828893 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. Moderate CVE-2013-2888 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. Moderate CVE-2013-2889 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. Moderate CVE-2013-2890 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. Moderate CVE-2013-2891 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. Moderate CVE-2013-2892 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. Moderate CVE-2013-2893 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. Moderate CVE-2013-2894 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device. Moderate CVE-2013-2895 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. Moderate CVE-2013-2896 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. Moderate CVE-2013-2897 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. Moderate CVE-2013-2898 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. Moderate CVE-2013-2899 SUSE bug 835839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. Moderate CVE-2013-2944 SUSE bug 815236 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). Moderate CVE-2013-3495 SUSE bug 826717 SUSE bug 903970 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3555 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3556 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3557 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3558 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. Moderate CVE-2013-3559 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3560 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. Moderate CVE-2013-3561 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Moderate CVE-2013-3562 SUSE bug 820566 SUSE bug 820973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. Moderate CVE-2013-3571 SUSE bug 821985 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Moderate CVE-2013-3829 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. Important CVE-2013-4002 SUSE bug 829212 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4083 SUSE bug 824900 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Moderate CVE-2013-4124 SUSE bug 829969 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts. Moderate CVE-2013-4143 SUSE bug 829859 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. Moderate CVE-2013-4148 SUSE bug 864812 SUSE bug 871442 SUSE bug 964630 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. Moderate CVE-2013-4149 SUSE bug 864649 SUSE bug 871442 SUSE bug 964443 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. Moderate CVE-2013-4150 SUSE bug 864650 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. Moderate CVE-2013-4151 SUSE bug 864653 SUSE bug 871442 SUSE bug 964636 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command. Moderate CVE-2013-4153 SUSE bug 830497 SUSE bug 830498 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command. Moderate CVE-2013-4154 SUSE bug 830498 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. Moderate CVE-2013-4231 SUSE bug 834477 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. Moderate CVE-2013-4232 SUSE bug 834477 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow. Moderate CVE-2013-4233 SUSE bug 1022032 SUSE bug 834483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC. Moderate CVE-2013-4234 SUSE bug 1022032 SUSE bug 834483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. Moderate CVE-2013-4237 SUSE bug 834594 SUSE bug 882910 SUSE bug 883022 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Moderate CVE-2013-4238 SUSE bug 834601 SUSE bug 839107 SUSE bug 882915 SUSE bug 912739 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. Moderate CVE-2013-4239 SUSE bug 834598 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Moderate CVE-2013-4242 SUSE bug 831359 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Moderate CVE-2013-4243 SUSE bug 834779 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. Moderate CVE-2013-4244 SUSE bug 834788 SUSE bug 854393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Moderate CVE-2013-4276 SUSE bug 843716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. Important CVE-2013-4282 SUSE bug 848279 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. Moderate CVE-2013-4288 SUSE bug 1070943 SUSE bug 1099031 SUSE bug 835827 SUSE bug 836931 SUSE bug 836932 SUSE bug 836937 SUSE bug 836939 SUSE bug 844967 SUSE bug 852368 SUSE bug 854144 SUSE bug 864716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. Important CVE-2013-4296 SUSE bug 836931 SUSE bug 838638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. Moderate CVE-2013-4297 SUSE bug 838642 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. Moderate CVE-2013-4311 SUSE bug 836931 SUSE bug 838638 SUSE bug 864716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. Moderate CVE-2013-4312 SUSE bug 839104 SUSE bug 922947 SUSE bug 968014 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Moderate CVE-2013-4314 SUSE bug 839107 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process. Moderate CVE-2013-4325 SUSE bug 808355 SUSE bug 836931 SUSE bug 836932 SUSE bug 836937 SUSE bug 852368 SUSE bug 864716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. Moderate CVE-2013-4326 SUSE bug 836931 SUSE bug 836932 SUSE bug 836937 SUSE bug 836939 SUSE bug 864716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Moderate CVE-2013-4332 SUSE bug 839870 SUSE bug 882910 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. Low CVE-2013-4342 SUSE bug 844230 SUSE bug 855685 SUSE bug 882917 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. Low CVE-2013-4351 SUSE bug 840510 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. Moderate CVE-2013-4353 SUSE bug 857640 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. Moderate CVE-2013-4355 SUSE bug 840592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). Important CVE-2013-4356 SUSE bug 840593 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. Moderate CVE-2013-4361 SUSE bug 840592 SUSE bug 841766 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. Low CVE-2013-4366 SUSE bug 1066013 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. Low CVE-2013-4375 SUSE bug 840592 SUSE bug 842515 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. Moderate CVE-2013-4387 SUSE bug 843430 SUSE bug 848042 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. Important CVE-2013-4396 SUSE bug 843652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. Moderate CVE-2013-4399 SUSE bug 842300 SUSE bug 844052 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. Important CVE-2013-4400 SUSE bug 837609 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. Important CVE-2013-4401 SUSE bug 845704 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. Important CVE-2013-4402 SUSE bug 844175 SUSE bug 941439 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. Important CVE-2013-4408 SUSE bug 844720 SUSE bug 848101 SUSE bug 882906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. Moderate CVE-2013-4416 SUSE bug 840592 SUSE bug 845520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. Important CVE-2013-4419 SUSE bug 845720 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. Moderate CVE-2013-4458 SUSE bug 847227 SUSE bug 883217 SUSE bug 941444 SUSE bug 955181 SUSE bug 967023 SUSE bug 980483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. Moderate CVE-2013-4473 SUSE bug 847907 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Moderate CVE-2013-4474 SUSE bug 847907 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Moderate CVE-2013-4475 SUSE bug 848101 SUSE bug 880220 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. Moderate CVE-2013-4476 SUSE bug 848103 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. Moderate CVE-2013-4483 SUSE bug 848321 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. Moderate CVE-2013-4494 SUSE bug 848657 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Moderate CVE-2013-4496 SUSE bug 849224 SUSE bug 866844 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen. Moderate CVE-2013-4509 SUSE bug 847718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. Moderate CVE-2013-4526 SUSE bug 864671 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Moderate CVE-2013-4527 SUSE bug 864673 SUSE bug 871442 SUSE bug 964746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Moderate CVE-2013-4529 SUSE bug 864678 SUSE bug 871442 SUSE bug 964929 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. Moderate CVE-2013-4530 SUSE bug 864682 SUSE bug 871442 SUSE bug 964950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. Moderate CVE-2013-4531 SUSE bug 864796 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. Moderate CVE-2013-4533 SUSE bug 864655 SUSE bug 871442 SUSE bug 964644 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. Moderate CVE-2013-4534 SUSE bug 864811 SUSE bug 871442 SUSE bug 964452 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. Moderate CVE-2013-4535 SUSE bug 864665 SUSE bug 964676 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Moderate CVE-2013-4536 SUSE bug 864665 SUSE bug 871442 SUSE bug 964676 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. Moderate CVE-2013-4537 SUSE bug 864391 SUSE bug 871442 SUSE bug 962642 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. Moderate CVE-2013-4538 SUSE bug 864769 SUSE bug 871442 SUSE bug 962335 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. Moderate CVE-2013-4539 SUSE bug 864805 SUSE bug 871442 SUSE bug 962758 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. Moderate CVE-2013-4540 SUSE bug 864801 SUSE bug 871442 SUSE bug 880751 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. Moderate CVE-2013-4541 SUSE bug 864802 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. Moderate CVE-2013-4542 SUSE bug 864804 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. Moderate CVE-2013-4544 SUSE bug 873613 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Moderate CVE-2013-4545 SUSE bug 849596 SUSE bug 870444 SUSE bug 880252 SUSE bug 882520 SUSE bug 924250 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. Moderate CVE-2013-4549 SUSE bug 1039291 SUSE bug 856832 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." Moderate CVE-2013-4551 SUSE bug 848657 SUSE bug 849665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock). Moderate CVE-2013-4553 SUSE bug 848657 SUSE bug 849667 SUSE bug 849668 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. Moderate CVE-2013-4554 SUSE bug 848657 SUSE bug 849668 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. Moderate CVE-2013-4566 SUSE bug 853039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. Moderate CVE-2013-4591 SUSE bug 851103 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the writeDataError function in the ElasticSearch plugin (omelasticsearch) in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JSON response. Moderate CVE-2013-4758 SUSE bug 828140 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. Moderate CVE-2013-4854 SUSE bug 831899 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4920 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4921 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4922 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. Moderate CVE-2013-4923 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. Moderate CVE-2013-4924 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. Moderate CVE-2013-4925 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4926 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. Moderate CVE-2013-4927 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2013-4928 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. Moderate CVE-2013-4929 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. Moderate CVE-2013-4930 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. Moderate CVE-2013-4931 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4932 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. Moderate CVE-2013-4933 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. Moderate CVE-2013-4934 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-4935 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Moderate CVE-2013-4936 SUSE bug 831718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. Moderate CVE-2013-5018 SUSE bug 833278 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. Moderate CVE-2013-5123 SUSE bug 864406 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. Moderate CVE-2013-5211 SUSE bug 857195 SUSE bug 889447 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2013-5590 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2013-5591 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2013-5592 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. Important CVE-2013-5593 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. Important CVE-2013-5595 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. Important CVE-2013-5596 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. Important CVE-2013-5597 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. Important CVE-2013-5598 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event. Important CVE-2013-5599 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. Important CVE-2013-5600 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. Important CVE-2013-5601 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. Important CVE-2013-5602 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. Important CVE-2013-5603 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. Important CVE-2013-5604 SUSE bug 847708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. Moderate CVE-2013-5605 SUSE bug 850148 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-5609 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2013-5610 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Moderate CVE-2013-5611 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header. Moderate CVE-2013-5612 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. Critical CVE-2013-5613 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. Moderate CVE-2013-5614 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. Moderate CVE-2013-5615 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. Critical CVE-2013-5616 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. Critical CVE-2013-5618 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. Moderate CVE-2013-5619 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. Important CVE-2013-5653 SUSE bug 1001951 SUSE bug 1004237 SUSE bug 1007816 SUSE bug 1036453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." Low CVE-2013-5704 SUSE bug 871310 SUSE bug 914535 SUSE bug 930944 SUSE bug 938728 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. Moderate CVE-2013-5717 SUSE bug 839607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-5718 SUSE bug 839607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2013-5719 SUSE bug 839607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-5720 SUSE bug 839607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-5721 SUSE bug 839607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-5722 SUSE bug 839607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. Moderate CVE-2013-5772 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2013-5774 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. Moderate CVE-2013-5778 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2013-5780 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2013-5782 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. Moderate CVE-2013-5783 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING. Moderate CVE-2013-5784 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS. Moderate CVE-2013-5790 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. Low CVE-2013-5797 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS. Moderate CVE-2013-5800 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. Moderate CVE-2013-5802 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. Important CVE-2013-5803 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. Moderate CVE-2013-5804 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806. Moderate CVE-2013-5805 SUSE bug 846177 SUSE bug 846999 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805. Moderate CVE-2013-5806 SUSE bug 846177 SUSE bug 846999 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829. Critical CVE-2013-5809 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. Critical CVE-2013-5814 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. Critical CVE-2013-5817 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS. Moderate CVE-2013-5820 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security. Moderate CVE-2013-5823 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP. Moderate CVE-2013-5825 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809. Critical CVE-2013-5829 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Critical CVE-2013-5830 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2013-5840 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850. Moderate CVE-2013-5842 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT. Moderate CVE-2013-5849 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842. Critical CVE-2013-5850 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2013-5851 SUSE bug 846177 SUSE bug 846999 SUSE bug 849212 SUSE bug 852367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. Moderate CVE-2013-5878 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories. Moderate CVE-2013-5884 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox. Moderate CVE-2013-5893 SUSE bug 858818 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. Moderate CVE-2013-5896 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. Moderate CVE-2013-5907 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. Moderate CVE-2013-5910 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison. Important CVE-2013-6075 SUSE bug 847506 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. Important CVE-2013-6076 SUSE bug 847509 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6336 SUSE bug 848738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6337 SUSE bug 848738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6338 SUSE bug 848738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. Moderate CVE-2013-6339 SUSE bug 848738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-6340 SUSE bug 848738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file. Moderate CVE-2013-6369 SUSE bug 870855 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. Moderate CVE-2013-6370 SUSE bug 870147 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. Moderate CVE-2013-6371 SUSE bug 870147 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. Moderate CVE-2013-6381 SUSE bug 852552 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. Moderate CVE-2013-6393 SUSE bug 860617 SUSE bug 911782 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks. Moderate CVE-2013-6394 SUSE bug 1019858 SUSE bug 852224 SUSE bug 860488 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. Moderate CVE-2013-6399 SUSE bug 864814 SUSE bug 871442 SUSE bug 964643 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. Moderate CVE-2013-6401 SUSE bug 863301 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. Moderate CVE-2013-6402 SUSE bug 852368 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. Moderate CVE-2013-6418 SUSE bug 856323 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Moderate CVE-2013-6424 SUSE bug 853846 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream. Moderate CVE-2013-6427 SUSE bug 852368 SUSE bug 853405 SUSE bug 900460 SUSE bug 933191 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Important CVE-2013-6435 SUSE bug 1101137 SUSE bug 906803 SUSE bug 908128 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. Moderate CVE-2013-6436 SUSE bug 854486 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. Moderate CVE-2013-6438 SUSE bug 869105 SUSE bug 869106 SUSE bug 887765 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. Moderate CVE-2013-6442 SUSE bug 855866 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. Moderate CVE-2013-6449 SUSE bug 856687 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. Moderate CVE-2013-6450 SUSE bug 857203 SUSE bug 861384 SUSE bug 986238 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. Moderate CVE-2013-6457 SUSE bug 858824 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. Moderate CVE-2013-6458 SUSE bug 857492 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. Moderate CVE-2013-6462 SUSE bug 854915 SUSE bug 882908 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. Moderate CVE-2013-6473 SUSE bug 866302 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. Moderate CVE-2013-6474 SUSE bug 866302 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. Moderate CVE-2013-6475 SUSE bug 866302 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. Moderate CVE-2013-6476 SUSE bug 866302 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. Moderate CVE-2013-6497 SUSE bug 1040662 SUSE bug 906077 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. Moderate CVE-2013-6629 SUSE bug 850430 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 SUSE bug 880246 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. Moderate CVE-2013-6630 SUSE bug 850430 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. Moderate CVE-2013-6639 SUSE bug 854473 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. Moderate CVE-2013-6640 SUSE bug 854473 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Moderate CVE-2013-6668 SUSE bug 866959 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. Critical CVE-2013-6671 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Moderate CVE-2013-6672 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. Moderate CVE-2013-6673 SUSE bug 854370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. Moderate CVE-2013-6954 SUSE bug 856522 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. Moderate CVE-2013-7038 SUSE bug 854443 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. Moderate CVE-2013-7039 SUSE bug 854443 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Important CVE-2013-7112 SUSE bug 856498 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2013-7113 SUSE bug 856495 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. Important CVE-2013-7114 SUSE bug 856496 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. Moderate CVE-2013-7239 SUSE bug 857188 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. Moderate CVE-2013-7263 SUSE bug 853040 SUSE bug 857643 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON. Important CVE-2013-7285 SUSE bug 1142383 SUSE bug 1193824 SUSE bug 875241 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179. Low CVE-2013-7290 SUSE bug 858677 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290. Low CVE-2013-7291 SUSE bug 858676 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. Moderate CVE-2013-7353 SUSE bug 873124 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. Moderate CVE-2013-7354 SUSE bug 873123 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. Moderate CVE-2013-7423 SUSE bug 915526 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. Moderate CVE-2013-7446 SUSE bug 955654 SUSE bug 955837 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. Moderate CVE-2013-7447 SUSE bug 966682 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Moderate CVE-2013-7459 SUSE bug 1017420 SUSE bug 1047666 SUSE bug 1087140 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. Important CVE-2013-7490 SUSE bug 1176496 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. Moderate CVE-2014-0004 SUSE bug 865854 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. Moderate CVE-2014-0011 SUSE bug 869307 SUSE bug 900896 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. Moderate CVE-2014-0015 SUSE bug 858673 SUSE bug 868627 SUSE bug 880252 SUSE bug 882520 SUSE bug 927556 SUSE bug 962983 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates. Moderate CVE-2014-0016 SUSE bug 866278 SUSE bug 866286 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. Low CVE-2014-0019 SUSE bug 860991 SUSE bug 927161 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Chrony before 1.29.1 has traffic amplification in cmdmon protocol Low CVE-2014-0021 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API. Moderate CVE-2014-0028 SUSE bug 859051 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. Important CVE-2014-0038 SUSE bug 860993 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Moderate CVE-2014-0050 SUSE bug 862781 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command. Moderate CVE-2014-0060 SUSE bug 864845 SUSE bug 864856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. Moderate CVE-2014-0061 SUSE bug 864846 SUSE bug 864856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. Moderate CVE-2014-0062 SUSE bug 864847 SUSE bug 864856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065. Moderate CVE-2014-0063 SUSE bug 864850 SUSE bug 864856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. Moderate CVE-2014-0064 SUSE bug 864851 SUSE bug 864856 SUSE bug 871307 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063. Moderate CVE-2014-0065 SUSE bug 864852 SUSE bug 864856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. Moderate CVE-2014-0066 SUSE bug 864853 SUSE bug 864856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. Low CVE-2014-0067 SUSE bug 864856 SUSE bug 872783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. Moderate CVE-2014-0076 SUSE bug 869945 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 905106 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. Moderate CVE-2014-0077 SUSE bug 870173 SUSE bug 870576 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Important CVE-2014-0092 SUSE bug 865804 SUSE bug 915878 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. Moderate CVE-2014-0098 SUSE bug 869106 SUSE bug 887765 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. Moderate CVE-2014-0107 SUSE bug 870082 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Important CVE-2014-0114 SUSE bug 778464 SUSE bug 875455 SUSE bug 885963 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. Moderate CVE-2014-0117 SUSE bug 887767 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. Moderate CVE-2014-0118 SUSE bug 1078450 SUSE bug 887769 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. Moderate CVE-2014-0138 SUSE bug 868627 SUSE bug 880252 SUSE bug 882520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Moderate CVE-2014-0139 SUSE bug 868629 SUSE bug 880252 SUSE bug 882520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. Moderate CVE-2014-0142 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. Moderate CVE-2014-0143 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2014-0144 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). Moderate CVE-2014-0145 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields. Moderate CVE-2014-0146 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2014-0147 SUSE bug 870439 SUSE bug 871442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. Moderate CVE-2014-0150 SUSE bug 873235 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Important CVE-2014-0160 SUSE bug 872299 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. Moderate CVE-2014-0172 SUSE bug 872785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. Moderate CVE-2014-0178 SUSE bug 872396 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. Moderate CVE-2014-0179 SUSE bug 873705 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. Moderate CVE-2014-0182 SUSE bug 874788 SUSE bug 964693 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Low CVE-2014-0190 SUSE bug 875470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. Important CVE-2014-0191 SUSE bug 1014873 SUSE bug 1123919 SUSE bug 876652 SUSE bug 877506 SUSE bug 996079 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Moderate CVE-2014-0195 SUSE bug 880891 SUSE bug 885777 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. Moderate CVE-2014-0196 SUSE bug 871252 SUSE bug 875690 SUSE bug 877345 SUSE bug 879878 SUSE bug 933423 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. Moderate CVE-2014-0198 SUSE bug 876282 SUSE bug 880891 SUSE bug 885777 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. Important CVE-2014-0209 SUSE bug 857544 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Moderate CVE-2014-0210 SUSE bug 857544 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Moderate CVE-2014-0211 SUSE bug 857544 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. Moderate CVE-2014-0221 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 905106 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Moderate CVE-2014-0222 SUSE bug 877642 SUSE bug 950367 SUSE bug 964925 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. Moderate CVE-2014-0223 SUSE bug 877645 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. Moderate CVE-2014-0224 SUSE bug 1146657 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 892403 SUSE bug 901237 SUSE bug 903703 SUSE bug 905018 SUSE bug 905106 SUSE bug 914447 SUSE bug 915913 SUSE bug 916239 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. Moderate CVE-2014-0226 SUSE bug 887765 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. Moderate CVE-2014-0231 SUSE bug 887768 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103. Moderate CVE-2014-0239 SUSE bug 878642 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. Moderate CVE-2014-0244 SUSE bug 880962 SUSE bug 883758 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0. Important CVE-2014-0245 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. Moderate CVE-2014-0333 SUSE bug 866298 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. Moderate CVE-2014-0368 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. Moderate CVE-2014-0373 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." Moderate CVE-2014-0376 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Critical CVE-2014-0408 SUSE bug 858818 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. Moderate CVE-2014-0411 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. Moderate CVE-2014-0416 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. Moderate CVE-2014-0422 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. Moderate CVE-2014-0423 SUSE bug 858818 SUSE bug 862064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. Moderate CVE-2014-0428 SUSE bug 858818 SUSE bug 862064 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2014-0429 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-0446 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. Moderate CVE-2014-0451 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. Moderate CVE-2014-0452 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. Moderate CVE-2014-0453 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Moderate CVE-2014-0454 SUSE bug 873873 SUSE bug 877429 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. Moderate CVE-2014-0455 SUSE bug 873873 SUSE bug 877429 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-0456 SUSE bug 873872 SUSE bug 873873 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-0457 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. Moderate CVE-2014-0458 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. Moderate CVE-2014-0459 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. Moderate CVE-2014-0460 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-0461 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Moderate CVE-2014-0467 SUSE bug 868115 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. Moderate CVE-2014-0475 SUSE bug 887022 SUSE bug 896776 SUSE bug 916222 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539. Critical CVE-2014-0537 SUSE bug 886454 SUSE bug 886472 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537. Critical CVE-2014-0539 SUSE bug 886454 SUSE bug 886472 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. Moderate CVE-2014-0591 SUSE bug 858639 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. Moderate CVE-2014-0691 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled. Important CVE-2014-10070 SUSE bug 1082885 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. Moderate CVE-2014-10071 SUSE bug 1082977 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. Moderate CVE-2014-10072 SUSE bug 1082975 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Moderate CVE-2014-1344 SUSE bug 879607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Moderate CVE-2014-1384 SUSE bug 892084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Moderate CVE-2014-1385 SUSE bug 892084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Moderate CVE-2014-1386 SUSE bug 892084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Moderate CVE-2014-1387 SUSE bug 892084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Moderate CVE-2014-1388 SUSE bug 892084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Moderate CVE-2014-1389 SUSE bug 892084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Moderate CVE-2014-1390 SUSE bug 892084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. Moderate CVE-2014-1447 SUSE bug 858817 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1477 SUSE bug 861847 SUSE bug 862345 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. Moderate CVE-2014-1478 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. Moderate CVE-2014-1479 SUSE bug 861847 SUSE bug 862348 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. Moderate CVE-2014-1480 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. Moderate CVE-2014-1481 SUSE bug 861847 SUSE bug 862309 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. Important CVE-2014-1482 SUSE bug 861847 SUSE bug 862356 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. Moderate CVE-2014-1483 SUSE bug 861847 SUSE bug 862360 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Moderate CVE-2014-1484 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. Moderate CVE-2014-1485 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. Critical CVE-2014-1486 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. Moderate CVE-2014-1487 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. Critical CVE-2014-1488 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Moderate CVE-2014-1489 SUSE bug 861847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. Moderate CVE-2014-1490 SUSE bug 861847 SUSE bug 862300 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Moderate CVE-2014-1491 SUSE bug 861847 SUSE bug 862289 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. Moderate CVE-2014-1492 SUSE bug 869827 SUSE bug 926974 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Moderate CVE-2014-1544 SUSE bug 887746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Moderate CVE-2014-1545 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1547 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1548 SUSE bug 887746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1553 SUSE bug 894370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1554 SUSE bug 894370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Moderate CVE-2014-1555 SUSE bug 887746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Moderate CVE-2014-1556 SUSE bug 887746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. Moderate CVE-2014-1557 SUSE bug 887746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2014-1562 SUSE bug 894370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. Moderate CVE-2014-1563 SUSE bug 894370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. Moderate CVE-2014-1564 SUSE bug 894370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls. Moderate CVE-2014-1565 SUSE bug 894370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Critical CVE-2014-1567 SUSE bug 894370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. Moderate CVE-2014-1568 SUSE bug 1107874 SUSE bug 897890 SUSE bug 898959 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. Moderate CVE-2014-1569 SUSE bug 910647 SUSE bug 913096 SUSE bug 917597 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1574 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. Moderate CVE-2014-1575 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style. Moderate CVE-2014-1576 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value. Moderate CVE-2014-1577 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. Moderate CVE-2014-1578 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Moderate CVE-2014-1581 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm. Moderate CVE-2014-1583 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming. Moderate CVE-2014-1585 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations by maintaining a session after the user temporarily navigates away. Moderate CVE-2014-1586 SUSE bug 900941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1587 SUSE bug 908009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-1588 SUSE bug 908009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. Moderate CVE-2014-1590 SUSE bug 908009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Moderate CVE-2014-1592 SUSE bug 908009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Moderate CVE-2014-1593 SUSE bug 908009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Moderate CVE-2014-1594 SUSE bug 908009 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. Moderate CVE-2014-1737 SUSE bug 875798 SUSE bug 877345 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. Moderate CVE-2014-1738 SUSE bug 875798 SUSE bug 877345 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. Moderate CVE-2014-1748 SUSE bug 909707 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Low CVE-2014-1829 SUSE bug 897658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Low CVE-2014-1830 SUSE bug 897658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. Moderate CVE-2014-1876 SUSE bug 863305 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Important CVE-2014-1912 SUSE bug 1049392 SUSE bug 1049422 SUSE bug 863741 SUSE bug 882915 SUSE bug 912739 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. Moderate CVE-2014-1932 SUSE bug 863541 SUSE bug 921566 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. Moderate CVE-2014-1959 SUSE bug 863989 SUSE bug 865993 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. Moderate CVE-2014-2015 SUSE bug 864576 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com. Moderate CVE-2014-2029 SUSE bug 864194 SUSE bug 919298 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. Moderate CVE-2014-2146 SUSE bug 995359 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file. Moderate CVE-2014-2240 SUSE bug 867620 SUSE bug 916867 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file. Moderate CVE-2014-2241 SUSE bug 867620 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. Moderate CVE-2014-2281 SUSE bug 867485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. Moderate CVE-2014-2282 SUSE bug 867485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet. Moderate CVE-2014-2283 SUSE bug 867485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. Moderate CVE-2014-2284 SUSE bug 866942 SUSE bug 875217 SUSE bug 969779 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. Moderate CVE-2014-2285 SUSE bug 866942 SUSE bug 875217 SUSE bug 969779 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. Moderate CVE-2014-2299 SUSE bug 867485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. Moderate CVE-2014-2338 SUSE bug 870572 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-2397 SUSE bug 873872 SUSE bug 873873 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. Low CVE-2014-2398 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455. Moderate CVE-2014-2402 SUSE bug 873873 SUSE bug 877429 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2014-2403 SUSE bug 873872 SUSE bug 873873 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. Moderate CVE-2014-2412 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-2413 SUSE bug 873873 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. Moderate CVE-2014-2414 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2014-2421 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. Moderate CVE-2014-2423 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. Moderate CVE-2014-2427 SUSE bug 873872 SUSE bug 873873 SUSE bug 877429 SUSE bug 877430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." Moderate CVE-2014-2483 SUSE bug 887530 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-2490 SUSE bug 887530 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Moderate CVE-2014-2494 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. Low CVE-2014-2497 SUSE bug 868624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. Low CVE-2014-2524 SUSE bug 868822 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. Moderate CVE-2014-2525 SUSE bug 868944 SUSE bug 911782 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. Moderate CVE-2014-2583 SUSE bug 870433 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. Moderate CVE-2014-2653 SUSE bug 1074631 SUSE bug 870532 SUSE bug 913479 SUSE bug 916239 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. Moderate CVE-2014-2667 SUSE bug 871152 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions. Moderate CVE-2014-2672 SUSE bug 871148 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. Moderate CVE-2014-2678 SUSE bug 871561 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Ansible prior to 1.5.4 mishandles the evaluation of some strings. Moderate CVE-2014-2686 SUSE bug 1160674 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. Moderate CVE-2014-2706 SUSE bug 871797 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." Moderate CVE-2014-2707 SUSE bug 871327 SUSE bug 883543 SUSE bug 921753 SUSE bug 937018 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. Moderate CVE-2014-2855 SUSE bug 873740 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. Moderate CVE-2014-2856 SUSE bug 873899 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response. Important CVE-2014-2892 SUSE bug 874723 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2014-2907 SUSE bug 874693 SUSE bug 874760 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. Critical CVE-2014-2977 SUSE bug 878345 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. Critical CVE-2014-2978 SUSE bug 878349 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. Moderate CVE-2014-3065 SUSE bug 904889 SUSE bug 930365 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. Moderate CVE-2014-3124 SUSE bug 875668 SUSE bug 880751 SUSE bug 903970 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. Important CVE-2014-3153 SUSE bug 877775 SUSE bug 880892 SUSE bug 882228 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables." Moderate CVE-2014-3158 SUSE bug 891489 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. Moderate CVE-2014-3181 SUSE bug 896382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. Moderate CVE-2014-3184 SUSE bug 896390 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. Moderate CVE-2014-3185 SUSE bug 896391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. Important CVE-2014-3230 SUSE bug 876862 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. Moderate CVE-2014-3421 SUSE bug 876847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Moderate CVE-2014-3422 SUSE bug 876847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. Moderate CVE-2014-3423 SUSE bug 876847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. Moderate CVE-2014-3424 SUSE bug 876847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. Moderate CVE-2014-3430 SUSE bug 877255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks." Moderate CVE-2014-3461 SUSE bug 878541 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Moderate CVE-2014-3466 SUSE bug 880730 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Moderate CVE-2014-3467 SUSE bug 880737 SUSE bug 880910 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. Moderate CVE-2014-3468 SUSE bug 880735 SUSE bug 880910 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. Moderate CVE-2014-3469 SUSE bug 880738 SUSE bug 880910 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Moderate CVE-2014-3470 SUSE bug 880891 SUSE bug 883126 SUSE bug 885777 SUSE bug 905106 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service. Moderate CVE-2014-3477 SUSE bug 1010769 SUSE bug 881137 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. Moderate CVE-2014-3493 SUSE bug 878642 SUSE bug 880962 SUSE bug 883758 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. Low CVE-2014-3498 SUSE bug 979877 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. Important CVE-2014-3505 SUSE bug 890759 SUSE bug 890764 SUSE bug 890767 SUSE bug 905106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. Important CVE-2014-3506 SUSE bug 890759 SUSE bug 890764 SUSE bug 890768 SUSE bug 905106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. Important CVE-2014-3507 SUSE bug 890759 SUSE bug 890764 SUSE bug 890769 SUSE bug 905106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. Important CVE-2014-3508 SUSE bug 890759 SUSE bug 890764 SUSE bug 905106 SUSE bug 950708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data. Important CVE-2014-3509 SUSE bug 890759 SUSE bug 890766 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. Important CVE-2014-3510 SUSE bug 890759 SUSE bug 890764 SUSE bug 890770 SUSE bug 905106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. Important CVE-2014-3511 SUSE bug 890759 SUSE bug 890771 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. Important CVE-2014-3512 SUSE bug 890759 SUSE bug 890772 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. Moderate CVE-2014-3513 SUSE bug 901277 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. Moderate CVE-2014-3514 SUSE bug 892777 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests. Important CVE-2014-3523 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. Moderate CVE-2014-3532 SUSE bug 885241 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. Moderate CVE-2014-3533 SUSE bug 885241 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. Moderate CVE-2014-3537 SUSE bug 887240 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0114. Reason: This candidate is a duplicate of CVE-2014-0114. CVE abstraction content decisions did not require a second ID. Notes: All CVE users should reference CVE-2014-0114 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2014-3540 SUSE bug 885963 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. Important CVE-2014-3560 SUSE bug 889429 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." Moderate CVE-2014-3564 SUSE bug 890123 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. Moderate CVE-2014-3565 SUSE bug 894361 SUSE bug 969779 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Moderate CVE-2014-3566 SUSE bug 1011293 SUSE bug 1031023 SUSE bug 901223 SUSE bug 901254 SUSE bug 901277 SUSE bug 901748 SUSE bug 901757 SUSE bug 901759 SUSE bug 901889 SUSE bug 901968 SUSE bug 902229 SUSE bug 902233 SUSE bug 902476 SUSE bug 903405 SUSE bug 903684 SUSE bug 904889 SUSE bug 905106 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. Important CVE-2014-3567 SUSE bug 877506 SUSE bug 901277 SUSE bug 905106 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c. Low CVE-2014-3568 SUSE bug 901277 SUSE bug 905106 SUSE bug 911399 SUSE bug 986238 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. Moderate CVE-2014-3570 SUSE bug 912296 SUSE bug 927623 SUSE bug 937891 SUSE bug 944456 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Moderate CVE-2014-3571 SUSE bug 912294 SUSE bug 927623 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. Moderate CVE-2014-3572 SUSE bug 912015 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. Moderate CVE-2014-3577 SUSE bug 1178171 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. Low CVE-2014-3581 SUSE bug 899836 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. Low CVE-2014-3583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. Moderate CVE-2014-3591 SUSE bug 920057 SUSE bug 949135 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. Moderate CVE-2014-3596 SUSE bug 1134598 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. Moderate CVE-2014-3601 SUSE bug 892782 SUSE bug 902675 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. Moderate CVE-2014-3610 SUSE bug 899192 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. Moderate CVE-2014-3613 SUSE bug 894575 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Moderate CVE-2014-3618 SUSE bug 1068648 SUSE bug 894999 SUSE bug 898303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. Moderate CVE-2014-3620 SUSE bug 1199221 SUSE bug 894575 SUSE bug 895991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read. Low CVE-2014-3633 SUSE bug 897783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. Important CVE-2014-3634 SUSE bug 897262 SUSE bug 899756 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. Moderate CVE-2014-3635 SUSE bug 896453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. Moderate CVE-2014-3636 SUSE bug 896453 SUSE bug 904017 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. Moderate CVE-2014-3637 SUSE bug 896453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. Moderate CVE-2014-3638 SUSE bug 896453 SUSE bug 903055 SUSE bug 903057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. Moderate CVE-2014-3639 SUSE bug 896453 SUSE bug 903055 SUSE bug 903057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. CVE-2014-3640 SUSE bug 897654 SUSE bug 965112 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Moderate CVE-2014-3646 SUSE bug 899192 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. Moderate CVE-2014-3657 SUSE bug 897783 SUSE bug 899484 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. Moderate CVE-2014-3660 SUSE bug 1123919 SUSE bug 901546 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. Moderate CVE-2014-3672 SUSE bug 981264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Moderate CVE-2014-3673 SUSE bug 902346 SUSE bug 902349 SUSE bug 904899 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. Moderate CVE-2014-3675 SUSE bug 889332 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." Moderate CVE-2014-3676 SUSE bug 889332 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. Moderate CVE-2014-3677 SUSE bug 889332 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. Moderate CVE-2014-3683 SUSE bug 897262 SUSE bug 899756 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. Moderate CVE-2014-3686 SUSE bug 1063667 SUSE bug 900611 SUSE bug 915323 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. Important CVE-2014-3687 SUSE bug 902349 SUSE bug 904899 SUSE bug 909208 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. Important CVE-2014-3688 SUSE bug 902351 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. Moderate CVE-2014-3690 SUSE bug 902232 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. Moderate CVE-2014-3707 SUSE bug 901924 SUSE bug 951391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. Moderate CVE-2014-3710 SUSE bug 902367 SUSE bug 910252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet. Low CVE-2014-3970 SUSE bug 881524 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2014-4020 SUSE bug 882602 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. Important CVE-2014-4038 SUSE bug 882667 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/messages and /etc/yaboot.conf. Important CVE-2014-4039 SUSE bug 882667 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. Moderate CVE-2014-4040 SUSE bug 883174 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. Moderate CVE-2014-4043 SUSE bug 882600 SUSE bug 939797 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Moderate CVE-2014-4207 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX. Moderate CVE-2014-4209 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-4216 SUSE bug 887530 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-4218 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-4219 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2014-4221 SUSE bug 887530 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483. Moderate CVE-2014-4223 SUSE bug 887530 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. Moderate CVE-2014-4244 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. Moderate CVE-2014-4252 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Moderate CVE-2014-4258 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. Moderate CVE-2014-4260 SUSE bug 887580 SUSE bug 915914 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-4262 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement." Moderate CVE-2014-4263 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect availability via unknown vectors related to Security. Moderate CVE-2014-4264 SUSE bug 887530 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. Moderate CVE-2014-4266 SUSE bug 887530 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Moderate CVE-2014-4268 SUSE bug 887530 SUSE bug 891699 SUSE bug 891700 SUSE bug 891701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM. Moderate CVE-2014-4274 SUSE bug 857678 SUSE bug 896400 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. Moderate CVE-2014-4287 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. Moderate CVE-2014-4288 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. Moderate CVE-2014-4336 SUSE bug 871327 SUSE bug 883543 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. Moderate CVE-2014-4337 SUSE bug 871327 SUSE bug 883543 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. Moderate CVE-2014-4338 SUSE bug 871327 SUSE bug 883536 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. Moderate CVE-2014-4341 SUSE bug 770172 SUSE bug 886016 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. Moderate CVE-2014-4342 SUSE bug 770172 SUSE bug 886016 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. Moderate CVE-2014-4343 SUSE bug 770172 SUSE bug 888697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. Moderate CVE-2014-4344 SUSE bug 888697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. Moderate CVE-2014-4345 SUSE bug 770172 SUSE bug 891082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app. Moderate CVE-2014-4362 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. Important CVE-2014-4508 SUSE bug 883724 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. Moderate CVE-2014-4607 SUSE bug 883947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype." Moderate CVE-2014-4608 SUSE bug 883948 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715. Moderate CVE-2014-4611 SUSE bug 883949 SUSE bug 885389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Moderate CVE-2014-4617 SUSE bug 884130 SUSE bug 962098 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. Moderate CVE-2014-4650 SUSE bug 856835 SUSE bug 856836 SUSE bug 863741 SUSE bug 885882 SUSE bug 898572 SUSE bug 912739 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. Critical CVE-2014-4671 SUSE bug 886454 SUSE bug 891688 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. Important CVE-2014-4877 SUSE bug 902709 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name. Moderate CVE-2014-4910 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Important CVE-2014-4943 SUSE bug 887082 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. Low CVE-2014-4966 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. Low CVE-2014-4967 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. Low CVE-2014-4975 SUSE bug 887877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. Moderate CVE-2014-5029 SUSE bug 887240 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. Moderate CVE-2014-5030 SUSE bug 887240 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. Moderate CVE-2014-5031 SUSE bug 887240 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation. Moderate CVE-2014-5044 SUSE bug 888791 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. Moderate CVE-2014-5045 SUSE bug 889060 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. Important CVE-2014-5077 SUSE bug 889173 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Moderate CVE-2014-5119 SUSE bug 892073 SUSE bug 903057 SUSE bug 916222 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. Important CVE-2014-5139 SUSE bug 886831 SUSE bug 890759 SUSE bug 890765 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. Moderate CVE-2014-5146 SUSE bug 889526 SUSE bug 903970 SUSE bug 918998 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. Moderate CVE-2014-5149 SUSE bug 889526 SUSE bug 903970 SUSE bug 918998 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. Moderate CVE-2014-5161 SUSE bug 889854 SUSE bug 889901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buffer underflow and application crash) via a crafted packet. Moderate CVE-2014-5162 SUSE bug 889854 SUSE bug 889901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2014-5163 SUSE bug 889854 SUSE bug 889906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2014-5164 SUSE bug 889854 SUSE bug 889900 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet. Moderate CVE-2014-5165 SUSE bug 889854 SUSE bug 889899 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. Moderate CVE-2014-5351 SUSE bug 897874 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. Moderate CVE-2014-5352 SUSE bug 1005509 SUSE bug 770172 SUSE bug 912002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. Low CVE-2014-5353 SUSE bug 910457 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command. Low CVE-2014-5354 SUSE bug 910458 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. Moderate CVE-2014-5355 SUSE bug 770172 SUSE bug 918595 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. Moderate CVE-2014-5461 SUSE bug 893824 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. Moderate CVE-2014-5471 SUSE bug 892490 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. Moderate CVE-2014-5472 SUSE bug 892490 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. Moderate CVE-2014-6040 SUSE bug 894553 SUSE bug 903057 SUSE bug 916222 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. Moderate CVE-2014-6051 SUSE bug 897031 SUSE bug 900896 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. Moderate CVE-2014-6052 SUSE bug 897031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. Moderate CVE-2014-6053 SUSE bug 897031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. Moderate CVE-2014-6054 SUSE bug 897031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. Moderate CVE-2014-6055 SUSE bug 897031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU. Moderate CVE-2014-6268 SUSE bug 895804 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. Important CVE-2014-6271 SUSE bug 1024628 SUSE bug 1130324 SUSE bug 870618 SUSE bug 896776 SUSE bug 898346 SUSE bug 898604 SUSE bug 898812 SUSE bug 898884 SUSE bug 900127 SUSE bug 900454 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. Moderate CVE-2014-6272 SUSE bug 897243 SUSE bug 943011 SUSE bug 947373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. Important CVE-2014-6277 SUSE bug 898812 SUSE bug 898884 SUSE bug 900127 SUSE bug 900454 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. Important CVE-2014-6278 SUSE bug 898604 SUSE bug 898812 SUSE bug 898884 SUSE bug 900127 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Moderate CVE-2014-6456 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Moderate CVE-2014-6457 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2014-6458 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML. Moderate CVE-2014-6463 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS. Moderate CVE-2014-6464 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2014-6466 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Moderate CVE-2014-6469 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED. Moderate CVE-2014-6474 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. Moderate CVE-2014-6476 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Moderate CVE-2014-6478 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML. Moderate CVE-2014-6484 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. Moderate CVE-2014-6489 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. Moderate CVE-2014-6491 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2014-6492 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. Moderate CVE-2014-6493 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496. Moderate CVE-2014-6494 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Moderate CVE-2014-6495 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494. Moderate CVE-2014-6496 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491. Moderate CVE-2014-6500 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-6502 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. Moderate CVE-2014-6503 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. Moderate CVE-2014-6504 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE. Moderate CVE-2014-6505 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-6506 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. Moderate CVE-2014-6507 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Moderate CVE-2014-6511 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. Moderate CVE-2014-6512 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. Moderate CVE-2014-6513 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. Moderate CVE-2014-6515 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2014-6517 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. Moderate CVE-2014-6519 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL. Moderate CVE-2014-6520 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. Moderate CVE-2014-6527 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP. Moderate CVE-2014-6530 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2014-6531 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. Moderate CVE-2014-6532 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. Moderate CVE-2014-6551 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. Moderate CVE-2014-6555 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. Moderate CVE-2014-6558 SUSE bug 901239 SUSE bug 901242 SUSE bug 901246 SUSE bug 904889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Moderate CVE-2014-6559 SUSE bug 901237 SUSE bug 915912 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML. Moderate CVE-2014-6564 SUSE bug 901237 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Moderate CVE-2014-6568 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. Moderate CVE-2014-6585 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2014-6587 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. Moderate CVE-2014-6591 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. Moderate CVE-2014-6593 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2014-6601 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. Low CVE-2014-7141 SUSE bug 1040640 SUSE bug 891268 SUSE bug 895773 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. Low CVE-2014-7142 SUSE bug 895773 SUSE bug 973782 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. Moderate CVE-2014-7154 SUSE bug 880751 SUSE bug 895798 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. Moderate CVE-2014-7155 SUSE bug 880751 SUSE bug 895799 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. Moderate CVE-2014-7156 SUSE bug 880751 SUSE bug 895802 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. Important CVE-2014-7169 SUSE bug 1024628 SUSE bug 1130324 SUSE bug 870618 SUSE bug 896776 SUSE bug 898346 SUSE bug 898812 SUSE bug 898884 SUSE bug 899266 SUSE bug 900127 SUSE bug 900454 SUSE bug 902237 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Moderate CVE-2014-7185 SUSE bug 898572 SUSE bug 912739 SUSE bug 913479 SUSE bug 955182 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. Moderate CVE-2014-7186 SUSE bug 1024628 SUSE bug 898603 SUSE bug 898812 SUSE bug 898884 SUSE bug 899039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. Moderate CVE-2014-7187 SUSE bug 1024628 SUSE bug 898603 SUSE bug 898812 SUSE bug 898884 SUSE bug 899039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. Important CVE-2014-7188 SUSE bug 880751 SUSE bug 897657 SUSE bug 903970 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. Low CVE-2014-7204 SUSE bug 899486 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations. Moderate CVE-2014-7283 SUSE bug 899480 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. Moderate CVE-2014-7300 SUSE bug 900031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Moderate CVE-2014-7815 SUSE bug 902737 SUSE bug 962627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". Moderate CVE-2014-7817 SUSE bug 906371 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. Low CVE-2014-7818 SUSE bug 903662 SUSE bug 905727 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag. Low CVE-2014-7823 SUSE bug 904176 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. Moderate CVE-2014-7824 SUSE bug 904017 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. Moderate CVE-2014-7829 SUSE bug 905727 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. Moderate CVE-2014-7840 SUSE bug 905097 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. Moderate CVE-2014-7842 SUSE bug 905312 SUSE bug 907822 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. Important CVE-2014-7844 SUSE bug 909208 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. Moderate CVE-2014-7970 SUSE bug 900644 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call. Moderate CVE-2014-7975 SUSE bug 900392 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. Moderate CVE-2014-8080 SUSE bug 902851 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080. Moderate CVE-2014-8090 SUSE bug 905326 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request. Moderate CVE-2014-8091 SUSE bug 882226 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write. Moderate CVE-2014-8092 SUSE bug 1146596 SUSE bug 907268 SUSE bug 928520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. Important CVE-2014-8093 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write. Moderate CVE-2014-8094 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function. Moderate CVE-2014-8095 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. Moderate CVE-2014-8096 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function. Moderate CVE-2014-8097 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. Important CVE-2014-8098 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function. Moderate CVE-2014-8099 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function. Moderate CVE-2014-8100 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. Moderate CVE-2014-8101 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value. Moderate CVE-2014-8102 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension. Moderate CVE-2014-8103 SUSE bug 907268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Moderate CVE-2014-8104 SUSE bug 907764 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. Moderate CVE-2014-8106 SUSE bug 1023004 SUSE bug 1178658 SUSE bug 907805 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. Moderate CVE-2014-8109 SUSE bug 909715 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors. Moderate CVE-2014-8111 SUSE bug 927845 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. Moderate CVE-2014-8116 SUSE bug 910252 SUSE bug 910253 SUSE bug 917152 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. Moderate CVE-2014-8117 SUSE bug 910252 SUSE bug 910253 SUSE bug 917152 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow. Important CVE-2014-8118 SUSE bug 1101137 SUSE bug 906803 SUSE bug 908128 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. Moderate CVE-2014-8119 SUSE bug 925225 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. Moderate CVE-2014-8121 SUSE bug 918187 SUSE bug 945779 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. Critical CVE-2014-8127 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. Critical CVE-2014-8128 SUSE bug 1007276 SUSE bug 1017690 SUSE bug 1040322 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 SUSE bug 960341 SUSE bug 974621 SUSE bug 983436 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. Critical CVE-2014-8129 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. Critical CVE-2014-8130 SUSE bug 914890 SUSE bug 916925 SUSE bug 942690 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. Moderate CVE-2014-8134 SUSE bug 907818 SUSE bug 909077 SUSE bug 909078 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. Low CVE-2014-8136 SUSE bug 910862 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. Moderate CVE-2014-8137 SUSE bug 1178702 SUSE bug 909474 SUSE bug 909475 SUSE bug 911837 SUSE bug 968373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file. Moderate CVE-2014-8138 SUSE bug 1178702 SUSE bug 909474 SUSE bug 909475 SUSE bug 911837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Moderate CVE-2014-8139 SUSE bug 909214 SUSE bug 915880 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Moderate CVE-2014-8140 SUSE bug 909214 SUSE bug 914442 SUSE bug 915880 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. Moderate CVE-2014-8141 SUSE bug 909214 SUSE bug 915880 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. Moderate CVE-2014-8143 SUSE bug 914279 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. Moderate CVE-2014-8146 SUSE bug 1066493 SUSE bug 910805 SUSE bug 927951 SUSE bug 929629 SUSE bug 959178 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. Moderate CVE-2014-8147 SUSE bug 1066493 SUSE bug 1079317 SUSE bug 910805 SUSE bug 910806 SUSE bug 927951 SUSE bug 929629 SUSE bug 959178 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. Important CVE-2014-8148 SUSE bug 912023 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. Moderate CVE-2014-8150 SUSE bug 911363 SUSE bug 951391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. Moderate CVE-2014-8157 SUSE bug 1178702 SUSE bug 911837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. Moderate CVE-2014-8158 SUSE bug 1178702 SUSE bug 911837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. Moderate CVE-2014-8159 SUSE bug 903967 SUSE bug 914742 SUSE bug 939241 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. Moderate CVE-2014-8160 SUSE bug 857643 SUSE bug 913059 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. Moderate CVE-2014-8169 SUSE bug 917977 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. Moderate CVE-2014-8181 SUSE bug 980851 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. Moderate CVE-2014-8183 SUSE bug 1053752 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051. Moderate CVE-2014-8240 SUSE bug 900896 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. Low CVE-2014-8242 SUSE bug 900914 SUSE bug 922710 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. Moderate CVE-2014-8275 SUSE bug 912018 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Low CVE-2014-8354 SUSE bug 903204 SUSE bug 903638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). Low CVE-2014-8355 SUSE bug 903216 SUSE bug 903638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. Moderate CVE-2014-8484 SUSE bug 902676 SUSE bug 902677 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. Moderate CVE-2014-8485 SUSE bug 902676 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. Moderate CVE-2014-8500 SUSE bug 908994 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. Moderate CVE-2014-8501 SUSE bug 903655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. Moderate CVE-2014-8502 SUSE bug 903655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. Moderate CVE-2014-8503 SUSE bug 903655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. Moderate CVE-2014-8504 SUSE bug 903655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 imagemagick 6.8.9.6 has remote DOS via infinite loop Low CVE-2014-8561 SUSE bug 1156786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). Moderate CVE-2014-8562 SUSE bug 903638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. Moderate CVE-2014-8564 SUSE bug 904603 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2014-8634 SUSE bug 913064 SUSE bug 913096 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2014-8635 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. Moderate CVE-2014-8638 SUSE bug 913068 SUSE bug 913096 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Moderate CVE-2014-8639 SUSE bug 913066 SUSE bug 913096 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. Moderate CVE-2014-8641 SUSE bug 913067 SUSE bug 913096 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 python-requests-Kerberos through 0.5 does not handle mutual authentication Moderate CVE-2014-8650 SUSE bug 1160886 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets. Important CVE-2014-8709 SUSE bug 904700 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). Moderate CVE-2014-8716 SUSE bug 905260 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. Moderate CVE-2014-8737 SUSE bug 905736 SUSE bug 912408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. Moderate CVE-2014-8738 SUSE bug 905735 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. Low CVE-2014-8767 SUSE bug 905870 SUSE bug 905871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. Low CVE-2014-8768 SUSE bug 905871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. Low CVE-2014-8769 SUSE bug 905871 SUSE bug 905872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. Moderate CVE-2014-8884 SUSE bug 904876 SUSE bug 905522 SUSE bug 905739 SUSE bug 905744 SUSE bug 905748 SUSE bug 905764 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. Moderate CVE-2014-8891 SUSE bug 916266 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. Moderate CVE-2014-8892 SUSE bug 916265 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Moderate CVE-2014-8962 SUSE bug 906831 SUSE bug 907764 SUSE bug 969774 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Moderate CVE-2014-8964 SUSE bug 906574 SUSE bug 924960 SUSE bug 933288 SUSE bug 936408 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. Moderate CVE-2014-8991 SUSE bug 907038 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Moderate CVE-2014-9028 SUSE bug 907016 SUSE bug 969774 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow. Moderate CVE-2014-9029 SUSE bug 1178702 SUSE bug 906364 SUSE bug 909474 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. Moderate CVE-2014-9050 SUSE bug 1040662 SUSE bug 906770 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. Moderate CVE-2014-9087 SUSE bug 907074 SUSE bug 926826 SUSE bug 996084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. Moderate CVE-2014-9092 SUSE bug 906761 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Moderate CVE-2014-9112 SUSE bug 907456 SUSE bug 913479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Moderate CVE-2014-9114 SUSE bug 907434 SUSE bug 908742 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. Moderate CVE-2014-9116 SUSE bug 907453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. Moderate CVE-2014-9130 SUSE bug 907809 SUSE bug 911782 SUSE bug 921588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. Low CVE-2014-9140 SUSE bug 923142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. Moderate CVE-2014-9221 SUSE bug 910491 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. Low CVE-2014-9273 SUSE bug 908614 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Important CVE-2014-9293 SUSE bug 910764 SUSE bug 911053 SUSE bug 911792 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Important CVE-2014-9294 SUSE bug 910764 SUSE bug 911053 SUSE bug 911792 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. Important CVE-2014-9295 SUSE bug 910764 SUSE bug 911792 SUSE bug 916239 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. Important CVE-2014-9296 SUSE bug 910764 SUSE bug 911053 SUSE bug 911792 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2014-9297 SUSE bug 911792 SUSE bug 948963 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2014-9298 SUSE bug 911792 SUSE bug 948963 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." Moderate CVE-2014-9328 SUSE bug 1040662 SUSE bug 915512 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. Moderate CVE-2014-9390 SUSE bug 910756 SUSE bug 925040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. Low CVE-2014-9402 SUSE bug 910599 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. Moderate CVE-2014-9421 SUSE bug 1005509 SUSE bug 770172 SUSE bug 912002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal. Moderate CVE-2014-9422 SUSE bug 1005509 SUSE bug 770172 SUSE bug 912002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. Moderate CVE-2014-9423 SUSE bug 1005509 SUSE bug 912002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. Moderate CVE-2014-9447 SUSE bug 911662 SUSE bug 912408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. Low CVE-2014-9474 SUSE bug 911812 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. Moderate CVE-2014-9495 SUSE bug 912076 SUSE bug 912929 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Moderate CVE-2014-9496 SUSE bug 911796 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. Moderate CVE-2014-9512 SUSE bug 915410 SUSE bug 960191 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Moderate CVE-2014-9556 SUSE bug 912214 SUSE bug 919283 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. Important CVE-2014-9585 SUSE bug 912705 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. Low CVE-2014-9620 SUSE bug 913651 SUSE bug 917152 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. Low CVE-2014-9621 SUSE bug 913650 SUSE bug 917152 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Important CVE-2014-9622 SUSE bug 913676 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. Moderate CVE-2014-9636 SUSE bug 914442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. Moderate CVE-2014-9638 SUSE bug 914439 SUSE bug 914441 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. Moderate CVE-2014-9639 SUSE bug 1081744 SUSE bug 914439 SUSE bug 914441 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. Moderate CVE-2014-9640 SUSE bug 912214 SUSE bug 914938 SUSE bug 919283 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. Moderate CVE-2014-9645 SUSE bug 914423 SUSE bug 914660 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. Low CVE-2014-9653 SUSE bug 917152 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. Moderate CVE-2014-9654 SUSE bug 917129 SUSE bug 929629 SUSE bug 952260 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. Moderate CVE-2014-9655 SUSE bug 914890 SUSE bug 916925 SUSE bug 916927 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. Moderate CVE-2014-9656 SUSE bug 916847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Moderate CVE-2014-9657 SUSE bug 916856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. Moderate CVE-2014-9658 SUSE bug 916857 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. Moderate CVE-2014-9659 SUSE bug 916867 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. Moderate CVE-2014-9660 SUSE bug 916858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. Moderate CVE-2014-9661 SUSE bug 916859 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. Moderate CVE-2014-9662 SUSE bug 916860 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. Moderate CVE-2014-9663 SUSE bug 916865 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. Moderate CVE-2014-9664 SUSE bug 916864 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. Moderate CVE-2014-9665 SUSE bug 916863 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. Moderate CVE-2014-9666 SUSE bug 916862 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. Moderate CVE-2014-9667 SUSE bug 916861 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. Moderate CVE-2014-9668 SUSE bug 916868 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. Moderate CVE-2014-9669 SUSE bug 916870 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. Moderate CVE-2014-9670 SUSE bug 916871 SUSE bug 933247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. Moderate CVE-2014-9671 SUSE bug 916872 SUSE bug 933247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. Moderate CVE-2014-9672 SUSE bug 916873 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. Moderate CVE-2014-9673 SUSE bug 916874 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. Moderate CVE-2014-9674 SUSE bug 916879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. Moderate CVE-2014-9675 SUSE bug 916881 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Moderate CVE-2014-9679 SUSE bug 917799 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. Low CVE-2014-9680 SUSE bug 917806 SUSE bug 919737 SUSE bug 921999 SUSE bug 953359 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. Moderate CVE-2014-9687 SUSE bug 920160 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. Moderate CVE-2014-9709 SUSE bug 923945 SUSE bug 923946 SUSE bug 980366 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive. Moderate CVE-2014-9732 SUSE bug 934524 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." Moderate CVE-2014-9749 SUSE bug 949942 SUSE bug 993299 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. Moderate CVE-2014-9756 SUSE bug 953516 SUSE bug 953519 SUSE bug 953521 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Moderate CVE-2014-9761 SUSE bug 962738 SUSE bug 986086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. Moderate CVE-2014-9805 SUSE bug 982969 SUSE bug 983752 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. Moderate CVE-2014-9806 SUSE bug 982969 SUSE bug 983774 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. Moderate CVE-2014-9807 SUSE bug 982969 SUSE bug 983794 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. Moderate CVE-2014-9808 SUSE bug 982969 SUSE bug 983796 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. Moderate CVE-2014-9809 SUSE bug 982969 SUSE bug 983799 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. Moderate CVE-2014-9810 SUSE bug 982969 SUSE bug 983803 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. Moderate CVE-2014-9811 SUSE bug 982969 SUSE bug 984032 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. Moderate CVE-2014-9812 SUSE bug 982969 SUSE bug 984137 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. Moderate CVE-2014-9813 SUSE bug 982969 SUSE bug 984035 SUSE bug 984398 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. Moderate CVE-2014-9814 SUSE bug 982969 SUSE bug 984193 SUSE bug 984372 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. Moderate CVE-2014-9815 SUSE bug 982969 SUSE bug 984372 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. Moderate CVE-2014-9816 SUSE bug 982969 SUSE bug 984035 SUSE bug 984398 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. Moderate CVE-2014-9817 SUSE bug 982969 SUSE bug 984400 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. Moderate CVE-2014-9818 SUSE bug 1000690 SUSE bug 982969 SUSE bug 984181 SUSE bug 984186 SUSE bug 984409 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. Moderate CVE-2014-9819 SUSE bug 982969 SUSE bug 984142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. Moderate CVE-2014-9820 SUSE bug 982969 SUSE bug 984150 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. Moderate CVE-2014-9821 SUSE bug 982969 SUSE bug 984014 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. Moderate CVE-2014-9822 SUSE bug 982969 SUSE bug 984187 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. Moderate CVE-2014-9823 SUSE bug 982969 SUSE bug 984401 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. Moderate CVE-2014-9824 SUSE bug 982969 SUSE bug 984185 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. Moderate CVE-2014-9825 SUSE bug 982969 SUSE bug 984427 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. Moderate CVE-2014-9826 SUSE bug 982969 SUSE bug 984186 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. Moderate CVE-2014-9828 SUSE bug 982969 SUSE bug 984028 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. Moderate CVE-2014-9829 SUSE bug 982969 SUSE bug 984409 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. Moderate CVE-2014-9830 SUSE bug 1000690 SUSE bug 982969 SUSE bug 984135 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. Moderate CVE-2014-9831 SUSE bug 982969 SUSE bug 984375 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. Moderate CVE-2014-9832 SUSE bug 982969 SUSE bug 984183 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. Moderate CVE-2014-9833 SUSE bug 982969 SUSE bug 984406 SUSE bug 984427 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. Moderate CVE-2014-9834 SUSE bug 982969 SUSE bug 984436 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. Moderate CVE-2014-9835 SUSE bug 982969 SUSE bug 984145 SUSE bug 984375 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. Moderate CVE-2014-9836 SUSE bug 982969 SUSE bug 984023 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. Moderate CVE-2014-9837 SUSE bug 982969 SUSE bug 984166 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). Moderate CVE-2014-9838 SUSE bug 982969 SUSE bug 984370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). Moderate CVE-2014-9839 SUSE bug 982969 SUSE bug 984379 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. Moderate CVE-2014-9840 SUSE bug 982969 SUSE bug 984433 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." Moderate CVE-2014-9841 SUSE bug 982969 SUSE bug 984172 SUSE bug 984186 SUSE bug 984374 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Moderate CVE-2014-9842 SUSE bug 982969 SUSE bug 984172 SUSE bug 984374 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. Moderate CVE-2014-9843 SUSE bug 1000697 SUSE bug 982969 SUSE bug 984179 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Moderate CVE-2014-9844 SUSE bug 982969 SUSE bug 984373 SUSE bug 984408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. Moderate CVE-2014-9845 SUSE bug 982969 SUSE bug 984394 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Moderate CVE-2014-9846 SUSE bug 982969 SUSE bug 983521 SUSE bug 984408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. Moderate CVE-2014-9847 SUSE bug 1040304 SUSE bug 982969 SUSE bug 984144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Moderate CVE-2014-9848 SUSE bug 982969 SUSE bug 984404 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). Moderate CVE-2014-9849 SUSE bug 982969 SUSE bug 984018 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Moderate CVE-2014-9850 SUSE bug 982969 SUSE bug 984149 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Moderate CVE-2014-9851 SUSE bug 1106989 SUSE bug 1106996 SUSE bug 982969 SUSE bug 984160 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. Moderate CVE-2014-9852 SUSE bug 982969 SUSE bug 984191 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Moderate CVE-2014-9853 SUSE bug 982969 SUSE bug 984408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." Moderate CVE-2014-9854 SUSE bug 982969 SUSE bug 984184 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call. Moderate CVE-2014-9904 SUSE bug 986811 SUSE bug 986941 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Moderate CVE-2014-9913 SUSE bug 1013993 SUSE bug 1159417 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. Moderate CVE-2014-9914 SUSE bug 1023997 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. Moderate CVE-2014-9915 SUSE bug 1016575 SUSE bug 1017306 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. Moderate CVE-2014-9922 SUSE bug 1032340 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. Moderate CVE-2014-9939 SUSE bug 1030296 SUSE bug 1105209 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. Important CVE-2014-9940 SUSE bug 1037307 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. Moderate CVE-2015-0138 SUSE bug 952088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Moderate CVE-2015-0192 SUSE bug 952088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. Critical CVE-2015-0204 SUSE bug 912014 SUSE bug 920482 SUSE bug 920484 SUSE bug 927591 SUSE bug 927623 SUSE bug 952088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. Moderate CVE-2015-0205 SUSE bug 912293 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. Moderate CVE-2015-0206 SUSE bug 912292 SUSE bug 927623 SUSE bug 937891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Critical CVE-2015-0209 SUSE bug 919648 SUSE bug 936586 SUSE bug 937891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. Moderate CVE-2015-0210 SUSE bug 915323 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Moderate CVE-2015-0228 SUSE bug 918352 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. Moderate CVE-2015-0236 SUSE bug 914693 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. Important CVE-2015-0240 SUSE bug 917376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. Moderate CVE-2015-0245 SUSE bug 1003898 SUSE bug 916343 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. Moderate CVE-2015-0247 SUSE bug 1123790 SUSE bug 915402 SUSE bug 918346 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Moderate CVE-2015-0252 SUSE bug 920810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. Moderate CVE-2015-0253 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. Moderate CVE-2015-0254 SUSE bug 920813 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. Moderate CVE-2015-0255 SUSE bug 915810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. Moderate CVE-2015-0261 SUSE bug 922220 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. Moderate CVE-2015-0275 SUSE bug 919032 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Critical CVE-2015-0286 SUSE bug 919648 SUSE bug 922496 SUSE bug 936586 SUSE bug 937891 SUSE bug 951391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. Critical CVE-2015-0287 SUSE bug 919648 SUSE bug 922499 SUSE bug 936586 SUSE bug 937891 SUSE bug 968888 SUSE bug 991722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. Critical CVE-2015-0288 SUSE bug 919648 SUSE bug 920236 SUSE bug 936586 SUSE bug 937891 SUSE bug 951391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. Critical CVE-2015-0289 SUSE bug 919648 SUSE bug 922500 SUSE bug 936586 SUSE bug 937891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. Critical CVE-2015-0293 SUSE bug 919648 SUSE bug 922488 SUSE bug 936586 SUSE bug 968044 SUSE bug 968051 SUSE bug 968053 SUSE bug 986238 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. Low CVE-2015-0294 SUSE bug 919938 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. Low CVE-2015-0295 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 SUSE bug 936523 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. Moderate CVE-2015-0374 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. Moderate CVE-2015-0381 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. Moderate CVE-2015-0382 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. Moderate CVE-2015-0383 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Moderate CVE-2015-0391 SUSE bug 914058 SUSE bug 915913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2015-0395 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Moderate CVE-2015-0400 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Moderate CVE-2015-0407 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Moderate CVE-2015-0408 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. Moderate CVE-2015-0410 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. Moderate CVE-2015-0411 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Moderate CVE-2015-0412 SUSE bug 914041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Moderate CVE-2015-0432 SUSE bug 914058 SUSE bug 915911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Moderate CVE-2015-0433 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. Moderate CVE-2015-0441 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Important CVE-2015-0458 SUSE bug 927591 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. Important CVE-2015-0459 SUSE bug 927591 SUSE bug 932310 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Moderate CVE-2015-0460 SUSE bug 927591 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2015-0469 SUSE bug 927591 SUSE bug 932310 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. Moderate CVE-2015-0477 SUSE bug 927591 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. Low CVE-2015-0478 SUSE bug 927591 SUSE bug 944456 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. Moderate CVE-2015-0480 SUSE bug 927591 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Moderate CVE-2015-0486 SUSE bug 927591 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. Moderate CVE-2015-0488 SUSE bug 927591 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. Important CVE-2015-0491 SUSE bug 927591 SUSE bug 932310 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Moderate CVE-2015-0499 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Moderate CVE-2015-0501 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Moderate CVE-2015-0505 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. Moderate CVE-2015-0559 SUSE bug 912365 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-0560 SUSE bug 912365 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. Moderate CVE-2015-0561 SUSE bug 912368 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. Moderate CVE-2015-0562 SUSE bug 912369 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-0563 SUSE bug 912370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. Moderate CVE-2015-0564 SUSE bug 912372 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. Important CVE-2015-0797 SUSE bug 927559 SUSE bug 930622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. Moderate CVE-2015-0801 SUSE bug 925368 SUSE bug 925401 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. Moderate CVE-2015-0807 SUSE bug 913068 SUSE bug 925368 SUSE bug 925398 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. Moderate CVE-2015-0813 SUSE bug 925368 SUSE bug 925393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-0814 SUSE bug 925368 SUSE bug 925392 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-0815 SUSE bug 925368 SUSE bug 925392 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. Moderate CVE-2015-0816 SUSE bug 925368 SUSE bug 925395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. Moderate CVE-2015-0817 SUSE bug 923495 SUSE bug 923534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. Moderate CVE-2015-0818 SUSE bug 923495 SUSE bug 923534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. Important CVE-2015-0822 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Important CVE-2015-0827 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Important CVE-2015-0831 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2015-0835 SUSE bug 910669 SUSE bug 917597 SUSE bug 924515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2015-0836 SUSE bug 910669 SUSE bug 917597 SUSE bug 923534 SUSE bug 924515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." Moderate CVE-2015-0837 SUSE bug 920057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). Low CVE-2015-0840 SUSE bug 926749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. Moderate CVE-2015-0973 SUSE bug 912929 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. Moderate CVE-2015-1027 SUSE bug 919298 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Low CVE-2015-1038 SUSE bug 912878 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Moderate CVE-2015-1071 SUSE bug 923223 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Moderate CVE-2015-1076 SUSE bug 923223 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Moderate CVE-2015-1081 SUSE bug 923223 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. Moderate CVE-2015-1083 SUSE bug 923223 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. Moderate CVE-2015-1120 SUSE bug 928380 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4. Moderate CVE-2015-1122 SUSE bug 1082221 SUSE bug 928380 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries. Moderate CVE-2015-1127 SUSE bug 928380 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. Moderate CVE-2015-1142857 SUSE bug 1077355 SUSE bug 1091815 SUSE bug 1105108 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. Moderate CVE-2015-1153 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. Moderate CVE-2015-1155 SUSE bug 1082221 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. Important CVE-2015-1158 SUSE bug 924208 SUSE bug 976653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. Important CVE-2015-1159 SUSE bug 924208 SUSE bug 976653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. Moderate CVE-2015-1191 SUSE bug 913627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Moderate CVE-2015-1196 SUSE bug 913678 SUSE bug 915329 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. Moderate CVE-2015-1283 SUSE bug 1034050 SUSE bug 939077 SUSE bug 979441 SUSE bug 980391 SUSE bug 983985 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. Low CVE-2015-1349 SUSE bug 918330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. Low CVE-2015-1350 SUSE bug 1052256 SUSE bug 914939 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Low CVE-2015-1395 SUSE bug 915328 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. Low CVE-2015-1396 SUSE bug 915329 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Moderate CVE-2015-1419 SUSE bug 900326 SUSE bug 915522 SUSE bug 922024 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." Important CVE-2015-1461 SUSE bug 1040662 SUSE bug 916217 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." Important CVE-2015-1462 SUSE bug 1040662 SUSE bug 916214 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." Moderate CVE-2015-1463 SUSE bug 1040662 SUSE bug 916215 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. Moderate CVE-2015-1472 SUSE bug 916222 SUSE bug 920341 SUSE bug 922243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. Moderate CVE-2015-1473 SUSE bug 916222 SUSE bug 920341 SUSE bug 922243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. Moderate CVE-2015-1545 SUSE bug 846389 SUSE bug 916897 SUSE bug 916914 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. Moderate CVE-2015-1546 SUSE bug 916914 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. Moderate CVE-2015-1547 SUSE bug 914890 SUSE bug 916925 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. Low CVE-2015-1572 SUSE bug 1123790 SUSE bug 915402 SUSE bug 918346 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. Moderate CVE-2015-1593 SUSE bug 1044934 SUSE bug 917839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. Low CVE-2015-1606 SUSE bug 918089 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." Low CVE-2015-1607 SUSE bug 918090 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. Moderate CVE-2015-1779 SUSE bug 924018 SUSE bug 962632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. Moderate CVE-2015-1781 SUSE bug 927080 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. Important CVE-2015-1782 SUSE bug 921070 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. Moderate CVE-2015-1788 SUSE bug 934487 SUSE bug 936586 SUSE bug 937891 SUSE bug 938432 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. Moderate CVE-2015-1789 SUSE bug 934489 SUSE bug 936586 SUSE bug 937891 SUSE bug 938432 SUSE bug 951391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. Moderate CVE-2015-1790 SUSE bug 934491 SUSE bug 936586 SUSE bug 938432 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. Moderate CVE-2015-1791 SUSE bug 933911 SUSE bug 986238 SUSE bug 989464 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. Moderate CVE-2015-1792 SUSE bug 934493 SUSE bug 937891 SUSE bug 986238 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. Important CVE-2015-1798 SUSE bug 924202 SUSE bug 927497 SUSE bug 928321 SUSE bug 936327 SUSE bug 957163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. Important CVE-2015-1799 SUSE bug 924202 SUSE bug 927497 SUSE bug 928321 SUSE bug 936327 SUSE bug 943565 SUSE bug 957163 SUSE bug 959243 SUSE bug 962624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. Moderate CVE-2015-1802 SUSE bug 921978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. Moderate CVE-2015-1803 SUSE bug 921978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. Moderate CVE-2015-1804 SUSE bug 921978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." Moderate CVE-2015-1805 SUSE bug 917839 SUSE bug 933429 SUSE bug 939270 SUSE bug 964730 SUSE bug 964732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Moderate CVE-2015-1819 SUSE bug 1123919 SUSE bug 928193 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. Moderate CVE-2015-1855 SUSE bug 926974 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Moderate CVE-2015-1858 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Moderate CVE-2015-1859 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Moderate CVE-2015-1860 SUSE bug 921999 SUSE bug 927806 SUSE bug 927807 SUSE bug 927808 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. Moderate CVE-2015-1863 SUSE bug 915323 SUSE bug 927558 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. Moderate CVE-2015-1914 SUSE bug 952088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2015-1931 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 SUSE bug 939382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. Low CVE-2015-2059 SUSE bug 1173590 SUSE bug 919214 SUSE bug 923241 SUSE bug 937096 SUSE bug 937097 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). Moderate CVE-2015-2153 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. Moderate CVE-2015-2154 SUSE bug 922222 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Moderate CVE-2015-2155 SUSE bug 922220 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Moderate CVE-2015-2170 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. Moderate CVE-2015-2188 SUSE bug 920696 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. Moderate CVE-2015-2189 SUSE bug 920697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. Moderate CVE-2015-2191 SUSE bug 920699 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Moderate CVE-2015-2221 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Moderate CVE-2015-2222 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. Moderate CVE-2015-2265 SUSE bug 921753 SUSE bug 937018 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Moderate CVE-2015-2296 SUSE bug 922448 SUSE bug 926396 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Moderate CVE-2015-2304 SUSE bug 920870 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Moderate CVE-2015-2305 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922022 SUSE bug 922028 SUSE bug 922030 SUSE bug 922043 SUSE bug 922560 SUSE bug 922567 SUSE bug 929192 SUSE bug 980366 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. Moderate CVE-2015-2325 SUSE bug 924960 SUSE bug 933288 SUSE bug 936408 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". Moderate CVE-2015-2326 SUSE bug 924960 SUSE bug 924961 SUSE bug 933288 SUSE bug 936408 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-2327 SUSE bug 906574 SUSE bug 957567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-2328 SUSE bug 906574 SUSE bug 957600 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. Moderate CVE-2015-2330 SUSE bug 922895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. Moderate CVE-2015-2331 SUSE bug 922894 SUSE bug 923240 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-2568 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Moderate CVE-2015-2571 SUSE bug 927623 SUSE bug 936408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Moderate CVE-2015-2573 SUSE bug 927623 SUSE bug 936409 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. Important CVE-2015-2590 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. Important CVE-2015-2597 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Important CVE-2015-2601 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. Moderate CVE-2015-2613 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 SUSE bug 951727 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Important CVE-2015-2619 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX. Important CVE-2015-2621 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. Important CVE-2015-2625 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation. Important CVE-2015-2627 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. Important CVE-2015-2628 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Important CVE-2015-2632 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Important CVE-2015-2637 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2015-2638 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security. Important CVE-2015-2659 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Important CVE-2015-2664 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. Moderate CVE-2015-2666 SUSE bug 922944 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. Moderate CVE-2015-2668 SUSE bug 1040662 SUSE bug 921950 SUSE bug 922560 SUSE bug 929192 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. Moderate CVE-2015-2694 SUSE bug 928978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. Important CVE-2015-2695 SUSE bug 770172 SUSE bug 952188 SUSE bug 969771 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. Important CVE-2015-2696 SUSE bug 770172 SUSE bug 952189 SUSE bug 954204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. Moderate CVE-2015-2697 SUSE bug 770172 SUSE bug 952190 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696. Moderate CVE-2015-2698 SUSE bug 770172 SUSE bug 954204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-2708 SUSE bug 930622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-2709 SUSE bug 930622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. Critical CVE-2015-2710 SUSE bug 930622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. Critical CVE-2015-2713 SUSE bug 930622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. Critical CVE-2015-2716 SUSE bug 930622 SUSE bug 939077 SUSE bug 980391 SUSE bug 983985 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Moderate CVE-2015-2721 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker. Moderate CVE-2015-2722 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-2724 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-2725 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2015-2726 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. Moderate CVE-2015-2728 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Moderate CVE-2015-2730 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker. Moderate CVE-2015-2733 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2734 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. Moderate CVE-2015-2735 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. Moderate CVE-2015-2736 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2737 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2738 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. Moderate CVE-2015-2739 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors. Moderate CVE-2015-2740 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass. Moderate CVE-2015-2743 SUSE bug 935979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. Moderate CVE-2015-2775 SUSE bug 925502 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Moderate CVE-2015-2806 SUSE bug 924828 SUSE bug 929414 SUSE bug 961491 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. Important CVE-2015-2808 SUSE bug 925378 SUSE bug 938248 SUSE bug 938895 SUSE bug 952088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. Moderate CVE-2015-2924 SUSE bug 926223 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). Low CVE-2015-3138 SUSE bug 927637 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. Moderate CVE-2015-3143 SUSE bug 927556 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." Moderate CVE-2015-3144 SUSE bug 927608 SUSE bug 951391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. Moderate CVE-2015-3145 SUSE bug 927607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Moderate CVE-2015-3148 SUSE bug 1092962 SUSE bug 927746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Moderate CVE-2015-3152 SUSE bug 1037590 SUSE bug 1047059 SUSE bug 1088681 SUSE bug 924663 SUSE bug 928962 SUSE bug 936407 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. Moderate CVE-2015-3153 SUSE bug 928533 SUSE bug 951391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. Important CVE-2015-3164 SUSE bug 1177201 SUSE bug 934102 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. Moderate CVE-2015-3165 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. Moderate CVE-2015-3166 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. Moderate CVE-2015-3167 SUSE bug 931972 SUSE bug 931973 SUSE bug 931974 SUSE bug 932040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Moderate CVE-2015-3194 SUSE bug 957812 SUSE bug 957815 SUSE bug 958768 SUSE bug 976341 SUSE bug 990370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. Moderate CVE-2015-3195 SUSE bug 923755 SUSE bug 957812 SUSE bug 957815 SUSE bug 958768 SUSE bug 963977 SUSE bug 986238 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. Moderate CVE-2015-3196 SUSE bug 957813 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. Low CVE-2015-3197 SUSE bug 963410 SUSE bug 963415 SUSE bug 968044 SUSE bug 968046 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. Moderate CVE-2015-3202 SUSE bug 931452 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Important CVE-2015-3209 SUSE bug 932267 SUSE bug 932770 SUSE bug 932823 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. Low CVE-2015-3210 SUSE bug 933288 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. Moderate CVE-2015-3216 SUSE bug 933898 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. Moderate CVE-2015-3217 SUSE bug 933878 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. Moderate CVE-2015-3218 SUSE bug 933922 SUSE bug 943816 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. Important CVE-2015-3223 SUSE bug 958581 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. Moderate CVE-2015-3225 SUSE bug 934797 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. Moderate CVE-2015-3226 SUSE bug 934799 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. Moderate CVE-2015-3227 SUSE bug 934800 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. Moderate CVE-2015-3228 SUSE bug 939342 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. Moderate CVE-2015-3238 SUSE bug 1123794 SUSE bug 934920 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. Important CVE-2015-3247 SUSE bug 944460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. Moderate CVE-2015-3255 SUSE bug 939246 SUSE bug 943816 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation." Moderate CVE-2015-3256 SUSE bug 943816 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. Moderate CVE-2015-3258 SUSE bug 921753 SUSE bug 936281 SUSE bug 937018 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. Moderate CVE-2015-3259 SUSE bug 935634 SUSE bug 936281 SUSE bug 937018 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. Moderate CVE-2015-3279 SUSE bug 921753 SUSE bug 936281 SUSE bug 937018 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. Moderate CVE-2015-3288 SUSE bug 979021 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. Important CVE-2015-3290 SUSE bug 937969 SUSE bug 937970 SUSE bug 938706 SUSE bug 939207 SUSE bug 939269 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. Low CVE-2015-3291 SUSE bug 937969 SUSE bug 937970 SUSE bug 938706 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. Moderate CVE-2015-3294 SUSE bug 923144 SUSE bug 928867 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. Moderate CVE-2015-3310 SUSE bug 927841 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Low CVE-2015-3340 SUSE bug 927967 SUSE bug 929339 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. Moderate CVE-2015-3405 SUSE bug 924202 SUSE bug 928321 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. Moderate CVE-2015-3414 SUSE bug 1085790 SUSE bug 1190372 SUSE bug 1193078 SUSE bug 928700 SUSE bug 928701 SUSE bug 928702 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. Moderate CVE-2015-3415 SUSE bug 1190372 SUSE bug 928700 SUSE bug 928701 SUSE bug 928702 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. Moderate CVE-2015-3416 SUSE bug 1190372 SUSE bug 928700 SUSE bug 928701 SUSE bug 928702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. Moderate CVE-2015-3418 SUSE bug 928520 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. Low CVE-2015-3448 SUSE bug 917802 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. Low CVE-2015-3451 SUSE bug 929237 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Moderate CVE-2015-3456 SUSE bug 929339 SUSE bug 932770 SUSE bug 935900 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Low CVE-2015-3622 SUSE bug 929414 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication. Moderate CVE-2015-3644 SUSE bug 1177580 SUSE bug 931517 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. Moderate CVE-2015-3658 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Moderate CVE-2015-3659 SUSE bug 936835 SUSE bug 936836 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. Moderate CVE-2015-3727 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Moderate CVE-2015-3731 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Moderate CVE-2015-3741 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Moderate CVE-2015-3743 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Moderate CVE-2015-3745 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Moderate CVE-2015-3747 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Moderate CVE-2015-3748 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. Moderate CVE-2015-3749 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request. Moderate CVE-2015-3752 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. Moderate CVE-2015-3811 SUSE bug 930689 SUSE bug 930691 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. Moderate CVE-2015-3812 SUSE bug 930689 SUSE bug 930691 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet. Moderate CVE-2015-3813 SUSE bug 930689 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2015-3814 SUSE bug 930689 SUSE bug 930691 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." Important CVE-2015-3900 SUSE bug 936032 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Important CVE-2015-3908 SUSE bug 938161 SUSE bug 938399 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Important CVE-2015-4000 SUSE bug 1074631 SUSE bug 931600 SUSE bug 931698 SUSE bug 931723 SUSE bug 931845 SUSE bug 932026 SUSE bug 932483 SUSE bug 934789 SUSE bug 935033 SUSE bug 935540 SUSE bug 935979 SUSE bug 937202 SUSE bug 937766 SUSE bug 938248 SUSE bug 938432 SUSE bug 938895 SUSE bug 938905 SUSE bug 938906 SUSE bug 938913 SUSE bug 938945 SUSE bug 943664 SUSE bug 944729 SUSE bug 945582 SUSE bug 955589 SUSE bug 980406 SUSE bug 990592 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. Moderate CVE-2015-4037 SUSE bug 932267 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. Moderate CVE-2015-4041 SUSE bug 928749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. Moderate CVE-2015-4042 SUSE bug 928749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. Moderate CVE-2015-4047 SUSE bug 931989 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. Moderate CVE-2015-4103 SUSE bug 931625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. Moderate CVE-2015-4104 SUSE bug 931626 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. Moderate CVE-2015-4105 SUSE bug 931627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. Moderate CVE-2015-4106 SUSE bug 931628 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. Moderate CVE-2015-4141 SUSE bug 915323 SUSE bug 930077 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. Moderate CVE-2015-4142 SUSE bug 915323 SUSE bug 930078 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. Moderate CVE-2015-4143 SUSE bug 930079 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. Moderate CVE-2015-4167 SUSE bug 917839 SUSE bug 933907 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. Low CVE-2015-4171 SUSE bug 931845 SUSE bug 933591 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file. Moderate CVE-2015-4467 SUSE bug 934524 SUSE bug 934525 SUSE bug 934529 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. Moderate CVE-2015-4468 SUSE bug 934524 SUSE bug 934526 SUSE bug 934529 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file. Moderate CVE-2015-4469 SUSE bug 934524 SUSE bug 934526 SUSE bug 934529 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. Moderate CVE-2015-4470 SUSE bug 934527 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive. Moderate CVE-2015-4471 SUSE bug 934528 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file. Moderate CVE-2015-4472 SUSE bug 934525 SUSE bug 934529 SUSE bug 934533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2015-4473 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-4474 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. Important CVE-2015-4475 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. Important CVE-2015-4478 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data. Important CVE-2015-4479 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. Important CVE-2015-4484 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. Important CVE-2015-4485 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data. Important CVE-2015-4486 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-4487 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. Important CVE-2015-4488 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. Important CVE-2015-4489 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. Moderate CVE-2015-4491 SUSE bug 940806 SUSE bug 942801 SUSE bug 948790 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. Important CVE-2015-4492 SUSE bug 940806 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Moderate CVE-2015-4495 SUSE bug 940806 SUSE bug 940918 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element. Moderate CVE-2015-4497 SUSE bug 943550 SUSE bug 943557 SUSE bug 943608 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. Moderate CVE-2015-4498 SUSE bug 943550 SUSE bug 943558 SUSE bug 943608 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-4500 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-4501 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. Moderate CVE-2015-4506 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. Critical CVE-2015-4509 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. Important CVE-2015-4511 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2015-4513 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-4517 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. Moderate CVE-2015-4519 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. Important CVE-2015-4520 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-4521 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-4522 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. Moderate CVE-2015-4620 SUSE bug 936476 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value. Low CVE-2015-4625 SUSE bug 935119 SUSE bug 943816 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. Moderate CVE-2015-4680 SUSE bug 935573 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. Important CVE-2015-4729 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Important CVE-2015-4731 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. Important CVE-2015-4732 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Important CVE-2015-4733 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. Moderate CVE-2015-4734 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Important CVE-2015-4736 SUSE bug 937828 SUSE bug 938248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Important CVE-2015-4748 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. Important CVE-2015-4749 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2015-4760 SUSE bug 937828 SUSE bug 938248 SUSE bug 938895 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. Moderate CVE-2015-4766 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-4791 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. Moderate CVE-2015-4792 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Moderate CVE-2015-4800 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. Moderate CVE-2015-4802 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. Moderate CVE-2015-4803 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. Moderate CVE-2015-4805 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Moderate CVE-2015-4806 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. Moderate CVE-2015-4807 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Moderate CVE-2015-4810 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. Moderate CVE-2015-4815 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4816 SUSE bug 951391 SUSE bug 958790 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. Moderate CVE-2015-4819 SUSE bug 951391 SUSE bug 958790 SUSE bug 969667 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. Moderate CVE-2015-4826 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-4830 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. Moderate CVE-2015-4833 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. Moderate CVE-2015-4835 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Moderate CVE-2015-4836 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. Moderate CVE-2015-4840 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. Moderate CVE-2015-4842 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2015-4843 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Moderate CVE-2015-4844 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. Moderate CVE-2015-4858 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. Moderate CVE-2015-4860 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4861 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2015-4862 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Moderate CVE-2015-4864 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4866 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Moderate CVE-2015-4868 SUSE bug 951376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. Moderate CVE-2015-4870 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Moderate CVE-2015-4871 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. Moderate CVE-2015-4872 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. Moderate CVE-2015-4879 SUSE bug 951391 SUSE bug 958790 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. Critical CVE-2015-4881 SUSE bug 951376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. Moderate CVE-2015-4882 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. Moderate CVE-2015-4883 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. Moderate CVE-2015-4890 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. Moderate CVE-2015-4893 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Moderate CVE-2015-4895 SUSE bug 951391 SUSE bug 958790 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. Moderate CVE-2015-4901 SUSE bug 951376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Moderate CVE-2015-4902 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. Moderate CVE-2015-4903 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. Moderate CVE-2015-4904 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. Moderate CVE-2015-4905 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916. Moderate CVE-2015-4906 SUSE bug 951376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916. Moderate CVE-2015-4908 SUSE bug 951376 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. Moderate CVE-2015-4910 SUSE bug 951391 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. Moderate CVE-2015-4911 SUSE bug 951376 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. Moderate CVE-2015-4913 SUSE bug 951391 SUSE bug 958789 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. Moderate CVE-2015-4916 SUSE bug 951376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. Moderate CVE-2015-5006 SUSE bug 955131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. Moderate CVE-2015-5041 SUSE bug 960402 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. Low CVE-2015-5073 SUSE bug 936227 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Moderate CVE-2015-5130 SUSE bug 941239 SUSE bug 952254 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Moderate CVE-2015-5154 SUSE bug 938344 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. Moderate CVE-2015-5156 SUSE bug 1091815 SUSE bug 1123903 SUSE bug 940776 SUSE bug 945048 SUSE bug 951638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. Important CVE-2015-5157 SUSE bug 937969 SUSE bug 937970 SUSE bug 938706 SUSE bug 939207 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. Moderate CVE-2015-5174 SUSE bug 967967 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Moderate CVE-2015-5185 SUSE bug 942628 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Moderate CVE-2015-5191 SUSE bug 1007600 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. Moderate CVE-2015-5198 SUSE bug 943967 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. Moderate CVE-2015-5199 SUSE bug 943968 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. Moderate CVE-2015-5200 SUSE bug 943969 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Moderate CVE-2015-5203 SUSE bug 1178702 SUSE bug 941919 SUSE bug 942553 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. Low CVE-2015-5218 SUSE bug 949754 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. Low CVE-2015-5219 SUSE bug 1010964 SUSE bug 943216 SUSE bug 943218 SUSE bug 943219 SUSE bug 943221 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Important CVE-2015-5221 SUSE bug 1178702 SUSE bug 942553 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. Moderate CVE-2015-5225 SUSE bug 942845 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Moderate CVE-2015-5239 SUSE bug 944463 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. Moderate CVE-2015-5244 SUSE bug 945905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. Moderate CVE-2015-5247 SUSE bug 945645 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. Moderate CVE-2015-5252 SUSE bug 958582 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. Important CVE-2015-5260 SUSE bug 944787 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Important CVE-2015-5261 SUSE bug 948976 SUSE bug 982386 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. Important CVE-2015-5262 SUSE bug 1120767 SUSE bug 945190 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. Low CVE-2015-5276 SUSE bug 945842 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Moderate CVE-2015-5278 SUSE bug 945989 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Moderate CVE-2015-5279 SUSE bug 945987 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt. Moderate CVE-2015-5288 SUSE bug 949669 SUSE bug 949670 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values. Moderate CVE-2015-5289 SUSE bug 949669 SUSE bug 949670 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. Moderate CVE-2015-5296 SUSE bug 1058622 SUSE bug 958584 SUSE bug 973031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory. Moderate CVE-2015-5299 SUSE bug 958583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). Moderate CVE-2015-5300 SUSE bug 951629 SUSE bug 959243 SUSE bug 962624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. Moderate CVE-2015-5307 SUSE bug 953527 SUSE bug 954018 SUSE bug 954404 SUSE bug 954405 SUSE bug 962977 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. Moderate CVE-2015-5310 SUSE bug 952254 SUSE bug 953115 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. Moderate CVE-2015-5312 SUSE bug 1123919 SUSE bug 957105 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. Moderate CVE-2015-5313 SUSE bug 953110 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value. Moderate CVE-2015-5330 SUSE bug 958581 SUSE bug 958586 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. Moderate CVE-2015-5345 SUSE bug 967965 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. Moderate CVE-2015-5346 SUSE bug 967814 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. Moderate CVE-2015-5351 SUSE bug 967812 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. Moderate CVE-2015-5352 SUSE bug 1074631 SUSE bug 1138392 SUSE bug 936695 SUSE bug 938277 SUSE bug 948086 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. Important CVE-2015-5370 SUSE bug 936862 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. Moderate CVE-2015-5380 SUSE bug 937414 SUSE bug 937416 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. Moderate CVE-2015-5400 SUSE bug 938715 SUSE bug 967073 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. Moderate CVE-2015-5477 SUSE bug 1000362 SUSE bug 939567 SUSE bug 980168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. Moderate CVE-2015-5600 SUSE bug 1009988 SUSE bug 1074631 SUSE bug 1138392 SUSE bug 938746 SUSE bug 943006 SUSE bug 943007 SUSE bug 943010 SUSE bug 943504 SUSE bug 945985 SUSE bug 948086 SUSE bug 954457 SUSE bug 957883 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. Moderate CVE-2015-5621 SUSE bug 1111123 SUSE bug 940188 SUSE bug 969779 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Designate does not enforce the DNS protocol limit concerning record set sizes Moderate CVE-2015-5694 SUSE bug 1158204 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. Important CVE-2015-5722 SUSE bug 944066 SUSE bug 944107 SUSE bug 954983 SUSE bug 958861 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. Low CVE-2015-5745 SUSE bug 940929 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. Moderate CVE-2015-5788 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Moderate CVE-2015-5794 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Moderate CVE-2015-5801 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Moderate CVE-2015-5809 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Moderate CVE-2015-5822 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. Moderate CVE-2015-5928 SUSE bug 971460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. Moderate CVE-2015-5969 SUSE bug 957174 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. Important CVE-2015-6240 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Moderate CVE-2015-6251 SUSE bug 941794 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet. Moderate CVE-2015-6496 SUSE bug 942149 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. Low CVE-2015-6525 SUSE bug 897243 SUSE bug 943011 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Moderate CVE-2015-6563 SUSE bug 1074631 SUSE bug 943006 SUSE bug 943007 SUSE bug 943010 SUSE bug 948086 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Moderate CVE-2015-6564 SUSE bug 1074631 SUSE bug 1138392 SUSE bug 942850 SUSE bug 943006 SUSE bug 943007 SUSE bug 943010 SUSE bug 948086 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. Moderate CVE-2015-6749 SUSE bug 943795 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. Low CVE-2015-6815 SUSE bug 944697 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. Low CVE-2015-6855 SUSE bug 945404 SUSE bug 965156 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. Important CVE-2015-6908 SUSE bug 945582 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. Moderate CVE-2015-6937 SUSE bug 923755 SUSE bug 945825 SUSE bug 952384 SUSE bug 953052 SUSE bug 963994 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-7174 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." Important CVE-2015-7175 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-7176 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-7177 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Important CVE-2015-7180 SUSE bug 947003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. Important CVE-2015-7181 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. Important CVE-2015-7182 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Important CVE-2015-7183 SUSE bug 952810 SUSE bug 962977 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. Important CVE-2015-7188 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. Important CVE-2015-7189 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. Important CVE-2015-7193 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. Important CVE-2015-7194 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. Important CVE-2015-7196 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. Important CVE-2015-7197 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. Important CVE-2015-7198 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. Important CVE-2015-7199 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. Important CVE-2015-7200 SUSE bug 952810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-7201 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2015-7202 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. Important CVE-2015-7205 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. Critical CVE-2015-7210 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. Moderate CVE-2015-7212 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. Important CVE-2015-7213 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. Important CVE-2015-7214 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. Important CVE-2015-7222 SUSE bug 959277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. Moderate CVE-2015-7236 SUSE bug 940191 SUSE bug 946204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. Moderate CVE-2015-7295 SUSE bug 947159 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. Low CVE-2015-7311 SUSE bug 947165 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. Moderate CVE-2015-7497 SUSE bug 1123919 SUSE bug 957106 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. Moderate CVE-2015-7498 SUSE bug 1123919 SUSE bug 957107 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Moderate CVE-2015-7499 SUSE bug 1123919 SUSE bug 957109 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. Moderate CVE-2015-7500 SUSE bug 1123919 SUSE bug 957110 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. Moderate CVE-2015-7504 SUSE bug 956411 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. Moderate CVE-2015-7511 SUSE bug 965902 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Important CVE-2015-7512 SUSE bug 957162 SUSE bug 962360 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Important CVE-2015-7547 SUSE bug 1077097 SUSE bug 847227 SUSE bug 961721 SUSE bug 967023 SUSE bug 967061 SUSE bug 967072 SUSE bug 967496 SUSE bug 969216 SUSE bug 969241 SUSE bug 969591 SUSE bug 986086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. Low CVE-2015-7549 SUSE bug 958917 SUSE bug 958918 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. Moderate CVE-2015-7551 SUSE bug 939860 SUSE bug 959495 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file. Moderate CVE-2015-7552 SUSE bug 958963 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. Important CVE-2015-7554 SUSE bug 1007276 SUSE bug 1017690 SUSE bug 1040322 SUSE bug 960341 SUSE bug 974621 SUSE bug 983436 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. Moderate CVE-2015-7555 SUSE bug 960319 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. Moderate CVE-2015-7559 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. Moderate CVE-2015-7560 SUSE bug 968222 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint. Low CVE-2015-7566 SUSE bug 961512 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Moderate CVE-2015-7575 SUSE bug 959888 SUSE bug 960402 SUSE bug 960996 SUSE bug 961280 SUSE bug 961281 SUSE bug 961282 SUSE bug 961283 SUSE bug 961284 SUSE bug 961290 SUSE bug 961357 SUSE bug 962743 SUSE bug 963937 SUSE bug 967521 SUSE bug 981087 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. Moderate CVE-2015-7576 SUSE bug 963329 SUSE bug 963563 SUSE bug 970715 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. Moderate CVE-2015-7577 SUSE bug 963330 SUSE bug 963604 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route. Moderate CVE-2015-7581 SUSE bug 963335 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. Important CVE-2015-7613 SUSE bug 923755 SUSE bug 948536 SUSE bug 948701 SUSE bug 963994 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file. Moderate CVE-2015-7673 SUSE bug 948790 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. Moderate CVE-2015-7674 SUSE bug 948791 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Important CVE-2015-7691 SUSE bug 1010964 SUSE bug 911792 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Important CVE-2015-7692 SUSE bug 1010964 SUSE bug 911792 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. Moderate CVE-2015-7696 SUSE bug 1159417 SUSE bug 950110 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. Moderate CVE-2015-7697 SUSE bug 1159417 SUSE bug 950110 SUSE bug 950111 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). Moderate CVE-2015-7701 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. Important CVE-2015-7702 SUSE bug 1010964 SUSE bug 911792 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. Moderate CVE-2015-7703 SUSE bug 1010964 SUSE bug 943216 SUSE bug 943218 SUSE bug 943219 SUSE bug 943221 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. Moderate CVE-2015-7704 SUSE bug 1010964 SUSE bug 951608 SUSE bug 952611 SUSE bug 959243 SUSE bug 977446 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. Moderate CVE-2015-7705 SUSE bug 1010964 SUSE bug 951608 SUSE bug 952611 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. Moderate CVE-2015-7744 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. Low CVE-2015-7747 SUSE bug 949399 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. Moderate CVE-2015-7805 SUSE bug 953516 SUSE bug 953519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. Moderate CVE-2015-7830 SUSE bug 950437 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. Moderate CVE-2015-7833 SUSE bug 950998 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. Important CVE-2015-7835 SUSE bug 940929 SUSE bug 947159 SUSE bug 950367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. Moderate CVE-2015-7848 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. Moderate CVE-2015-7849 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. Moderate CVE-2015-7850 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. Moderate CVE-2015-7851 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. Moderate CVE-2015-7852 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. Moderate CVE-2015-7853 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. Moderate CVE-2015-7854 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. Moderate CVE-2015-7855 SUSE bug 1010964 SUSE bug 951608 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Moderate CVE-2015-7871 SUSE bug 1010964 SUSE bug 951608 SUSE bug 952606 SUSE bug 959243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. Low CVE-2015-7884 SUSE bug 1126909 SUSE bug 951626 SUSE bug 951627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. Low CVE-2015-7885 SUSE bug 1126909 SUSE bug 951626 SUSE bug 951627 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." Moderate CVE-2015-7940 SUSE bug 951727 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. Low CVE-2015-7941 SUSE bug 1123919 SUSE bug 951734 SUSE bug 951735 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Low CVE-2015-7942 SUSE bug 1123919 SUSE bug 951735 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. Moderate CVE-2015-7969 SUSE bug 950703 SUSE bug 950705 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. Moderate CVE-2015-7970 SUSE bug 950704 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properly handled in the do_xenoprof_op function in common/xenoprof.c, or (2) HYPERVISOR_xenpmu_op hypercalls, which are not properly handled in the do_xenpmu_op function in arch/x86/cpu/vpmu.c. Moderate CVE-2015-7971 SUSE bug 950706 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." Moderate CVE-2015-7972 SUSE bug 950704 SUSE bug 951845 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. Moderate CVE-2015-7973 SUSE bug 959243 SUSE bug 962995 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." Low CVE-2015-7974 SUSE bug 959243 SUSE bug 962960 SUSE bug 962995 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). Low CVE-2015-7975 SUSE bug 959243 SUSE bug 962988 SUSE bug 962995 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. Low CVE-2015-7976 SUSE bug 962802 SUSE bug 962995 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. Moderate CVE-2015-7977 SUSE bug 959243 SUSE bug 962970 SUSE bug 962995 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. Moderate CVE-2015-7978 SUSE bug 959243 SUSE bug 962970 SUSE bug 962995 SUSE bug 963000 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. Moderate CVE-2015-7979 SUSE bug 959243 SUSE bug 962784 SUSE bug 962995 SUSE bug 977459 SUSE bug 982065 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. Moderate CVE-2015-7981 SUSE bug 952051 SUSE bug 960402 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937. Low CVE-2015-7990 SUSE bug 945825 SUSE bug 952384 SUSE bug 953052 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. Low CVE-2015-7995 SUSE bug 1123130 SUSE bug 952474 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. Moderate CVE-2015-8000 SUSE bug 944066 SUSE bug 958861 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. Important CVE-2015-8023 SUSE bug 953817 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors. Moderate CVE-2015-8025 SUSE bug 952062 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Low CVE-2015-8035 SUSE bug 1088279 SUSE bug 1105166 SUSE bug 954429 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. Low CVE-2015-8041 SUSE bug 937419 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2015-8075 SUSE bug 953516 SUSE bug 953519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. Low CVE-2015-8079 SUSE bug 954210 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. Moderate CVE-2015-8104 SUSE bug 953527 SUSE bug 954018 SUSE bug 954404 SUSE bug 954405 SUSE bug 962977 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Moderate CVE-2015-8126 SUSE bug 954980 SUSE bug 958198 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 SUSE bug 969333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. Moderate CVE-2015-8138 SUSE bug 951608 SUSE bug 959243 SUSE bug 963002 SUSE bug 974668 SUSE bug 977446 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. Moderate CVE-2015-8139 SUSE bug 1010964 SUSE bug 959243 SUSE bug 962997 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. Moderate CVE-2015-8140 SUSE bug 1010964 SUSE bug 959243 SUSE bug 962994 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. Low CVE-2015-8158 SUSE bug 959243 SUSE bug 962966 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. Moderate CVE-2015-8241 SUSE bug 1123919 SUSE bug 956018 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. Moderate CVE-2015-8242 SUSE bug 1123919 SUSE bug 956021 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. Moderate CVE-2015-8317 SUSE bug 1123919 SUSE bug 956260 SUSE bug 959469 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. Moderate CVE-2015-8325 SUSE bug 1138392 SUSE bug 975865 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. Moderate CVE-2015-8327 SUSE bug 1027197 SUSE bug 957531 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. Moderate CVE-2015-8339 SUSE bug 956408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. Moderate CVE-2015-8340 SUSE bug 956408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains. Moderate CVE-2015-8341 SUSE bug 956409 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. Moderate CVE-2015-8345 SUSE bug 956829 SUSE bug 956832 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. Moderate CVE-2015-8370 SUSE bug 956631 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8380 SUSE bug 957566 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8381 SUSE bug 906574 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. Moderate CVE-2015-8382 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8383 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395. Moderate CVE-2015-8384 SUSE bug 906574 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8385 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8386 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8387 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8388 SUSE bug 936227 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8389 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8390 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8391 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395. Moderate CVE-2015-8392 SUSE bug 906574 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. Moderate CVE-2015-8393 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2015-8394 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392. Moderate CVE-2015-8395 SUSE bug 906574 SUSE bug 957598 SUSE bug 958373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. Moderate CVE-2015-8467 SUSE bug 958585 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. Moderate CVE-2015-8472 SUSE bug 954980 SUSE bug 958198 SUSE bug 960402 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Moderate CVE-2015-8504 SUSE bug 958491 SUSE bug 958493 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. Important CVE-2015-8539 SUSE bug 781018 SUSE bug 958463 SUSE bug 958601 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. Moderate CVE-2015-8540 SUSE bug 1149680 SUSE bug 958791 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. Moderate CVE-2015-8543 SUSE bug 1052256 SUSE bug 923755 SUSE bug 958886 SUSE bug 963994 SUSE bug 969522 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. Important CVE-2015-8550 SUSE bug 1052256 SUSE bug 957988 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." Moderate CVE-2015-8554 SUSE bug 958007 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. Moderate CVE-2015-8555 SUSE bug 958009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. Moderate CVE-2015-8558 SUSE bug 959005 SUSE bug 959006 SUSE bug 976109 SUSE bug 976111 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. Moderate CVE-2015-8560 SUSE bug 1027197 SUSE bug 957531 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Low CVE-2015-8567 SUSE bug 959386 SUSE bug 959387 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. Low CVE-2015-8568 SUSE bug 959386 SUSE bug 959387 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. Moderate CVE-2015-8605 SUSE bug 961305 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. Low CVE-2015-8613 SUSE bug 961358 SUSE bug 961556 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ). Moderate CVE-2015-8615 SUSE bug 960093 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). Low CVE-2015-8619 SUSE bug 960334 SUSE bug 965269 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. Low CVE-2015-8629 SUSE bug 770172 SUSE bug 963968 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. Low CVE-2015-8630 SUSE bug 963964 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. Moderate CVE-2015-8631 SUSE bug 963975 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. Moderate CVE-2015-8704 SUSE bug 962189 SUSE bug 962190 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here." Moderate CVE-2015-8709 SUSE bug 1010933 SUSE bug 959709 SUSE bug 960561 SUSE bug 960563 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. Moderate CVE-2015-8710 SUSE bug 1123919 SUSE bug 960674 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Moderate CVE-2015-8711 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8712 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. Moderate CVE-2015-8713 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8714 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2015-8715 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8716 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8717 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8718 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8719 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2015-8720 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. Moderate CVE-2015-8721 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Moderate CVE-2015-8722 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Moderate CVE-2015-8723 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Moderate CVE-2015-8724 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Moderate CVE-2015-8725 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Moderate CVE-2015-8726 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. Moderate CVE-2015-8727 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly uses the tvb_bcd_dig_to_wmem_packet_str function, which allows remote attackers to cause a denial of service (buffer overflow and application crash) via a crafted packet. Moderate CVE-2015-8728 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Moderate CVE-2015-8729 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. Moderate CVE-2015-8730 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Moderate CVE-2015-8731 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Moderate CVE-2015-8732 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. Moderate CVE-2015-8733 SUSE bug 960382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. Moderate CVE-2015-8743 SUSE bug 960725 SUSE bug 960726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. Low CVE-2015-8744 SUSE bug 960835 SUSE bug 960836 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. Low CVE-2015-8745 SUSE bug 960707 SUSE bug 960708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet. Low CVE-2015-8762 SUSE bug 961479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. Low CVE-2015-8763 SUSE bug 961479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Low CVE-2015-8764 SUSE bug 961479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. Low CVE-2015-8776 SUSE bug 962736 SUSE bug 986086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. Low CVE-2015-8777 SUSE bug 950944 SUSE bug 962735 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. Low CVE-2015-8778 SUSE bug 962737 SUSE bug 986086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Moderate CVE-2015-8779 SUSE bug 962739 SUSE bug 965453 SUSE bug 986086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. Moderate CVE-2015-8781 SUSE bug 964213 SUSE bug 964225 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. Moderate CVE-2015-8782 SUSE bug 964213 SUSE bug 964225 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. Moderate CVE-2015-8783 SUSE bug 964213 SUSE bug 964225 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. Low CVE-2015-8785 SUSE bug 963765 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. Moderate CVE-2015-8803 SUSE bug 964845 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. Moderate CVE-2015-8804 SUSE bug 964847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. Moderate CVE-2015-8805 SUSE bug 964849 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. Moderate CVE-2015-8812 SUSE bug 966437 SUSE bug 966683 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. Moderate CVE-2015-8816 SUSE bug 968010 SUSE bug 979064 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. Moderate CVE-2015-8830 SUSE bug 969354 SUSE bug 969355 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." Moderate CVE-2015-8853 SUSE bug 976584 SUSE bug 997948 SUSE bug 997950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. Moderate CVE-2015-8868 SUSE bug 976844 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. Moderate CVE-2015-8871 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 979907 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." Moderate CVE-2015-8872 SUSE bug 980364 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. Moderate CVE-2015-8878 SUSE bug 981055 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. Moderate CVE-2015-8894 SUSE bug 982969 SUSE bug 983523 SUSE bug 983533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. Moderate CVE-2015-8895 SUSE bug 982969 SUSE bug 983527 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Moderate CVE-2015-8896 SUSE bug 982969 SUSE bug 983533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. Moderate CVE-2015-8897 SUSE bug 982969 SUSE bug 983739 SUSE bug 983746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. Moderate CVE-2015-8898 SUSE bug 982969 SUSE bug 983739 SUSE bug 983746 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. Moderate CVE-2015-8899 SUSE bug 983273 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. Moderate CVE-2015-8900 SUSE bug 983232 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. Moderate CVE-2015-8901 SUSE bug 983234 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. Moderate CVE-2015-8902 SUSE bug 1052711 SUSE bug 983253 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. Important CVE-2015-8903 SUSE bug 983259 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. Moderate CVE-2015-8915 SUSE bug 985601 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." Moderate CVE-2015-8918 SUSE bug 985698 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. Moderate CVE-2015-8919 SUSE bug 985697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. Moderate CVE-2015-8920 SUSE bug 985675 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Moderate CVE-2015-8921 SUSE bug 985682 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. Moderate CVE-2015-8922 SUSE bug 985685 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. Moderate CVE-2015-8923 SUSE bug 985703 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. Moderate CVE-2015-8924 SUSE bug 985609 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. Moderate CVE-2015-8925 SUSE bug 985706 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. Moderate CVE-2015-8926 SUSE bug 985704 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Moderate CVE-2015-8928 SUSE bug 985679 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. Moderate CVE-2015-8929 SUSE bug 985669 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. Moderate CVE-2015-8930 SUSE bug 985700 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. Moderate CVE-2015-8931 SUSE bug 985689 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. Moderate CVE-2015-8932 SUSE bug 985665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. Moderate CVE-2015-8933 SUSE bug 985688 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. Moderate CVE-2015-8934 SUSE bug 985673 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. Moderate CVE-2015-8936 SUSE bug 985612 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. Moderate CVE-2015-8946 SUSE bug 989121 SUSE bug 989122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. Moderate CVE-2015-8948 SUSE bug 1014473 SUSE bug 1173590 SUSE bug 1190777 SUSE bug 990189 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. Low CVE-2015-8950 SUSE bug 1003931 SUSE bug 1004045 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. Important CVE-2015-8961 SUSE bug 1010492 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. Moderate CVE-2015-8962 SUSE bug 1010501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. Moderate CVE-2015-8963 SUSE bug 1010502 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure. Moderate CVE-2015-8964 SUSE bug 1010507 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. Important CVE-2015-8966 SUSE bug 1014754 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. Important CVE-2015-8967 SUSE bug 1014749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c. Moderate CVE-2015-8970 SUSE bug 1008374 SUSE bug 1008850 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. Moderate CVE-2015-9004 SUSE bug 1037306 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046. Moderate CVE-2015-9016 SUSE bug 1081683 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. Low CVE-2015-9019 SUSE bug 1123130 SUSE bug 934119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. Moderate CVE-2015-9096 SUSE bug 1043983 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. Low CVE-2015-9230 SUSE bug 1138468 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Moderate CVE-2015-9251 SUSE bug 1099458 SUSE bug 1100133 SUSE bug 1111660 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. Moderate CVE-2015-9252 SUSE bug 1080931 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. Moderate CVE-2015-9542 SUSE bug 1163933 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. Moderate CVE-2015-9543 SUSE bug 1164398 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Moderate CVE-2016-0264 SUSE bug 977648 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. Important CVE-2016-0363 SUSE bug 977650 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456. Moderate CVE-2016-0376 SUSE bug 977646 SUSE bug 977650 SUSE bug 979252 SUSE bug 981057 SUSE bug 981060 SUSE bug 981087 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. Important CVE-2016-0402 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. Important CVE-2016-0448 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. Important CVE-2016-0466 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. Important CVE-2016-0475 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. Important CVE-2016-0483 SUSE bug 960402 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Important CVE-2016-0494 SUSE bug 962743 SUSE bug 963937 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0502 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. Moderate CVE-2016-0503 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. Moderate CVE-2016-0504 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. Moderate CVE-2016-0505 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name. Moderate CVE-2016-0546 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-0594 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-0595 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-0596 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0597 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-0598 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0599 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Moderate CVE-2016-0600 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. Moderate CVE-2016-0601 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. Moderate CVE-2016-0605 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. Moderate CVE-2016-0606 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. Moderate CVE-2016-0607 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. Moderate CVE-2016-0608 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. Moderate CVE-2016-0609 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Moderate CVE-2016-0610 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0611 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Moderate CVE-2016-0616 SUSE bug 962779 SUSE bug 962817 SUSE bug 962930 SUSE bug 962931 SUSE bug 962932 SUSE bug 962934 SUSE bug 962935 SUSE bug 962936 SUSE bug 962937 SUSE bug 962938 SUSE bug 962939 SUSE bug 962941 SUSE bug 962942 SUSE bug 962943 SUSE bug 962944 SUSE bug 962945 SUSE bug 962946 SUSE bug 962947 SUSE bug 962948 SUSE bug 962949 SUSE bug 962950 SUSE bug 962951 SUSE bug 962952 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors. Moderate CVE-2016-0617 SUSE bug 965794 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. Moderate CVE-2016-0634 SUSE bug 1000396 SUSE bug 1001299 SUSE bug 1159416 SUSE bug 1188388 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. Moderate CVE-2016-0636 SUSE bug 972468 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. Critical CVE-2016-0639 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML. Moderate CVE-2016-0640 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. Critical CVE-2016-0641 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. Critical CVE-2016-0642 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. Critical CVE-2016-0643 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. Critical CVE-2016-0644 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. Critical CVE-2016-0646 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. Critical CVE-2016-0647 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. Critical CVE-2016-0648 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. Critical CVE-2016-0649 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. Critical CVE-2016-0650 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. Critical CVE-2016-0651 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. Critical CVE-2016-0652 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS. Critical CVE-2016-0653 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656. Critical CVE-2016-0654 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. Critical CVE-2016-0655 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654. Critical CVE-2016-0656 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON. Critical CVE-2016-0657 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer. Critical CVE-2016-0658 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. Critical CVE-2016-0659 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. Critical CVE-2016-0661 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition. Critical CVE-2016-0662 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema. Critical CVE-2016-0663 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. Critical CVE-2016-0665 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. Critical CVE-2016-0666 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking. Critical CVE-2016-0667 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. Critical CVE-2016-0668 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. Important CVE-2016-0686 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. Important CVE-2016-0687 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. Important CVE-2016-0695 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. Low CVE-2016-0702 SUSE bug 1007806 SUSE bug 968044 SUSE bug 968050 SUSE bug 971238 SUSE bug 990370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. Low CVE-2016-0705 SUSE bug 968044 SUSE bug 968047 SUSE bug 971238 SUSE bug 976341 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. Moderate CVE-2016-0706 SUSE bug 967815 SUSE bug 988489 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. Important CVE-2016-0714 SUSE bug 967964 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Moderate CVE-2016-0718 SUSE bug 979441 SUSE bug 991809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. Moderate CVE-2016-0723 SUSE bug 961500 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. Important CVE-2016-0728 SUSE bug 923755 SUSE bug 962075 SUSE bug 962078 SUSE bug 963994 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. Moderate CVE-2016-0729 SUSE bug 966822 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. Moderate CVE-2016-0736 SUSE bug 1016712 SUSE bug 1033513 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. Important CVE-2016-0749 SUSE bug 982385 SUSE bug 982386 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. Moderate CVE-2016-0751 SUSE bug 963331 SUSE bug 963627 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. Moderate CVE-2016-0752 SUSE bug 963332 SUSE bug 963608 SUSE bug 968850 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. Moderate CVE-2016-0755 SUSE bug 962983 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. Important CVE-2016-0758 SUSE bug 979867 SUSE bug 980856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Moderate CVE-2016-0762 SUSE bug 1007854 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. Moderate CVE-2016-0763 SUSE bug 967966 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Low CVE-2016-0764 SUSE bug 974072 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. Moderate CVE-2016-0766 SUSE bug 966435 SUSE bug 966436 SUSE bug 978323 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. Moderate CVE-2016-0771 SUSE bug 968223 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." Moderate CVE-2016-0772 SUSE bug 984751 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. Moderate CVE-2016-0773 SUSE bug 966435 SUSE bug 966436 SUSE bug 978323 SUSE bug 983246 SUSE bug 986409 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. Moderate CVE-2016-0775 SUSE bug 965579 SUSE bug 965582 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. Critical CVE-2016-0777 SUSE bug 961642 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. Moderate CVE-2016-0778 SUSE bug 961645 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." Moderate CVE-2016-0787 SUSE bug 1149968 SUSE bug 967026 SUSE bug 968174 SUSE bug 974691 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. Moderate CVE-2016-0797 SUSE bug 968044 SUSE bug 968048 SUSE bug 990370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. Moderate CVE-2016-0798 SUSE bug 968044 SUSE bug 968265 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. Moderate CVE-2016-0799 SUSE bug 968044 SUSE bug 968374 SUSE bug 969517 SUSE bug 989345 SUSE bug 990370 SUSE bug 991722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. Moderate CVE-2016-0800 SUSE bug 1106871 SUSE bug 961377 SUSE bug 968044 SUSE bug 968046 SUSE bug 968888 SUSE bug 969591 SUSE bug 979060 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. Low CVE-2016-0821 SUSE bug 987709 SUSE bug 994624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution Moderate CVE-2016-1000031 SUSE bug 1128963 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. Moderate CVE-2016-1000110 SUSE bug 988484 SUSE bug 989523 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information. Moderate CVE-2016-10002 SUSE bug 1016168 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. Moderate CVE-2016-10003 SUSE bug 1016169 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. Moderate CVE-2016-10009 SUSE bug 1016336 SUSE bug 1016366 SUSE bug 1016370 SUSE bug 1138392 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. Important CVE-2016-10010 SUSE bug 1016336 SUSE bug 1016368 SUSE bug 1196721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. Moderate CVE-2016-10011 SUSE bug 1016336 SUSE bug 1016369 SUSE bug 1016370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. Moderate CVE-2016-10012 SUSE bug 1006166 SUSE bug 1016336 SUSE bug 1016369 SUSE bug 1016370 SUSE bug 1035742 SUSE bug 1073044 SUSE bug 1092582 SUSE bug 1138392 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. Moderate CVE-2016-10013 SUSE bug 1016340 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. Moderate CVE-2016-10024 SUSE bug 1014298 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. Moderate CVE-2016-10025 SUSE bug 1014300 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0. Moderate CVE-2016-10028 SUSE bug 1017084 SUSE bug 1017085 SUSE bug 1185981 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts. Moderate CVE-2016-10029 SUSE bug 1017081 SUSE bug 1017082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. Low CVE-2016-10040 SUSE bug 1039291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. Low CVE-2016-10044 SUSE bug 1023992 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. Moderate CVE-2016-10046 SUSE bug 1016742 SUSE bug 1017308 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. Moderate CVE-2016-10047 SUSE bug 1017309 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. Moderate CVE-2016-10048 SUSE bug 1017310 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. Moderate CVE-2016-10049 SUSE bug 1017311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. Moderate CVE-2016-10050 SUSE bug 1017312 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Moderate CVE-2016-10051 SUSE bug 1017313 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Moderate CVE-2016-10052 SUSE bug 1017314 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. Low CVE-2016-10053 SUSE bug 1017315 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Moderate CVE-2016-10054 SUSE bug 1002209 SUSE bug 1016585 SUSE bug 1017316 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Moderate CVE-2016-10055 SUSE bug 1002209 SUSE bug 1016585 SUSE bug 1017316 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Moderate CVE-2016-10056 SUSE bug 1002209 SUSE bug 1016585 SUSE bug 1017316 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Moderate CVE-2016-10057 SUSE bug 1002209 SUSE bug 1016585 SUSE bug 1017316 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. Low CVE-2016-10058 SUSE bug 1017317 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. Moderate CVE-2016-10059 SUSE bug 1017318 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Low CVE-2016-10060 SUSE bug 1017319 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file. Low CVE-2016-10061 SUSE bug 1017319 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Low CVE-2016-10062 SUSE bug 1017319 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. Moderate CVE-2016-10063 SUSE bug 1016589 SUSE bug 1017320 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Low CVE-2016-10064 SUSE bug 1016590 SUSE bug 1017321 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Moderate CVE-2016-10065 SUSE bug 1016591 SUSE bug 1017322 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. Low CVE-2016-10068 SUSE bug 1017324 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. Low CVE-2016-10069 SUSE bug 1017325 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. Moderate CVE-2016-10070 SUSE bug 1017326 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. Moderate CVE-2016-10071 SUSE bug 1017326 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. Low CVE-2016-10087 SUSE bug 1017646 SUSE bug 1149680 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. Moderate CVE-2016-10095 SUSE bug 1017690 SUSE bug 960341 SUSE bug 983436 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. Moderate CVE-2016-10109 SUSE bug 1017902 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. Important CVE-2016-10127 SUSE bug 1019074 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. Moderate CVE-2016-10144 SUSE bug 1020433 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. Moderate CVE-2016-10145 SUSE bug 1020435 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Moderate CVE-2016-10146 SUSE bug 1020443 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5). Moderate CVE-2016-10147 SUSE bug 1020381 SUSE bug 1020429 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. Moderate CVE-2016-10150 SUSE bug 1020693 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code. Moderate CVE-2016-10153 SUSE bug 1021253 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. Moderate CVE-2016-10154 SUSE bug 1021254 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. Moderate CVE-2016-10155 SUSE bug 1021129 SUSE bug 1024183 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. Important CVE-2016-10156 SUSE bug 1020601 SUSE bug 1021969 SUSE bug 1086936 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context. Low CVE-2016-10163 SUSE bug 1021616 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. Important CVE-2016-10164 SUSE bug 1021315 SUSE bug 1123144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. Moderate CVE-2016-10165 SUSE bug 1021364 SUSE bug 1064069 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. Moderate CVE-2016-10166 SUSE bug 1022069 SUSE bug 1022263 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. Low CVE-2016-10167 SUSE bug 1022069 SUSE bug 1022264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. Moderate CVE-2016-10168 SUSE bug 1022069 SUSE bug 1022265 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Low CVE-2016-10169 SUSE bug 1021483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Low CVE-2016-10170 SUSE bug 1021483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Low CVE-2016-10171 SUSE bug 1021483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. Low CVE-2016-10172 SUSE bug 1021483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. Moderate CVE-2016-10195 SUSE bug 1022917 SUSE bug 1035082 SUSE bug 1035209 SUSE bug 1075618 SUSE bug 1123122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. Moderate CVE-2016-10196 SUSE bug 1022918 SUSE bug 1035082 SUSE bug 1035209 SUSE bug 1075618 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. Moderate CVE-2016-10197 SUSE bug 1022919 SUSE bug 1035082 SUSE bug 1035209 SUSE bug 1075618 SUSE bug 1123122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file. Low CVE-2016-10198 SUSE bug 1023259 SUSE bug 1024014 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. Low CVE-2016-10199 SUSE bug 1023259 SUSE bug 1024017 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. Moderate CVE-2016-10200 SUSE bug 1027179 SUSE bug 1028415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. Important CVE-2016-10207 SUSE bug 1023012 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. Important CVE-2016-10208 SUSE bug 1023377 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. Moderate CVE-2016-10209 SUSE bug 1032089 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. Moderate CVE-2016-10214 SUSE bug 1024244 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. Moderate CVE-2016-10217 SUSE bug 1032130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Moderate CVE-2016-10218 SUSE bug 1032135 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. Low CVE-2016-10219 SUSE bug 1032138 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. Moderate CVE-2016-10220 SUSE bug 1032120 SUSE bug 1036453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. Moderate CVE-2016-10228 SUSE bug 1027496 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. Moderate CVE-2016-10243 SUSE bug 1028271 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. Moderate CVE-2016-10244 SUSE bug 1028103 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value. Moderate CVE-2016-10251 SUSE bug 1029497 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. Low CVE-2016-10254 SUSE bug 1030472 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. Low CVE-2016-10255 SUSE bug 1030472 SUSE bug 1030476 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. Moderate CVE-2016-10266 SUSE bug 1017694 SUSE bug 1031263 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. Moderate CVE-2016-10267 SUSE bug 1017694 SUSE bug 1031262 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. Moderate CVE-2016-10268 SUSE bug 1017693 SUSE bug 1031255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. Moderate CVE-2016-10269 SUSE bug 1017693 SUSE bug 1031254 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. Moderate CVE-2016-10270 SUSE bug 1031250 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. Moderate CVE-2016-10271 SUSE bug 1031249 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. Moderate CVE-2016-10272 SUSE bug 1031247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. Moderate CVE-2016-10317 SUSE bug 1032230 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Moderate CVE-2016-10349 SUSE bug 1037008 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Moderate CVE-2016-10350 SUSE bug 1037009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. Low CVE-2016-10371 SUSE bug 1038438 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. Moderate CVE-2016-10396 SUSE bug 1047443 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. Important CVE-2016-10504 SUSE bug 1056351 SUSE bug 1179594 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. Moderate CVE-2016-10505 SUSE bug 1056363 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. Moderate CVE-2016-10506 SUSE bug 1056396 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. Moderate CVE-2016-10507 SUSE bug 1056421 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. Moderate CVE-2016-10708 SUSE bug 1076957 SUSE bug 1138392 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. Moderate CVE-2016-10713 SUSE bug 1080918 SUSE bug 1101128 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. Low CVE-2016-10714 SUSE bug 1083250 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. Important CVE-2016-10745 SUSE bug 1132174 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. Moderate CVE-2016-10905 SUSE bug 1146312 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. Moderate CVE-2016-10906 SUSE bug 1146584 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. Moderate CVE-2016-1181 SUSE bug 983684 SUSE bug 983728 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. Moderate CVE-2016-1182 SUSE bug 983684 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. Moderate CVE-2016-1234 SUSE bug 1020940 SUSE bug 969727 SUSE bug 988770 SUSE bug 988782 SUSE bug 989127 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. Low CVE-2016-1237 SUSE bug 986570 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. Moderate CVE-2016-1238 SUSE bug 1108749 SUSE bug 1123389 SUSE bug 987887 SUSE bug 988311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. Moderate CVE-2016-1245 SUSE bug 1005258 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. Moderate CVE-2016-1246 SUSE bug 1002626 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. Moderate CVE-2016-1248 SUSE bug 1010685 SUSE bug 1173534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression. Low CVE-2016-1249 SUSE bug 1010457 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. Moderate CVE-2016-1251 SUSE bug 1012546 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. Moderate CVE-2016-1255 SUSE bug 1016745 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. Moderate CVE-2016-1283 SUSE bug 960837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. Moderate CVE-2016-1285 SUSE bug 970072 SUSE bug 981200 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. Important CVE-2016-1286 SUSE bug 970073 SUSE bug 981200 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. Moderate CVE-2016-1372 SUSE bug 984650 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. Moderate CVE-2016-1521 SUSE bug 965803 SUSE bug 965806 SUSE bug 965807 SUSE bug 965810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. Moderate CVE-2016-1523 SUSE bug 965803 SUSE bug 965806 SUSE bug 965807 SUSE bug 965810 SUSE bug 967087 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. Moderate CVE-2016-1526 SUSE bug 965803 SUSE bug 965806 SUSE bug 965807 SUSE bug 965810 SUSE bug 966438 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. Moderate CVE-2016-1541 SUSE bug 979005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). Low CVE-2016-1544 SUSE bug 966514 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service (stream-processing outage) via modified flow-control windows. Moderate CVE-2016-1546 SUSE bug 980370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. Moderate CVE-2016-1547 SUSE bug 962784 SUSE bug 977446 SUSE bug 977459 SUSE bug 982064 SUSE bug 982065 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. Moderate CVE-2016-1548 SUSE bug 959243 SUSE bug 977446 SUSE bug 977461 SUSE bug 982068 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. Moderate CVE-2016-1549 SUSE bug 1083424 SUSE bug 977446 SUSE bug 977451 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. Moderate CVE-2016-1550 SUSE bug 977446 SUSE bug 977464 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. Moderate CVE-2016-1551 SUSE bug 977446 SUSE bug 977450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." Low CVE-2016-1567 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. Moderate CVE-2016-1568 SUSE bug 961332 SUSE bug 961333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates. Moderate CVE-2016-1570 SUSE bug 960861 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. Moderate CVE-2016-1571 SUSE bug 960861 SUSE bug 960862 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. Moderate CVE-2016-1572 SUSE bug 962052 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137. Important CVE-2016-1577 SUSE bug 1178702 SUSE bug 968373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. Moderate CVE-2016-1583 SUSE bug 1052256 SUSE bug 983143 SUSE bug 983144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors. Critical CVE-2016-1601 SUSE bug 973639 SUSE bug 974220 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). Moderate CVE-2016-1602 SUSE bug 1063385 SUSE bug 980670 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Moderate CVE-2016-1667 SUSE bug 979859 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Moderate CVE-2016-1668 SUSE bug 979859 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. Moderate CVE-2016-1669 SUSE bug 979859 SUSE bug 987919 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. Moderate CVE-2016-1670 SUSE bug 979859 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. Moderate CVE-2016-1671 SUSE bug 979859 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. Moderate CVE-2016-1714 SUSE bug 961691 SUSE bug 961692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Moderate CVE-2016-1762 SUSE bug 1123919 SUSE bug 981040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Moderate CVE-2016-1833 SUSE bug 1123919 SUSE bug 981108 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Moderate CVE-2016-1834 SUSE bug 1123919 SUSE bug 981041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. Moderate CVE-2016-1835 SUSE bug 1123919 SUSE bug 981109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Moderate CVE-2016-1836 SUSE bug 1174862 SUSE bug 981110 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. Moderate CVE-2016-1837 SUSE bug 1123919 SUSE bug 981111 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Moderate CVE-2016-1838 SUSE bug 1123919 SUSE bug 981112 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. Moderate CVE-2016-1839 SUSE bug 1039069 SUSE bug 1039661 SUSE bug 1069433 SUSE bug 1069690 SUSE bug 1123919 SUSE bug 963963 SUSE bug 981114 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Important CVE-2016-1840 SUSE bug 1123919 SUSE bug 981115 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. Moderate CVE-2016-1856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Moderate CVE-2016-1857 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. Moderate CVE-2016-1867 SUSE bug 1178702 SUSE bug 961886 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. Low CVE-2016-1908 SUSE bug 1001712 SUSE bug 1005738 SUSE bug 1138392 SUSE bug 962313 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. Low CVE-2016-1922 SUSE bug 962320 SUSE bug 962321 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. Important CVE-2016-1924 SUSE bug 962522 SUSE bug 980504 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-1930 SUSE bug 963520 SUSE bug 963632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors. Important CVE-2016-1931 SUSE bug 963633 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Moderate CVE-2016-1935 SUSE bug 963520 SUSE bug 963635 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. Moderate CVE-2016-1938 SUSE bug 963731 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Important CVE-2016-1950 SUSE bug 969894 SUSE bug 970257 SUSE bug 970377 SUSE bug 970378 SUSE bug 970379 SUSE bug 970380 SUSE bug 970381 SUSE bug 970431 SUSE bug 970433 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Critical CVE-2016-1952 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. Critical CVE-2016-1953 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. Moderate CVE-2016-1954 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Moderate CVE-2016-1957 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. Moderate CVE-2016-1958 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Critical CVE-2016-1960 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Critical CVE-2016-1961 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. Critical CVE-2016-1962 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. Critical CVE-2016-1964 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. Moderate CVE-2016-1965 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. Important CVE-2016-1966 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. Moderate CVE-2016-1974 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. Critical CVE-2016-1977 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. Moderate CVE-2016-1978 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Moderate CVE-2016-1979 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. Low CVE-2016-1981 SUSE bug 963782 SUSE bug 963783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. Low CVE-2016-2037 SUSE bug 1028410 SUSE bug 963448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." Moderate CVE-2016-2047 SUSE bug 963806 SUSE bug 976341 SUSE bug 980904 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. Low CVE-2016-2089 SUSE bug 1178702 SUSE bug 963983 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. Moderate CVE-2016-2098 SUSE bug 968849 SUSE bug 969943 SUSE bug 993313 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. Moderate CVE-2016-2099 SUSE bug 979208 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Moderate CVE-2016-2105 SUSE bug 977584 SUSE bug 977614 SUSE bug 978492 SUSE bug 989902 SUSE bug 990369 SUSE bug 990370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. Low CVE-2016-2106 SUSE bug 977584 SUSE bug 977615 SUSE bug 978492 SUSE bug 990369 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. Important CVE-2016-2107 SUSE bug 976942 SUSE bug 977584 SUSE bug 977616 SUSE bug 978492 SUSE bug 990369 SUSE bug 990370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. Moderate CVE-2016-2109 SUSE bug 1015243 SUSE bug 976942 SUSE bug 977584 SUSE bug 978492 SUSE bug 990369 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. Moderate CVE-2016-2110 SUSE bug 1009711 SUSE bug 973031 SUSE bug 973033 SUSE bug 973036 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. Moderate CVE-2016-2111 SUSE bug 973032 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. Moderate CVE-2016-2112 SUSE bug 973031 SUSE bug 973033 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. Moderate CVE-2016-2113 SUSE bug 973031 SUSE bug 973033 SUSE bug 973034 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Moderate CVE-2016-2115 SUSE bug 973036 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. Moderate CVE-2016-2116 SUSE bug 1178702 SUSE bug 968373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. Moderate CVE-2016-2117 SUSE bug 1027179 SUSE bug 968697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." Moderate CVE-2016-2118 SUSE bug 971965 SUSE bug 975276 SUSE bug 977416 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. Moderate CVE-2016-2119 SUSE bug 986869 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. Important CVE-2016-2123 SUSE bug 1014437 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Moderate CVE-2016-2124 SUSE bug 1014440 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Moderate CVE-2016-2125 SUSE bug 1014441 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions. Moderate CVE-2016-2126 SUSE bug 1014442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. Important CVE-2016-2143 SUSE bug 970504 SUSE bug 993872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. Important CVE-2016-2150 SUSE bug 982385 SUSE bug 982386 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. Moderate CVE-2016-2161 SUSE bug 1016714 SUSE bug 1033513 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. Moderate CVE-2016-2176 SUSE bug 978224 SUSE bug 990369 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Moderate CVE-2016-2177 SUSE bug 982575 SUSE bug 999075 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. Moderate CVE-2016-2178 SUSE bug 983249 SUSE bug 983519 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. Moderate CVE-2016-2179 SUSE bug 994844 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. Low CVE-2016-2180 SUSE bug 1003811 SUSE bug 990419 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. Moderate CVE-2016-2181 SUSE bug 994749 SUSE bug 994844 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. Moderate CVE-2016-2182 SUSE bug 993819 SUSE bug 994844 SUSE bug 995959 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Moderate CVE-2016-2183 SUSE bug 1001912 SUSE bug 1024218 SUSE bug 1027038 SUSE bug 1034689 SUSE bug 1171693 SUSE bug 994844 SUSE bug 995359 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. Moderate CVE-2016-2184 SUSE bug 971125 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Moderate CVE-2016-2185 SUSE bug 971124 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Moderate CVE-2016-2186 SUSE bug 970958 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Moderate CVE-2016-2188 SUSE bug 1067912 SUSE bug 1132190 SUSE bug 970956 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. Low CVE-2016-2198 SUSE bug 964413 SUSE bug 964415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Moderate CVE-2016-2270 SUSE bug 965315 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. Moderate CVE-2016-2271 SUSE bug 965317 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. Moderate CVE-2016-2315 SUSE bug 971328 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Moderate CVE-2016-2324 SUSE bug 971328 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. Moderate CVE-2016-2335 SUSE bug 979823 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. Important CVE-2016-2336 SUSE bug 1018810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. Moderate CVE-2016-2339 SUSE bug 1018808 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. Moderate CVE-2016-2342 SUSE bug 970952 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Moderate CVE-2016-2381 SUSE bug 967082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. Moderate CVE-2016-2383 SUSE bug 966684 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. Moderate CVE-2016-2384 SUSE bug 966693 SUSE bug 967773 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. Moderate CVE-2016-2390 SUSE bug 967011 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. Low CVE-2016-2391 SUSE bug 967012 SUSE bug 967013 SUSE bug 967101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. Low CVE-2016-2392 SUSE bug 967012 SUSE bug 967090 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. Moderate CVE-2016-2399 SUSE bug 1022805 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. Moderate CVE-2016-2512 SUSE bug 967999 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. Moderate CVE-2016-2513 SUSE bug 968000 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. Moderate CVE-2016-2516 SUSE bug 977446 SUSE bug 977452 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. Moderate CVE-2016-2517 SUSE bug 977446 SUSE bug 977455 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. Moderate CVE-2016-2518 SUSE bug 977446 SUSE bug 977457 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. Moderate CVE-2016-2519 SUSE bug 959243 SUSE bug 977446 SUSE bug 977458 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2016-2523 SUSE bug 968565 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531. Moderate CVE-2016-2530 SUSE bug 968565 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530. Moderate CVE-2016-2531 SUSE bug 968565 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. Moderate CVE-2016-2532 SUSE bug 968565 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. Moderate CVE-2016-2533 SUSE bug 967970 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. Low CVE-2016-2538 SUSE bug 967969 SUSE bug 968004 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. Moderate CVE-2016-2569 SUSE bug 968392 SUSE bug 968393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. Moderate CVE-2016-2570 SUSE bug 968392 SUSE bug 968393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. Moderate CVE-2016-2571 SUSE bug 968394 SUSE bug 968395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. Moderate CVE-2016-2572 SUSE bug 968394 SUSE bug 968395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. Moderate CVE-2016-2774 SUSE bug 969820 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Moderate CVE-2016-2775 SUSE bug 989528 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. Important CVE-2016-2776 SUSE bug 1000362 SUSE bug 1001595 SUSE bug 1001597 SUSE bug 1007829 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. Low CVE-2016-2782 SUSE bug 961512 SUSE bug 968670 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. Critical CVE-2016-2790 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2791 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. Critical CVE-2016-2792 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2793 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2794 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. Critical CVE-2016-2795 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2796 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. Critical CVE-2016-2797 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2798 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2799 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. Critical CVE-2016-2800 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. Critical CVE-2016-2801 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. Critical CVE-2016-2802 SUSE bug 969894 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-2805 SUSE bug 977333 SUSE bug 977374 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-2807 SUSE bug 977333 SUSE bug 977376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site. Moderate CVE-2016-2808 SUSE bug 977333 SUSE bug 977386 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. Moderate CVE-2016-2814 SUSE bug 977333 SUSE bug 977381 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-2815 SUSE bug 983549 SUSE bug 983638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-2818 SUSE bug 983549 SUSE bug 983638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element. Moderate CVE-2016-2819 SUSE bug 983549 SUSE bug 983655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. Moderate CVE-2016-2821 SUSE bug 983549 SUSE bug 983653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu. Moderate CVE-2016-2822 SUSE bug 983549 SUSE bug 983652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array. Moderate CVE-2016-2824 SUSE bug 983549 SUSE bug 983651 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security Policy (CSP) referrer directive with zero values. Important CVE-2016-2827 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. Moderate CVE-2016-2828 SUSE bug 983549 SUSE bug 983646 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses. Moderate CVE-2016-2830 SUSE bug 983922 SUSE bug 991809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. Moderate CVE-2016-2831 SUSE bug 983549 SUSE bug 983632 SUSE bug 983643 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Moderate CVE-2016-2834 SUSE bug 983549 SUSE bug 983639 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Moderate CVE-2016-2835 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. Moderate CVE-2016-2836 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass. Moderate CVE-2016-2837 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document. Moderate CVE-2016-2838 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. Moderate CVE-2016-2839 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. Low CVE-2016-2841 SUSE bug 969350 SUSE bug 969351 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. Moderate CVE-2016-2847 SUSE bug 970948 SUSE bug 974646 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. Moderate CVE-2016-2851 SUSE bug 969785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. Low CVE-2016-3070 SUSE bug 979215 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. Moderate CVE-2016-3075 SUSE bug 973164 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. Moderate CVE-2016-3076 SUSE bug 973786 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Moderate CVE-2016-3092 SUSE bug 1068865 SUSE bug 986359 SUSE bug 988489 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. Moderate CVE-2016-3096 SUSE bug 973546 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. Moderate CVE-2016-3099 SUSE bug 973996 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Moderate CVE-2016-3115 SUSE bug 1005738 SUSE bug 1059233 SUSE bug 1138392 SUSE bug 970632 SUSE bug 992296 SUSE bug 996040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. Low CVE-2016-3119 SUSE bug 971942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. Low CVE-2016-3120 SUSE bug 991088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Moderate CVE-2016-3134 SUSE bug 1052256 SUSE bug 971126 SUSE bug 971793 SUSE bug 986362 SUSE bug 986365 SUSE bug 986377 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call. Moderate CVE-2016-3135 SUSE bug 970904 SUSE bug 971794 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. Moderate CVE-2016-3136 SUSE bug 970955 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. Moderate CVE-2016-3137 SUSE bug 970970 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. Moderate CVE-2016-3138 SUSE bug 970911 SUSE bug 970970 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. Moderate CVE-2016-3140 SUSE bug 970892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. Low CVE-2016-3156 SUSE bug 971360 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. Moderate CVE-2016-3183 SUSE bug 971617 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. Moderate CVE-2016-3186 SUSE bug 973340 SUSE bug 983268 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. Low CVE-2016-3189 SUSE bug 985657 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. Low CVE-2016-3191 SUSE bug 971741 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. Important CVE-2016-3422 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. Important CVE-2016-3425 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. Important CVE-2016-3426 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Important CVE-2016-3427 SUSE bug 1011805 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read. Important CVE-2016-3443 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. Important CVE-2016-3449 SUSE bug 976340 SUSE bug 979252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. Moderate CVE-2016-3458 SUSE bug 989732 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server. Critical CVE-2016-3461 SUSE bug 976341 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors. Moderate CVE-2016-3473 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. Important CVE-2016-3477 SUSE bug 989913 SUSE bug 991616 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. Low CVE-2016-3485 SUSE bug 1009280 SUSE bug 989734 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Moderate CVE-2016-3492 SUSE bug 1005555 SUSE bug 1008318 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. Moderate CVE-2016-3498 SUSE bug 989729 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. Moderate CVE-2016-3500 SUSE bug 989730 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. Moderate CVE-2016-3503 SUSE bug 989728 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. Moderate CVE-2016-3508 SUSE bug 989731 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment. Moderate CVE-2016-3511 SUSE bug 1009280 SUSE bug 989727 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. Important CVE-2016-3521 SUSE bug 989919 SUSE bug 991616 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. Moderate CVE-2016-3550 SUSE bug 989733 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. Moderate CVE-2016-3552 SUSE bug 989726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. Important CVE-2016-3587 SUSE bug 989721 SUSE bug 998845 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. Important CVE-2016-3598 SUSE bug 1009280 SUSE bug 989723 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. Important CVE-2016-3606 SUSE bug 989722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. Important CVE-2016-3610 SUSE bug 989725 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. Moderate CVE-2016-3615 SUSE bug 989922 SUSE bug 991616 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. Low CVE-2016-3622 SUSE bug 974449 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. Low CVE-2016-3623 SUSE bug 974617 SUSE bug 974618 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. Moderate CVE-2016-3627 SUSE bug 1026099 SUSE bug 1026101 SUSE bug 1123919 SUSE bug 972335 SUSE bug 975947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. Low CVE-2016-3658 SUSE bug 974840 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. Low CVE-2016-3672 SUSE bug 974308 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. Moderate CVE-2016-3689 SUSE bug 971628 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. Moderate CVE-2016-3705 SUSE bug 1017497 SUSE bug 1123919 SUSE bug 975947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. Moderate CVE-2016-3706 SUSE bug 980483 SUSE bug 997423 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. Moderate CVE-2016-3710 SUSE bug 978158 SUSE bug 978164 SUSE bug 978167 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Moderate CVE-2016-3712 SUSE bug 978160 SUSE bug 978164 SUSE bug 978167 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. Moderate CVE-2016-3713 SUSE bug 979715 SUSE bug 985132 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." Moderate CVE-2016-3714 SUSE bug 1000484 SUSE bug 1057163 SUSE bug 1105592 SUSE bug 978061 SUSE bug 982178 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Moderate CVE-2016-3715 SUSE bug 1000484 SUSE bug 1057163 SUSE bug 1105592 SUSE bug 978061 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. Moderate CVE-2016-3716 SUSE bug 1000484 SUSE bug 1057163 SUSE bug 1105592 SUSE bug 978061 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. Moderate CVE-2016-3717 SUSE bug 1000484 SUSE bug 1057163 SUSE bug 1105592 SUSE bug 978061 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Moderate CVE-2016-3718 SUSE bug 1000484 SUSE bug 1057163 SUSE bug 1105592 SUSE bug 978061 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. Moderate CVE-2016-3841 SUSE bug 1052256 SUSE bug 992566 SUSE bug 992569 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. Low CVE-2016-3945 SUSE bug 974614 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. Moderate CVE-2016-3947 SUSE bug 973782 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. Moderate CVE-2016-3948 SUSE bug 973783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Moderate CVE-2016-3951 SUSE bug 974418 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file. Moderate CVE-2016-3977 SUSE bug 974847 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. Low CVE-2016-3990 SUSE bug 975069 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. Low CVE-2016-3991 SUSE bug 975070 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. Moderate CVE-2016-4000 SUSE bug 1044655 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. Moderate CVE-2016-4002 SUSE bug 975136 SUSE bug 975138 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. Moderate CVE-2016-4008 SUSE bug 982779 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. Moderate CVE-2016-4009 SUSE bug 975500 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). Low CVE-2016-4020 SUSE bug 975700 SUSE bug 975907 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. Moderate CVE-2016-4049 SUSE bug 977012 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. Important CVE-2016-4051 SUSE bug 976553 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. Important CVE-2016-4052 SUSE bug 976556 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. Important CVE-2016-4053 SUSE bug 976556 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. Important CVE-2016-4054 SUSE bug 976556 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." Moderate CVE-2016-4070 SUSE bug 976997 SUSE bug 980366 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. Moderate CVE-2016-4300 SUSE bug 985832 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. Moderate CVE-2016-4301 SUSE bug 985826 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. Moderate CVE-2016-4302 SUSE bug 985835 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. Moderate CVE-2016-4425 SUSE bug 978163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. Moderate CVE-2016-4429 SUSE bug 1081556 SUSE bug 980854 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. Moderate CVE-2016-4439 SUSE bug 980711 SUSE bug 980716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. Moderate CVE-2016-4441 SUSE bug 980723 SUSE bug 980724 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. Low CVE-2016-4453 SUSE bug 982223 SUSE bug 982225 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. Low CVE-2016-4454 SUSE bug 982222 SUSE bug 982224 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. Moderate CVE-2016-4463 SUSE bug 985860 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. Moderate CVE-2016-4470 SUSE bug 984755 SUSE bug 984764 SUSE bug 991651 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. Moderate CVE-2016-4472 SUSE bug 1034050 SUSE bug 939077 SUSE bug 980391 SUSE bug 983985 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. Moderate CVE-2016-4482 SUSE bug 978401 SUSE bug 978445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. Low CVE-2016-4483 SUSE bug 1026101 SUSE bug 1123919 SUSE bug 978395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. Moderate CVE-2016-4485 SUSE bug 978821 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. Low CVE-2016-4486 SUSE bug 978822 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. Moderate CVE-2016-4553 SUSE bug 979009 SUSE bug 990451 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. Moderate CVE-2016-4554 SUSE bug 979010 SUSE bug 990451 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. Moderate CVE-2016-4555 SUSE bug 979008 SUSE bug 979011 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. Moderate CVE-2016-4556 SUSE bug 979008 SUSE bug 979011 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor. Moderate CVE-2016-4557 SUSE bug 979018 SUSE bug 979077 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count. Moderate CVE-2016-4558 SUSE bug 979019 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Moderate CVE-2016-4562 SUSE bug 983292 SUSE bug 983305 SUSE bug 983308 SUSE bug 983309 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Moderate CVE-2016-4563 SUSE bug 983305 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Moderate CVE-2016-4564 SUSE bug 983308 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. Low CVE-2016-4569 SUSE bug 979213 SUSE bug 979879 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. Moderate CVE-2016-4574 SUSE bug 1135436 SUSE bug 979261 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. Low CVE-2016-4578 SUSE bug 1052256 SUSE bug 979879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." Moderate CVE-2016-4579 SUSE bug 1135436 SUSE bug 979906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Moderate CVE-2016-4590 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Important CVE-2016-4591 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-4612 SUSE bug 1135231 SUSE bug 1135233 SUSE bug 1135235 SUSE bug 1135238 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8317. Reason: This candidate is a reservation duplicate of CVE-2015-8317. Notes: All CVE users should reference CVE-2015-8317 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-4619 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624. Moderate CVE-2016-4622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623. Moderate CVE-2016-4624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. Moderate CVE-2016-4658 SUSE bug 1005544 SUSE bug 1014873 SUSE bug 1069433 SUSE bug 1078813 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-4692 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Moderate CVE-2016-4738 SUSE bug 1005591 SUSE bug 1123130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-4743 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. Moderate CVE-2016-4794 SUSE bug 980265 SUSE bug 981517 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. Moderate CVE-2016-4797 SUSE bug 979911 SUSE bug 980504 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. Low CVE-2016-4804 SUSE bug 980364 SUSE bug 980377 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. Low CVE-2016-4805 SUSE bug 980371 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. Low CVE-2016-4809 SUSE bug 984990 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure. Moderate CVE-2016-4912 SUSE bug 1074356 SUSE bug 980722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. Low CVE-2016-4913 SUSE bug 870618 SUSE bug 980725 SUSE bug 985132 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. Moderate CVE-2016-4951 SUSE bug 981058 SUSE bug 985132 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. Moderate CVE-2016-4952 SUSE bug 981266 SUSE bug 981276 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. Moderate CVE-2016-4953 SUSE bug 962784 SUSE bug 977459 SUSE bug 982056 SUSE bug 982065 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. Moderate CVE-2016-4954 SUSE bug 982056 SUSE bug 982066 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. Moderate CVE-2016-4955 SUSE bug 982056 SUSE bug 982067 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. Moderate CVE-2016-4956 SUSE bug 977461 SUSE bug 982056 SUSE bug 982068 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. Moderate CVE-2016-4957 SUSE bug 977459 SUSE bug 982056 SUSE bug 982064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. Low CVE-2016-4964 SUSE bug 981399 SUSE bug 981401 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Moderate CVE-2016-4971 SUSE bug 1023231 SUSE bug 984060 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). Low CVE-2016-4975 SUSE bug 1104826 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. Important CVE-2016-4979 SUSE bug 987365 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. Low CVE-2016-4983 SUSE bug 984639 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. Important CVE-2016-4997 SUSE bug 986362 SUSE bug 986365 SUSE bug 986377 SUSE bug 991651 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. Moderate CVE-2016-4998 SUSE bug 986362 SUSE bug 986365 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. Moderate CVE-2016-5009 SUSE bug 987144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. Low CVE-2016-5010 SUSE bug 991444 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. Low CVE-2016-5011 SUSE bug 988361 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. Moderate CVE-2016-5018 SUSE bug 1007855 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. Moderate CVE-2016-5104 SUSE bug 982014 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. Low CVE-2016-5105 SUSE bug 982017 SUSE bug 982024 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. Low CVE-2016-5106 SUSE bug 982018 SUSE bug 982025 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. Low CVE-2016-5107 SUSE bug 982019 SUSE bug 982026 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. Moderate CVE-2016-5116 SUSE bug 982176 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Moderate CVE-2016-5118 SUSE bug 1000484 SUSE bug 982178 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. Moderate CVE-2016-5126 SUSE bug 982285 SUSE bug 982286 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Important CVE-2016-5131 SUSE bug 1014873 SUSE bug 1069433 SUSE bug 1078813 SUSE bug 1123919 SUSE bug 989901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. Moderate CVE-2016-5180 SUSE bug 1007728 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." Important CVE-2016-5195 SUSE bug 1004418 SUSE bug 1004419 SUSE bug 1004436 SUSE bug 1006323 SUSE bug 1006695 SUSE bug 1008110 SUSE bug 1030118 SUSE bug 1069496 SUSE bug 1149725 SUSE bug 870618 SUSE bug 986445 SUSE bug 998689 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Moderate CVE-2016-5200 SUSE bug 1009893 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. Moderate CVE-2016-5238 SUSE bug 982959 SUSE bug 982960 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. Moderate CVE-2016-5244 SUSE bug 983213 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. Moderate CVE-2016-5250 SUSE bug 991809 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. Moderate CVE-2016-5251 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations. Moderate CVE-2016-5252 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items. Moderate CVE-2016-5254 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection. Moderate CVE-2016-5255 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2016-5256 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Important CVE-2016-5257 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. Moderate CVE-2016-5258 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. Moderate CVE-2016-5259 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering. Moderate CVE-2016-5261 SUSE bug 991809 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. Moderate CVE-2016-5262 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion." Moderate CVE-2016-5263 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. Moderate CVE-2016-5264 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. Moderate CVE-2016-5265 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. Moderate CVE-2016-5266 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring. Moderate CVE-2016-5268 SUSE bug 991809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. Important CVE-2016-5270 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property. Important CVE-2016-5271 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. Important CVE-2016-5272 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site. Important CVE-2016-5273 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. Important CVE-2016-5274 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering. Important CVE-2016-5275 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. Important CVE-2016-5276 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. Important CVE-2016-5277 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. Important CVE-2016-5278 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. Important CVE-2016-5279 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text. Important CVE-2016-5280 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. Important CVE-2016-5281 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource. Important CVE-2016-5282 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized. Important CVE-2016-5283 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. Important CVE-2016-5284 SUSE bug 999701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Moderate CVE-2016-5285 SUSE bug 1010517 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2. Moderate CVE-2016-5287 SUSE bug 1006475 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2. Moderate CVE-2016-5288 SUSE bug 1006476 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. Important CVE-2016-5289 SUSE bug 1009026 SUSE bug 1010426 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Important CVE-2016-5290 SUSE bug 1009026 SUSE bug 1010427 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Moderate CVE-2016-5291 SUSE bug 1009026 SUSE bug 1010410 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. Moderate CVE-2016-5292 SUSE bug 1009026 SUSE bug 1010399 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. Moderate CVE-2016-5293 SUSE bug 1009026 SUSE bug 1010400 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Moderate CVE-2016-5294 SUSE bug 1009026 SUSE bug 1010396 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. Moderate CVE-2016-5295 SUSE bug 1009026 SUSE bug 1010411 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Important CVE-2016-5296 SUSE bug 1009026 SUSE bug 1010395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Moderate CVE-2016-5297 SUSE bug 1009026 SUSE bug 1010401 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. Moderate CVE-2016-5298 SUSE bug 1009026 SUSE bug 1010412 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Moderate CVE-2016-5299 SUSE bug 1009026 SUSE bug 1010413 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. Moderate CVE-2016-5300 SUSE bug 983216 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. Moderate CVE-2016-5314 SUSE bug 984831 SUSE bug 987351 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. Moderate CVE-2016-5316 SUSE bug 984837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. Moderate CVE-2016-5317 SUSE bug 984842 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. Moderate CVE-2016-5318 SUSE bug 1007276 SUSE bug 1017690 SUSE bug 1040322 SUSE bug 960341 SUSE bug 974621 SUSE bug 983436 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-5320 SUSE bug 1007284 SUSE bug 984808 SUSE bug 987351 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. Moderate CVE-2016-5321 SUSE bug 984813 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. Moderate CVE-2016-5323 SUSE bug 984815 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. Moderate CVE-2016-5325 SUSE bug 985201 SUSE bug 985202 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. Low CVE-2016-5337 SUSE bug 983961 SUSE bug 983973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. Low CVE-2016-5338 SUSE bug 983982 SUSE bug 983984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Important CVE-2016-5350 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Important CVE-2016-5351 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Important CVE-2016-5352 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Important CVE-2016-5353 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Important CVE-2016-5354 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Important CVE-2016-5355 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Important CVE-2016-5356 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. Important CVE-2016-5357 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Important CVE-2016-5358 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles offsets, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a crafted packet. Important CVE-2016-5359 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. Low CVE-2016-5384 SUSE bug 1123116 SUSE bug 992534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. Moderate CVE-2016-5387 SUSE bug 988484 SUSE bug 988486 SUSE bug 988487 SUSE bug 988488 SUSE bug 988489 SUSE bug 988491 SUSE bug 988492 SUSE bug 989125 SUSE bug 989174 SUSE bug 989684 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5696. Reason: This candidate is a reservation duplicate of CVE-2016-5696. Notes: All CVE users should reference CVE-2016-5696 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-5389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. Low CVE-2016-5403 SUSE bug 990923 SUSE bug 991080 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. Moderate CVE-2016-5407 SUSE bug 1003017 SUSE bug 1123148 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. Moderate CVE-2016-5412 SUSE bug 1013013 SUSE bug 991065 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. Moderate CVE-2016-5418 SUSE bug 998677 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. Moderate CVE-2016-5419 SUSE bug 1033413 SUSE bug 1033442 SUSE bug 991389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. Moderate CVE-2016-5420 SUSE bug 991390 SUSE bug 997420 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Moderate CVE-2016-5421 SUSE bug 991391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. Moderate CVE-2016-5423 SUSE bug 1041981 SUSE bug 1042497 SUSE bug 1052683 SUSE bug 993454 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. Moderate CVE-2016-5424 SUSE bug 1041981 SUSE bug 1042497 SUSE bug 1052683 SUSE bug 993453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. Moderate CVE-2016-5440 SUSE bug 989926 SUSE bug 991616 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. Moderate CVE-2016-5507 SUSE bug 1005557 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. Moderate CVE-2016-5542 SUSE bug 1005522 SUSE bug 1009280 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts). Important CVE-2016-5546 SUSE bug 1020905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts). Moderate CVE-2016-5547 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). Important CVE-2016-5548 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). Important CVE-2016-5549 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts). Moderate CVE-2016-5552 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. Moderate CVE-2016-5554 SUSE bug 1005523 SUSE bug 1009280 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. Critical CVE-2016-5556 SUSE bug 1005524 SUSE bug 1009280 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. Critical CVE-2016-5568 SUSE bug 1005525 SUSE bug 1009280 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582. Important CVE-2016-5573 SUSE bug 1005526 SUSE bug 1009280 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573. Critical CVE-2016-5582 SUSE bug 1005527 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. Moderate CVE-2016-5584 SUSE bug 1005558 SUSE bug 1008318 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. Moderate CVE-2016-5597 SUSE bug 1005528 SUSE bug 1009280 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-5612 SUSE bug 1005561 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. Moderate CVE-2016-5624 SUSE bug 1005564 SUSE bug 1008318 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Moderate CVE-2016-5626 SUSE bug 1005566 SUSE bug 1008318 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. Moderate CVE-2016-5629 SUSE bug 1005569 SUSE bug 1008318 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. Moderate CVE-2016-5630 SUSE bug 1005570 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. Important CVE-2016-5636 SUSE bug 1065451 SUSE bug 1106262 SUSE bug 985177 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Moderate CVE-2016-5652 SUSE bug 1007280 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. Moderate CVE-2016-5687 SUSE bug 1000713 SUSE bug 1000714 SUSE bug 1074610 SUSE bug 985448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. Moderate CVE-2016-5688 SUSE bug 985442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. Moderate CVE-2016-5689 SUSE bug 985460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. Moderate CVE-2016-5690 SUSE bug 985451 SUSE bug 985460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. Moderate CVE-2016-5691 SUSE bug 985456 SUSE bug 985460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. Moderate CVE-2016-5696 SUSE bug 1175721 SUSE bug 989152 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Moderate CVE-2016-5699 SUSE bug 1122729 SUSE bug 1130840 SUSE bug 985348 SUSE bug 985351 SUSE bug 986630 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. Moderate CVE-2016-5759 SUSE bug 990200 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. Moderate CVE-2016-5824 SUSE bug 1015964 SUSE bug 1122983 SUSE bug 986631 SUSE bug 986639 SUSE bug 986642 SUSE bug 986658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. Moderate CVE-2016-5827 SUSE bug 986631 SUSE bug 986639 SUSE bug 986642 SUSE bug 986658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. Moderate CVE-2016-5828 SUSE bug 986569 SUSE bug 991065 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. Moderate CVE-2016-5829 SUSE bug 1053919 SUSE bug 1054127 SUSE bug 986572 SUSE bug 986573 SUSE bug 991651 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. Moderate CVE-2016-5841 SUSE bug 986609 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. Moderate CVE-2016-5842 SUSE bug 986608 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. Moderate CVE-2016-5844 SUSE bug 986566 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. Moderate CVE-2016-5863 SUSE bug 1053919 SUSE bug 1054127 SUSE bug 986572 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-5875 SUSE bug 1007284 SUSE bug 984809 SUSE bug 984831 SUSE bug 987351 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. Moderate CVE-2016-6128 SUSE bug 987580 SUSE bug 991710 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Moderate CVE-2016-6132 SUSE bug 987577 SUSE bug 991436 SUSE bug 995034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. Low CVE-2016-6153 SUSE bug 1149969 SUSE bug 987394 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. Low CVE-2016-6161 SUSE bug 988032 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. Moderate CVE-2016-6170 SUSE bug 1028603 SUSE bug 987866 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. Moderate CVE-2016-6185 SUSE bug 988311 SUSE bug 999993 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. Moderate CVE-2016-6197 SUSE bug 988708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. Moderate CVE-2016-6207 SUSE bug 991434 SUSE bug 991622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. Moderate CVE-2016-6210 SUSE bug 1001712 SUSE bug 1105010 SUSE bug 1138392 SUSE bug 989363 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Moderate CVE-2016-6214 SUSE bug 987577 SUSE bug 991436 SUSE bug 995034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. Moderate CVE-2016-6224 SUSE bug 989121 SUSE bug 989122 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. Moderate CVE-2016-6225 SUSE bug 1019858 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. Low CVE-2016-6250 SUSE bug 989980 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. Important CVE-2016-6252 SUSE bug 1099310 SUSE bug 979282 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. Moderate CVE-2016-6258 SUSE bug 988675 SUSE bug 988692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. Moderate CVE-2016-6259 SUSE bug 988676 SUSE bug 988694 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. Low CVE-2016-6261 SUSE bug 1118435 SUSE bug 1173590 SUSE bug 990190 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. Moderate CVE-2016-6262 SUSE bug 1014473 SUSE bug 1173590 SUSE bug 1190777 SUSE bug 990189 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. Low CVE-2016-6263 SUSE bug 1118435 SUSE bug 990191 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. Moderate CVE-2016-6293 SUSE bug 1035111 SUSE bug 1123121 SUSE bug 990636 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. Moderate CVE-2016-6302 SUSE bug 994844 SUSE bug 995324 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. Moderate CVE-2016-6303 SUSE bug 994844 SUSE bug 995377 SUSE bug 999665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. Moderate CVE-2016-6304 SUSE bug 1001706 SUSE bug 1003811 SUSE bug 1005579 SUSE bug 1021375 SUSE bug 999665 SUSE bug 999666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. Low CVE-2016-6306 SUSE bug 999665 SUSE bug 999668 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. Moderate CVE-2016-6313 SUSE bug 1123792 SUSE bug 994157 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. Moderate CVE-2016-6316 SUSE bug 993302 SUSE bug 993313 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. Moderate CVE-2016-6317 SUSE bug 993313 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. Moderate CVE-2016-6318 SUSE bug 1123113 SUSE bug 992966 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. Moderate CVE-2016-6321 SUSE bug 1007188 SUSE bug 1123796 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). Moderate CVE-2016-6328 SUSE bug 1055857 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. Moderate CVE-2016-6329 SUSE bug 1026864 SUSE bug 995374 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. Moderate CVE-2016-6351 SUSE bug 990835 SUSE bug 990843 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. Moderate CVE-2016-6352 SUSE bug 1027024 SUSE bug 991450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Low CVE-2016-6354 SUSE bug 1026047 SUSE bug 1035082 SUSE bug 1035209 SUSE bug 990856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability. Moderate CVE-2016-6480 SUSE bug 1004418 SUSE bug 991608 SUSE bug 991667 SUSE bug 992568 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. Moderate CVE-2016-6489 SUSE bug 991464 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer. Low CVE-2016-6490 SUSE bug 991466 SUSE bug 993854 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. Moderate CVE-2016-6491 SUSE bug 991445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. Moderate CVE-2016-6504 SUSE bug 991012 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. Moderate CVE-2016-6505 SUSE bug 991013 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2016-6506 SUSE bug 991015 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Moderate CVE-2016-6507 SUSE bug 991016 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet. Moderate CVE-2016-6508 SUSE bug 991017 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2016-6509 SUSE bug 991018 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. Moderate CVE-2016-6510 SUSE bug 991019 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet. Moderate CVE-2016-6511 SUSE bug 991020 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. Moderate CVE-2016-6515 SUSE bug 992533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. Moderate CVE-2016-6520 SUSE bug 991872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. Important CVE-2016-6662 SUSE bug 1001367 SUSE bug 1005580 SUSE bug 1020873 SUSE bug 1020884 SUSE bug 1021755 SUSE bug 998309 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. Important CVE-2016-6663 SUSE bug 1001367 SUSE bug 1008253 SUSE bug 1008318 SUSE bug 1021755 SUSE bug 998309 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. Moderate CVE-2016-6664 SUSE bug 1008253 SUSE bug 1020868 SUSE bug 1020873 SUSE bug 998309 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. Moderate CVE-2016-6786 SUSE bug 1015160 SUSE bug 1025626 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. Moderate CVE-2016-6787 SUSE bug 1015160 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. Moderate CVE-2016-6794 SUSE bug 1007857 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. Moderate CVE-2016-6796 SUSE bug 1007858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. Low CVE-2016-6797 SUSE bug 1007853 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. Moderate CVE-2016-6816 SUSE bug 1011812 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. Moderate CVE-2016-6823 SUSE bug 1001066 SUSE bug 1002207 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. Moderate CVE-2016-6828 SUSE bug 1052256 SUSE bug 994296 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. Moderate CVE-2016-6833 SUSE bug 994774 SUSE bug 994775 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length. Moderate CVE-2016-6834 SUSE bug 994418 SUSE bug 994421 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. Low CVE-2016-6836 SUSE bug 994760 SUSE bug 994761 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. Moderate CVE-2016-6855 SUSE bug 994819 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. Low CVE-2016-6888 SUSE bug 994771 SUSE bug 994772 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. Low CVE-2016-6893 SUSE bug 995352 SUSE bug 997205 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. Moderate CVE-2016-6905 SUSE bug 995034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer. Low CVE-2016-6906 SUSE bug 1022553 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. Important CVE-2016-6912 SUSE bug 1022284 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. Moderate CVE-2016-7032 SUSE bug 1007501 SUSE bug 1007766 SUSE bug 1011975 SUSE bug 1011976 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666. Important CVE-2016-7039 SUSE bug 1001486 SUSE bug 1001487 SUSE bug 1003964 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. Moderate CVE-2016-7042 SUSE bug 1004517 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Moderate CVE-2016-7052 SUSE bug 1001148 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. Moderate CVE-2016-7053 SUSE bug 1009533 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. Important CVE-2016-7054 SUSE bug 1009531 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. Moderate CVE-2016-7055 SUSE bug 1009528 SUSE bug 1021641 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. Moderate CVE-2016-7056 SUSE bug 1005878 SUSE bug 1019334 SUSE bug 1148697 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. Moderate CVE-2016-7076 SUSE bug 1007501 SUSE bug 1011975 SUSE bug 1011976 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. Important CVE-2016-7092 SUSE bug 995785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. Important CVE-2016-7093 SUSE bug 995789 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. Moderate CVE-2016-7094 SUSE bug 995792 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. Low CVE-2016-7097 SUSE bug 1021258 SUSE bug 1052256 SUSE bug 870618 SUSE bug 995968 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. Low CVE-2016-7098 SUSE bug 995964 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Important CVE-2016-7099 SUSE bug 1001652 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Moderate CVE-2016-7103 SUSE bug 996004 SUSE bug 996014 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string. Low CVE-2016-7116 SUSE bug 996441 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. Moderate CVE-2016-7117 SUSE bug 1003077 SUSE bug 1003253 SUSE bug 1057478 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. Moderate CVE-2016-7141 SUSE bug 991390 SUSE bug 997420 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings. Moderate CVE-2016-7155 SUSE bug 997858 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast. Moderate CVE-2016-7156 SUSE bug 997859 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK. Low CVE-2016-7157 SUSE bug 997860 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. Moderate CVE-2016-7161 SUSE bug 1001151 SUSE bug 1001152 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Moderate CVE-2016-7163 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 997857 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. Moderate CVE-2016-7167 SUSE bug 998760 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. Moderate CVE-2016-7170 SUSE bug 998516 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. Moderate CVE-2016-7175 SUSE bug 998099 SUSE bug 998761 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. Moderate CVE-2016-7176 SUSE bug 998099 SUSE bug 998762 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. Moderate CVE-2016-7177 SUSE bug 998099 SUSE bug 998763 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. Moderate CVE-2016-7178 SUSE bug 998099 SUSE bug 998964 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Moderate CVE-2016-7179 SUSE bug 998099 SUSE bug 998963 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. Moderate CVE-2016-7180 SUSE bug 998099 SUSE bug 998800 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. Moderate CVE-2016-7401 SUSE bug 1001374 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. Important CVE-2016-7404 SUSE bug 1004677 SUSE bug 998182 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. Moderate CVE-2016-7422 SUSE bug 1000346 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. Moderate CVE-2016-7425 SUSE bug 999932 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. Moderate CVE-2016-7426 SUSE bug 1011406 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. Moderate CVE-2016-7427 SUSE bug 1011390 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. Moderate CVE-2016-7428 SUSE bug 1011417 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. Low CVE-2016-7429 SUSE bug 1011404 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. Moderate CVE-2016-7431 SUSE bug 1011395 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." Low CVE-2016-7433 SUSE bug 1011411 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. Moderate CVE-2016-7434 SUSE bug 1011398 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. Moderate CVE-2016-7440 SUSE bug 1005581 SUSE bug 1008318 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. Low CVE-2016-7444 SUSE bug 999646 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. Moderate CVE-2016-7445 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1015662 SUSE bug 999817 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. Moderate CVE-2016-7466 SUSE bug 1000345 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. Moderate CVE-2016-7530 SUSE bug 1000399 SUSE bug 1000703 SUSE bug 1054924 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. Moderate CVE-2016-7543 SUSE bug 1001299 SUSE bug 1159416 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. Moderate CVE-2016-7545 SUSE bug 1000998 SUSE bug 968375 SUSE bug 968674 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. Moderate CVE-2016-7567 SUSE bug 1001600 SUSE bug 1074356 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. Moderate CVE-2016-7586 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7587 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7589 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site. Moderate CVE-2016-7592 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. Moderate CVE-2016-7598 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. Moderate CVE-2016-7599 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7610 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site. Moderate CVE-2016-7623 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7632 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7635 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7639 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7641 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7645 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7652 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7654 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2016-7656 SUSE bug 1020950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. Moderate CVE-2016-7777 SUSE bug 1000106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. Moderate CVE-2016-7795 SUSE bug 1001765 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. Moderate CVE-2016-7798 SUSE bug 1055265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. Moderate CVE-2016-7837 SUSE bug 1026652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. Moderate CVE-2016-7907 SUSE bug 1002549 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. Moderate CVE-2016-7908 SUSE bug 1002550 SUSE bug 1003030 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. Moderate CVE-2016-7909 SUSE bug 1002557 SUSE bug 1003032 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. Moderate CVE-2016-7910 SUSE bug 1010716 SUSE bug 1196722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. Moderate CVE-2016-7912 SUSE bug 1010480 SUSE bug 1010481 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Moderate CVE-2016-7913 SUSE bug 1010478 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite. Moderate CVE-2016-7914 SUSE bug 1010475 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. Moderate CVE-2016-7917 SUSE bug 1010444 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). Moderate CVE-2016-7922 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). Moderate CVE-2016-7923 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). Moderate CVE-2016-7924 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print(). Moderate CVE-2016-7925 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print(). Moderate CVE-2016-7926 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). Moderate CVE-2016-7927 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print(). Moderate CVE-2016-7928 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). Moderate CVE-2016-7929 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). Moderate CVE-2016-7930 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). Moderate CVE-2016-7931 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). Moderate CVE-2016-7932 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). Moderate CVE-2016-7933 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). Moderate CVE-2016-7934 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). Moderate CVE-2016-7935 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). Moderate CVE-2016-7936 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). Moderate CVE-2016-7937 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). Moderate CVE-2016-7938 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. Moderate CVE-2016-7939 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. Moderate CVE-2016-7940 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. Moderate CVE-2016-7942 SUSE bug 1002991 SUSE bug 1174752 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. Moderate CVE-2016-7944 SUSE bug 1002995 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. Moderate CVE-2016-7945 SUSE bug 1002998 SUSE bug 1134167 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. Moderate CVE-2016-7946 SUSE bug 1002998 SUSE bug 1134167 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. Moderate CVE-2016-7947 SUSE bug 1003000 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. Moderate CVE-2016-7948 SUSE bug 1003000 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. Moderate CVE-2016-7949 SUSE bug 1003002 SUSE bug 1015442 SUSE bug 1123146 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. Moderate CVE-2016-7950 SUSE bug 1003002 SUSE bug 1015442 SUSE bug 1123146 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. Moderate CVE-2016-7951 SUSE bug 1003012 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. Moderate CVE-2016-7952 SUSE bug 1003012 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. Moderate CVE-2016-7953 SUSE bug 1003023 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. Moderate CVE-2016-7957 SUSE bug 1033717 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. Moderate CVE-2016-7958 SUSE bug 1033712 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." Moderate CVE-2016-7969 SUSE bug 1002982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Moderate CVE-2016-7970 SUSE bug 1002982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2016-7971 SUSE bug 1002982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Moderate CVE-2016-7972 SUSE bug 1002982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. Moderate CVE-2016-7973 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions. Moderate CVE-2016-7974 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). Moderate CVE-2016-7975 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). Moderate CVE-2016-7983 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). Moderate CVE-2016-7984 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). Moderate CVE-2016-7985 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. Moderate CVE-2016-7986 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print(). Moderate CVE-2016-7992 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). Moderate CVE-2016-7993 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. Moderate CVE-2016-7994 SUSE bug 1003613 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. Moderate CVE-2016-7995 SUSE bug 1003612 SUSE bug 1003870 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. Moderate CVE-2016-8283 SUSE bug 1005582 SUSE bug 1008318 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts). Important CVE-2016-8318 SUSE bug 1020868 SUSE bug 1020872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). Moderate CVE-2016-8327 SUSE bug 1020868 SUSE bug 1020893 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. Moderate CVE-2016-8331 SUSE bug 1007276 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. Important CVE-2016-8332 SUSE bug 1002414 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption. Moderate CVE-2016-8492 SUSE bug 1065013 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). Moderate CVE-2016-8574 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. Moderate CVE-2016-8575 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. Moderate CVE-2016-8576 SUSE bug 1003878 SUSE bug 1004016 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. Moderate CVE-2016-8577 SUSE bug 1003893 SUSE bug 1004021 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. Moderate CVE-2016-8578 SUSE bug 1003894 SUSE bug 1004023 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. Low CVE-2016-8605 SUSE bug 1004221 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Moderate CVE-2016-8610 SUSE bug 1005878 SUSE bug 1005879 SUSE bug 1120592 SUSE bug 1126909 SUSE bug 1148697 SUSE bug 982575 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. Moderate CVE-2016-8611 SUSE bug 1005886 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. Moderate CVE-2016-8614 SUSE bug 1008038 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. Moderate CVE-2016-8615 SUSE bug 1005633 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. Low CVE-2016-8616 SUSE bug 1005634 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. Moderate CVE-2016-8617 SUSE bug 1005635 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. Moderate CVE-2016-8618 SUSE bug 1005637 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. Moderate CVE-2016-8619 SUSE bug 1005638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. Moderate CVE-2016-8620 SUSE bug 1005640 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. Moderate CVE-2016-8621 SUSE bug 1005642 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer. Moderate CVE-2016-8622 SUSE bug 1005643 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. Moderate CVE-2016-8623 SUSE bug 1005645 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. Moderate CVE-2016-8624 SUSE bug 1005646 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as. Moderate CVE-2016-8628 SUSE bug 1008037 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. Moderate CVE-2016-8630 SUSE bug 1009222 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability. Moderate CVE-2016-8632 SUSE bug 1008831 SUSE bug 1012852 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. Moderate CVE-2016-8633 SUSE bug 1008833 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Moderate CVE-2016-8635 SUSE bug 1015422 SUSE bug 1015547 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. Moderate CVE-2016-8636 SUSE bug 1024908 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials. Moderate CVE-2016-8637 SUSE bug 1008340 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. Moderate CVE-2016-8645 SUSE bug 1009969 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. Moderate CVE-2016-8646 SUSE bug 1010150 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. Important CVE-2016-8650 SUSE bug 1011820 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. Moderate CVE-2016-8654 SUSE bug 1012530 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. Moderate CVE-2016-8655 SUSE bug 1012754 SUSE bug 1012759 SUSE bug 1013822 SUSE bug 1052365 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. Moderate CVE-2016-8658 SUSE bug 1004462 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. Important CVE-2016-8666 SUSE bug 1001486 SUSE bug 1001487 SUSE bug 1003964 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. Moderate CVE-2016-8667 SUSE bug 1004702 SUSE bug 1005004 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. Moderate CVE-2016-8668 SUSE bug 1004706 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. Moderate CVE-2016-8669 SUSE bug 1004707 SUSE bug 1005005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. Moderate CVE-2016-8687 SUSE bug 1005070 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. Moderate CVE-2016-8688 SUSE bug 1005076 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. Moderate CVE-2016-8689 SUSE bug 1005072 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command. Moderate CVE-2016-8690 SUSE bug 1005084 SUSE bug 1007009 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. Moderate CVE-2016-8691 SUSE bug 1005090 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. Moderate CVE-2016-8692 SUSE bug 1005090 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. Important CVE-2016-8693 SUSE bug 1005242 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. Moderate CVE-2016-8704 SUSE bug 1007719 SUSE bug 1007866 SUSE bug 1007871 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. Moderate CVE-2016-8705 SUSE bug 1007866 SUSE bug 1007870 SUSE bug 1056865 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. Moderate CVE-2016-8706 SUSE bug 1007866 SUSE bug 1007869 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. Moderate CVE-2016-8707 SUSE bug 1014159 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. Moderate CVE-2016-8735 SUSE bug 1011805 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. Moderate CVE-2016-8740 SUSE bug 1013648 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. Moderate CVE-2016-8743 SUSE bug 1016715 SUSE bug 1033513 SUSE bug 1086774 SUSE bug 1104826 SUSE bug 930944 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions. Moderate CVE-2016-8745 SUSE bug 1015119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request. Moderate CVE-2016-8747 SUSE bug 1029460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." Moderate CVE-2016-8858 SUSE bug 1005480 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. Moderate CVE-2016-8862 SUSE bug 1007245 SUSE bug 1009318 SUSE bug 1031267 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. Important CVE-2016-8864 SUSE bug 1007829 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1020526 SUSE bug 1024130 SUSE bug 1033466 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. Moderate CVE-2016-8866 SUSE bug 1007245 SUSE bug 1009318 SUSE bug 1031267 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4516. Reason: This candidate is a duplicate of CVE-2011-4516. Notes: All CVE users should reference CVE-2011-4516 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-8880 SUSE bug 1006591 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4517. Reason: This candidate is a duplicate of CVE-2011-4517. Notes: All CVE users should reference CVE-2011-4517 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-8881 SUSE bug 1006593 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Moderate CVE-2016-8882 SUSE bug 1006597 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. Low CVE-2016-8883 SUSE bug 1006598 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. Low CVE-2016-8884 SUSE bug 1005084 SUSE bug 1007009 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. Low CVE-2016-8885 SUSE bug 1005084 SUSE bug 1007009 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. Low CVE-2016-8886 SUSE bug 1006599 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). Low CVE-2016-8887 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. Moderate CVE-2016-8909 SUSE bug 1006536 SUSE bug 1007160 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. Moderate CVE-2016-8910 SUSE bug 1006538 SUSE bug 1007157 SUSE bug 1024178 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. Moderate CVE-2016-9013 SUSE bug 1008050 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. Moderate CVE-2016-9014 SUSE bug 1008047 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. Low CVE-2016-9015 SUSE bug 1023502 SUSE bug 1024540 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. Moderate CVE-2016-9042 SUSE bug 1030050 SUSE bug 1038049 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Moderate CVE-2016-9061 SUSE bug 1009026 SUSE bug 1010418 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Moderate CVE-2016-9062 SUSE bug 1009026 SUSE bug 1010419 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Critical CVE-2016-9063 SUSE bug 1009026 SUSE bug 1010424 SUSE bug 1047240 SUSE bug 1123115 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. Moderate CVE-2016-9064 SUSE bug 1009026 SUSE bug 1010402 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. Moderate CVE-2016-9065 SUSE bug 1009026 SUSE bug 1010403 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Moderate CVE-2016-9066 SUSE bug 1009026 SUSE bug 1010404 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Moderate CVE-2016-9067 SUSE bug 1009026 SUSE bug 1010405 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. Moderate CVE-2016-9068 SUSE bug 1009026 SUSE bug 1010406 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. Moderate CVE-2016-9069 SUSE bug 1009026 SUSE bug 1010405 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. Low CVE-2016-9071 SUSE bug 1009026 SUSE bug 1010425 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50. Moderate CVE-2016-9072 SUSE bug 1009026 SUSE bug 1010407 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. Moderate CVE-2016-9073 SUSE bug 1009026 SUSE bug 1010421 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Moderate CVE-2016-9074 SUSE bug 1009026 SUSE bug 1010422 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. Moderate CVE-2016-9075 SUSE bug 1009026 SUSE bug 1010408 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. Moderate CVE-2016-9076 SUSE bug 1009026 SUSE bug 1010423 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. Moderate CVE-2016-9077 SUSE bug 1009026 SUSE bug 1010409 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1. Moderate CVE-2016-9078 SUSE bug 1012807 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Moderate CVE-2016-9079 SUSE bug 1012964 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. Moderate CVE-2016-9082 SUSE bug 1007255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." Low CVE-2016-9083 SUSE bug 1007197 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. Low CVE-2016-9084 SUSE bug 1007197 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. Moderate CVE-2016-9101 SUSE bug 1007391 SUSE bug 1013668 SUSE bug 1024181 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number. Moderate CVE-2016-9102 SUSE bug 1007450 SUSE bug 1014256 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them. Moderate CVE-2016-9103 SUSE bug 1007454 SUSE bug 1014259 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. Moderate CVE-2016-9104 SUSE bug 1007493 SUSE bug 1014297 SUSE bug 1034990 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. Moderate CVE-2016-9105 SUSE bug 1007494 SUSE bug 1014279 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. Moderate CVE-2016-9106 SUSE bug 1007495 SUSE bug 1014299 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. Moderate CVE-2016-9112 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1015662 SUSE bug 1056396 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. Moderate CVE-2016-9113 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. Moderate CVE-2016-9114 SUSE bug 1007739 SUSE bug 1007740 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Moderate CVE-2016-9115 SUSE bug 1007739 SUSE bug 1007741 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Moderate CVE-2016-9116 SUSE bug 1007739 SUSE bug 1007742 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. Moderate CVE-2016-9117 SUSE bug 1007739 SUSE bug 1007743 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. Moderate CVE-2016-9118 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. Critical CVE-2016-9120 SUSE bug 1014747 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. Important CVE-2016-9131 SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1033466 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. Important CVE-2016-9147 SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1033466 SUSE bug 1081545 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. Important CVE-2016-9180 SUSE bug 1008644 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. Moderate CVE-2016-9189 SUSE bug 1008845 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. Moderate CVE-2016-9190 SUSE bug 1008846 SUSE bug 973786 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. Moderate CVE-2016-9191 SUSE bug 1008842 SUSE bug 1027179 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. Moderate CVE-2016-9262 SUSE bug 1009994 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. Moderate CVE-2016-9273 SUSE bug 1010163 SUSE bug 1017693 SUSE bug 1150480 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. Moderate CVE-2016-9297 SUSE bug 1010161 SUSE bug 1011103 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image. Moderate CVE-2016-9298 SUSE bug 1010164 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. Moderate CVE-2016-9310 SUSE bug 1011377 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. Moderate CVE-2016-9311 SUSE bug 1011377 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. Moderate CVE-2016-9312 SUSE bug 1011401 SUSE bug 1011421 SUSE bug 1012330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. Moderate CVE-2016-9313 SUSE bug 1012356 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. Moderate CVE-2016-9317 SUSE bug 1022283 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Moderate CVE-2016-9318 SUSE bug 1010675 SUSE bug 1014873 SUSE bug 1019074 SUSE bug 1118959 SUSE bug 1123919 SUSE bug 1126613 SUSE bug 1148896 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings. Moderate CVE-2016-9373 SUSE bug 1010754 SUSE bug 1010911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable. Moderate CVE-2016-9374 SUSE bug 1010752 SUSE bug 1010911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. Moderate CVE-2016-9375 SUSE bug 1010740 SUSE bug 1010911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. Moderate CVE-2016-9376 SUSE bug 1010735 SUSE bug 1010911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. Moderate CVE-2016-9377 SUSE bug 1009108 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. Moderate CVE-2016-9378 SUSE bug 1009108 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. Moderate CVE-2016-9379 SUSE bug 1009111 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. Moderate CVE-2016-9380 SUSE bug 1009111 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. Important CVE-2016-9381 SUSE bug 1009109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. Moderate CVE-2016-9382 SUSE bug 1009103 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. Moderate CVE-2016-9383 SUSE bug 1009107 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. Moderate CVE-2016-9384 SUSE bug 1009105 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. Moderate CVE-2016-9385 SUSE bug 1009104 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. Moderate CVE-2016-9386 SUSE bug 1009100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. Moderate CVE-2016-9387 SUSE bug 1010960 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. Moderate CVE-2016-9388 SUSE bug 1010975 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). Moderate CVE-2016-9389 SUSE bug 1010968 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. Moderate CVE-2016-9390 SUSE bug 1010774 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. Moderate CVE-2016-9391 SUSE bug 1010782 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. Moderate CVE-2016-9392 SUSE bug 1010757 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. Moderate CVE-2016-9393 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. Moderate CVE-2016-9394 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. Moderate CVE-2016-9395 SUSE bug 1010977 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. Moderate CVE-2016-9396 SUSE bug 1010783 SUSE bug 1021871 SUSE bug 1082397 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Moderate CVE-2016-9397 SUSE bug 1010786 SUSE bug 1011829 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Moderate CVE-2016-9398 SUSE bug 1010979 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Moderate CVE-2016-9399 SUSE bug 1010980 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. Moderate CVE-2016-9401 SUSE bug 1010845 SUSE bug 1123788 SUSE bug 1159416 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. Moderate CVE-2016-9427 SUSE bug 1011276 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9434 SUSE bug 1011283 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. Moderate CVE-2016-9435 SUSE bug 1011284 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. Moderate CVE-2016-9436 SUSE bug 1011285 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. Moderate CVE-2016-9437 SUSE bug 1011286 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9438 SUSE bug 1011287 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. Moderate CVE-2016-9439 SUSE bug 1011288 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9440 SUSE bug 1011289 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9441 SUSE bug 1011290 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. Moderate CVE-2016-9442 SUSE bug 1011291 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9443 SUSE bug 1011292 SUSE bug 1011293 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. Important CVE-2016-9444 SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1033466 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. Moderate CVE-2016-9445 SUSE bug 1010829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. Moderate CVE-2016-9446 SUSE bug 1010829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. Moderate CVE-2016-9448 SUSE bug 1010161 SUSE bug 1011103 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. Moderate CVE-2016-9453 SUSE bug 1007280 SUSE bug 1011107 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. Moderate CVE-2016-9538 SUSE bug 1004519 SUSE bug 1011841 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. Moderate CVE-2016-9555 SUSE bug 1011685 SUSE bug 1012183 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. Moderate CVE-2016-9556 SUSE bug 1011130 SUSE bug 1013376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. Moderate CVE-2016-9557 SUSE bug 1010786 SUSE bug 1011829 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. Moderate CVE-2016-9559 SUSE bug 1011136 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image. Moderate CVE-2016-9560 SUSE bug 1011830 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. Moderate CVE-2016-9572 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1014543 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. Moderate CVE-2016-9573 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1014543 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. Important CVE-2016-9574 SUSE bug 1015499 SUSE bug 1035082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. Important CVE-2016-9576 SUSE bug 1013604 SUSE bug 1014271 SUSE bug 1017710 SUSE bug 1019079 SUSE bug 1019668 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. Important CVE-2016-9577 SUSE bug 1023078 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. Important CVE-2016-9578 SUSE bug 1023078 SUSE bug 1023079 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. Moderate CVE-2016-9580 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1014975 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. Moderate CVE-2016-9581 SUSE bug 1007739 SUSE bug 1007744 SUSE bug 1014975 SUSE bug 1015662 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. Moderate CVE-2016-9583 SUSE bug 1015400 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. Moderate CVE-2016-9584 SUSE bug 1015964 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. Moderate CVE-2016-9586 SUSE bug 1015332 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Important CVE-2016-9587 SUSE bug 1019021 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. Moderate CVE-2016-9591 SUSE bug 1015993 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable. Moderate CVE-2016-9594 SUSE bug 1016738 SUSE bug 1017161 SUSE bug 1042181 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. Moderate CVE-2016-9597 SUSE bug 1014873 SUSE bug 1017497 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. Moderate CVE-2016-9598 SUSE bug 1026099 SUSE bug 1026101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. Low CVE-2016-9600 SUSE bug 1018088 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. Low CVE-2016-9601 SUSE bug 1018128 SUSE bug 1036453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. Moderate CVE-2016-9602 SUSE bug 1020427 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Moderate CVE-2016-9603 SUSE bug 1028655 SUSE bug 1028656 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9429. Reason: This candidate is a reservation duplicate of CVE-2016-9429. Notes: All CVE users should reference CVE-2016-9429 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2016-9621 SUSE bug 1011278 SUSE bug 1011293 SUSE bug 1012020 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9622 SUSE bug 1011293 SUSE bug 1012021 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9623 SUSE bug 1011293 SUSE bug 1012022 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9624 SUSE bug 1011293 SUSE bug 1012023 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. Moderate CVE-2016-9625 SUSE bug 1011293 SUSE bug 1012024 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. Moderate CVE-2016-9626 SUSE bug 1011293 SUSE bug 1012025 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. Moderate CVE-2016-9627 SUSE bug 1011293 SUSE bug 1012026 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9628 SUSE bug 1011293 SUSE bug 1012027 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9629 SUSE bug 1011293 SUSE bug 1012028 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. Moderate CVE-2016-9630 SUSE bug 1011293 SUSE bug 1012029 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Moderate CVE-2016-9631 SUSE bug 1011293 SUSE bug 1012030 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. Moderate CVE-2016-9632 SUSE bug 1011293 SUSE bug 1012031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. Moderate CVE-2016-9633 SUSE bug 1011293 SUSE bug 1012032 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. Moderate CVE-2016-9634 SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. Moderate CVE-2016-9635 SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. Moderate CVE-2016-9636 SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. Moderate CVE-2016-9637 SUSE bug 1011652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. Moderate CVE-2016-9642 SUSE bug 1013715 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The regex code in Webkit 2.4.11 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis). Moderate CVE-2016-9643 SUSE bug 1015783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. Moderate CVE-2016-9644 SUSE bug 1008650 SUSE bug 1012353 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations. Moderate CVE-2016-9685 SUSE bug 1012832 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c. Important CVE-2016-9755 SUSE bug 1013060 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Moderate CVE-2016-9756 SUSE bug 1013038 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. Moderate CVE-2016-9773 SUSE bug 1011130 SUSE bug 1013376 SUSE bug 1017421 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. Moderate CVE-2016-9776 SUSE bug 1013285 SUSE bug 1013657 SUSE bug 1024182 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h. Important CVE-2016-9777 SUSE bug 1013283 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1. Important CVE-2016-9778 SUSE bug 1018699 SUSE bug 1018703 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. Moderate CVE-2016-9793 SUSE bug 1013531 SUSE bug 1013542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. Moderate CVE-2016-9794 SUSE bug 1013533 SUSE bug 1013543 SUSE bug 1013604 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. Low CVE-2016-9799 SUSE bug 1013716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. Low CVE-2016-9801 SUSE bug 1013732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. Moderate CVE-2016-9806 SUSE bug 1013540 SUSE bug 1017589 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. Important CVE-2016-9807 SUSE bug 1013655 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. Important CVE-2016-9808 SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. Moderate CVE-2016-9809 SUSE bug 1013659 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. Moderate CVE-2016-9810 SUSE bug 1013663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. Moderate CVE-2016-9811 SUSE bug 1013669 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. Moderate CVE-2016-9812 SUSE bug 1013678 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Important CVE-2016-9813 SUSE bug 1013680 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. Moderate CVE-2016-9815 SUSE bug 1012652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. Moderate CVE-2016-9816 SUSE bug 1012652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. Moderate CVE-2016-9817 SUSE bug 1012652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. Moderate CVE-2016-9818 SUSE bug 1012652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Moderate CVE-2016-9840 SUSE bug 1003579 SUSE bug 1022633 SUSE bug 1023215 SUSE bug 1038505 SUSE bug 1120866 SUSE bug 1123150 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Moderate CVE-2016-9841 SUSE bug 1003579 SUSE bug 1022633 SUSE bug 1038505 SUSE bug 1064070 SUSE bug 1070162 SUSE bug 1120866 SUSE bug 1123150 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Moderate CVE-2016-9842 SUSE bug 1003580 SUSE bug 1022633 SUSE bug 1023215 SUSE bug 1038505 SUSE bug 1120866 SUSE bug 1123150 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. Moderate CVE-2016-9843 SUSE bug 1003580 SUSE bug 1013882 SUSE bug 1038505 SUSE bug 1116686 SUSE bug 1120866 SUSE bug 1123150 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. Moderate CVE-2016-9844 SUSE bug 1013992 SUSE bug 1159417 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes. Moderate CVE-2016-9845 SUSE bug 1013767 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. Moderate CVE-2016-9846 SUSE bug 1013764 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. Moderate CVE-2016-9888 SUSE bug 1014609 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Moderate CVE-2016-9893 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Moderate CVE-2016-9895 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Moderate CVE-2016-9897 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Moderate CVE-2016-9898 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Moderate CVE-2016-9899 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Moderate CVE-2016-9900 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. Moderate CVE-2016-9901 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. Moderate CVE-2016-9902 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Moderate CVE-2016-9904 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. Moderate CVE-2016-9905 SUSE bug 1015422 SUSE bug 1015527 SUSE bug 1015528 SUSE bug 1015529 SUSE bug 1015530 SUSE bug 1015531 SUSE bug 1015533 SUSE bug 1015534 SUSE bug 1015535 SUSE bug 1015536 SUSE bug 1015537 SUSE bug 1015538 SUSE bug 1015540 SUSE bug 1015541 SUSE bug 1015542 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Moderate CVE-2016-9907 SUSE bug 1014109 SUSE bug 1014490 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. Low CVE-2016-9908 SUSE bug 1014514 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Moderate CVE-2016-9911 SUSE bug 1014111 SUSE bug 1014507 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. Moderate CVE-2016-9912 SUSE bug 1014112 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. Moderate CVE-2016-9913 SUSE bug 1014110 SUSE bug 1014311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. Moderate CVE-2016-9914 SUSE bug 1014110 SUSE bug 1014311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend. Moderate CVE-2016-9915 SUSE bug 1014110 SUSE bug 1014311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. Moderate CVE-2016-9916 SUSE bug 1014110 SUSE bug 1014311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. Moderate CVE-2016-9917 SUSE bug 1015171 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. Moderate CVE-2016-9918 SUSE bug 1013893 SUSE bug 1015173 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. Moderate CVE-2016-9919 SUSE bug 1014701 SUSE bug 1014743 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. Moderate CVE-2016-9921 SUSE bug 1014702 SUSE bug 1015169 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. Moderate CVE-2016-9922 SUSE bug 1014702 SUSE bug 1015169 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. Moderate CVE-2016-9932 SUSE bug 1012651 SUSE bug 1016340 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. Moderate CVE-2016-9933 SUSE bug 1015187 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. Moderate CVE-2016-9941 SUSE bug 1017711 SUSE bug 1019274 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Moderate CVE-2016-9942 SUSE bug 1017712 SUSE bug 1019274 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." Moderate CVE-2016-9952 SUSE bug 1092958 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. Important CVE-2016-9953 SUSE bug 1092956 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in game-music-emu before 0.6.1. Moderate CVE-2016-9957 SUSE bug 1015941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. Moderate CVE-2016-9958 SUSE bug 1015941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. Moderate CVE-2016-9959 SUSE bug 1015941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). Moderate CVE-2016-9960 SUSE bug 1015941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 game-music-emu before 0.6.1 mishandles unspecified integer values. Moderate CVE-2016-9961 SUSE bug 1015941 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In libwebp 0.5.1, there is a double free bug in libwebpmux. Low CVE-2016-9969 SUSE bug 1136199 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. Moderate CVE-2017-0379 SUSE bug 1055837 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432. Moderate CVE-2017-0381 SUSE bug 1020102 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299. Low CVE-2017-0386 SUSE bug 1020123 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34276203. Critical CVE-2017-0564 SUSE bug 1033200 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2017-0605 SUSE bug 1037331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353. Moderate CVE-2017-0627 SUSE bug 1037340 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115. Moderate CVE-2017-0630 SUSE bug 1037338 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591. Moderate CVE-2017-0641 SUSE bug 1056539 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. Important CVE-2017-0663 SUSE bug 1044337 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013. Important CVE-2017-0750 SUSE bug 1053160 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-LTSS Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. Important CVE-2017-0861 SUSE bug 1088260 SUSE bug 1088268 SUSE bug 1091815 cpe:/o:suse:sles-ltss:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Moderate CVE-2017-0898 SUSE bug 1058755 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. Important CVE-2017-0899 SUSE bug 1056286 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. Important CVE-2017-0900 SUSE bug 1056286 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. Important CVE-2017-0901 SUSE bug 1056286 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. Important CVE-2017-0902 SUSE bug 1056286 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. Moderate CVE-2017-0903 SUSE bug 1062452 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. Moderate CVE-2017-1000050 SUSE bug 1047958 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. Moderate CVE-2017-1000082 SUSE bug 1047023 SUSE bug 1172483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. Moderate CVE-2017-1000083 SUSE bug 1046856 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. Moderate CVE-2017-1000099 SUSE bug 1051645 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS. Moderate CVE-2017-1000100 SUSE bug 1051644 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`. Moderate CVE-2017-1000101 SUSE bug 1051643 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW. Moderate CVE-2017-1000111 SUSE bug 1052365 SUSE bug 1052367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. Moderate CVE-2017-1000112 SUSE bug 1052311 SUSE bug 1052365 SUSE bug 1052368 SUSE bug 1072162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. Moderate CVE-2017-1000117 SUSE bug 1052481 SUSE bug 1052696 SUSE bug 1052932 SUSE bug 1053364 SUSE bug 1053600 SUSE bug 1053919 SUSE bug 1054653 SUSE bug 1058214 SUSE bug 1066430 SUSE bug 1071709 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. Important CVE-2017-1000121 SUSE bug 1078996 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. Moderate CVE-2017-1000122 SUSE bug 1078994 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 exiv2 0.26 contains a Stack out of bounds read in webp parser Moderate CVE-2017-1000126 SUSE bug 1068873 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Exiv2 0.26 contains a heap buffer overflow in tiff parser Moderate CVE-2017-1000127 SUSE bug 1068872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser Moderate CVE-2017-1000128 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) Important CVE-2017-1000158 SUSE bug 1068664 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. Moderate CVE-2017-1000159 SUSE bug 1070046 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service Moderate CVE-2017-1000198 SUSE bug 1049485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. Moderate CVE-2017-1000199 SUSE bug 1049491 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service Moderate CVE-2017-1000200 SUSE bug 1049489 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack Moderate CVE-2017-1000201 SUSE bug 1049488 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. Low CVE-2017-1000246 SUSE bug 1068612 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). Important CVE-2017-1000249 SUSE bug 1056838 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. Moderate CVE-2017-1000250 SUSE bug 1057342 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. Important CVE-2017-1000251 SUSE bug 1057389 SUSE bug 1057950 SUSE bug 1070535 SUSE bug 1072162 SUSE bug 1120758 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. Moderate CVE-2017-1000252 SUSE bug 1058038 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary. Important CVE-2017-1000253 SUSE bug 1059525 SUSE bug 1061680 SUSE bug 1075506 SUSE bug 1149729 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. Low CVE-2017-1000254 SUSE bug 1061876 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. Moderate CVE-2017-1000255 SUSE bug 1061633 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. Moderate CVE-2017-1000256 SUSE bug 1062563 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. Moderate CVE-2017-1000257 SUSE bug 1063824 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). Moderate CVE-2017-1000364 SUSE bug 1039346 SUSE bug 1039348 SUSE bug 1042200 SUSE bug 1044985 SUSE bug 1075506 SUSE bug 1077345 SUSE bug 1149726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. Moderate CVE-2017-1000365 SUSE bug 1037551 SUSE bug 1039346 SUSE bug 1039349 SUSE bug 1039354 SUSE bug 1054557 SUSE bug 1077345 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Important CVE-2017-1000366 SUSE bug 1037551 SUSE bug 1039357 SUSE bug 1071319 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Important CVE-2017-1000367 SUSE bug 1007501 SUSE bug 1039361 SUSE bug 1042146 SUSE bug 1077345 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. Important CVE-2017-1000368 SUSE bug 1039361 SUSE bug 1042146 SUSE bug 1045986 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. Moderate CVE-2017-1000376 SUSE bug 1045091 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. Moderate CVE-2017-1000379 SUSE bug 1037551 SUSE bug 1039346 SUSE bug 1044934 SUSE bug 1059525 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. Moderate CVE-2017-1000380 SUSE bug 1044125 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. Moderate CVE-2017-1000381 SUSE bug 1044946 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. Low CVE-2017-1000382 SUSE bug 1065958 SUSE bug 1070955 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. Low CVE-2017-1000383 SUSE bug 1065957 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). Moderate CVE-2017-1000385 SUSE bug 1070960 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp. Important CVE-2017-1000405 SUSE bug 1069496 SUSE bug 1070307 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. Moderate CVE-2017-1000408 SUSE bug 1039357 SUSE bug 1071319 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. Moderate CVE-2017-1000409 SUSE bug 1071319 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). Moderate CVE-2017-1000410 SUSE bug 1070535 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. Important CVE-2017-1000433 SUSE bug 1074662 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service Moderate CVE-2017-1000445 SUSE bug 1074425 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. Moderate CVE-2017-1000476 SUSE bug 1074610 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. Moderate CVE-2017-1002201 SUSE bug 1155089 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10053 SUSE bug 1049305 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Important CVE-2017-10067 SUSE bug 1049306 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10074 SUSE bug 1049307 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). Important CVE-2017-10078 SUSE bug 1049308 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Moderate CVE-2017-10081 SUSE bug 1049309 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10086 SUSE bug 1049310 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10087 SUSE bug 1049311 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10089 SUSE bug 1049312 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10090 SUSE bug 1049313 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10096 SUSE bug 1049314 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10101 SUSE bug 1049315 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Important CVE-2017-10102 SUSE bug 1049316 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Moderate CVE-2017-10105 SUSE bug 1049317 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10107 SUSE bug 1049318 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10108 SUSE bug 1049319 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10109 SUSE bug 1049320 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10110 SUSE bug 1049321 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10111 SUSE bug 1049322 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10114 SUSE bug 1049323 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Important CVE-2017-10115 SUSE bug 1049324 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10116 SUSE bug 1049325 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Important CVE-2017-10118 SUSE bug 1049326 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Moderate CVE-2017-10125 SUSE bug 1049327 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Moderate CVE-2017-10135 SUSE bug 1049328 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Important CVE-2017-10176 SUSE bug 1049329 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Low CVE-2017-10193 SUSE bug 1049330 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). Moderate CVE-2017-10198 SUSE bug 1049331 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). Moderate CVE-2017-10243 SUSE bug 1049332 SUSE bug 1049333 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). Moderate CVE-2017-10268 SUSE bug 1064101 SUSE bug 1064119 SUSE bug 1076505 SUSE bug 1076506 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). Moderate CVE-2017-10274 SUSE bug 1064071 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10281 SUSE bug 1064072 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10285 SUSE bug 1064073 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-10286 SUSE bug 1064107 SUSE bug 1064119 SUSE bug 1076506 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Moderate CVE-2017-10293 SUSE bug 1064074 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). Moderate CVE-2017-10295 SUSE bug 1064075 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). Important CVE-2017-10309 SUSE bug 1064076 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-10320 SUSE bug 1064113 SUSE bug 1064119 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). Low CVE-2017-10345 SUSE bug 1064077 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-10346 SUSE bug 1064078 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10347 SUSE bug 1064079 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10348 SUSE bug 1064080 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10349 SUSE bug 1064081 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10350 SUSE bug 1064082 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10355 SUSE bug 1064083 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Moderate CVE-2017-10356 SUSE bug 1064084 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2017-10357 SUSE bug 1064085 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). Low CVE-2017-10365 SUSE bug 1064114 SUSE bug 1064119 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-10378 SUSE bug 1064115 SUSE bug 1064119 SUSE bug 1076505 SUSE bug 1076506 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Moderate CVE-2017-10379 SUSE bug 1064116 SUSE bug 1064119 SUSE bug 1076506 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-10384 SUSE bug 1064117 SUSE bug 1064119 SUSE bug 1076506 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Moderate CVE-2017-10388 SUSE bug 1064086 SUSE bug 1070162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. Moderate CVE-2017-10661 SUSE bug 1053152 SUSE bug 1053153 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. Moderate CVE-2017-10662 SUSE bug 1053154 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. Moderate CVE-2017-10663 SUSE bug 1053155 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. Moderate CVE-2017-10664 SUSE bug 1046636 SUSE bug 1046637 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. Moderate CVE-2017-10672 SUSE bug 1046848 SUSE bug 1069732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. Moderate CVE-2017-10684 SUSE bug 1046858 SUSE bug 1115932 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. Moderate CVE-2017-10685 SUSE bug 1046853 SUSE bug 1115932 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. Moderate CVE-2017-10784 SUSE bug 1058754 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. Moderate CVE-2017-10790 SUSE bug 1047002 SUSE bug 1047453 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). Moderate CVE-2017-10799 SUSE bug 1047054 SUSE bug 1050116 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. Moderate CVE-2017-10800 SUSE bug 1047044 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. Moderate CVE-2017-10806 SUSE bug 1047674 SUSE bug 1047675 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. Moderate CVE-2017-10810 SUSE bug 1047277 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. Moderate CVE-2017-10911 SUSE bug 1042863 SUSE bug 1043330 SUSE bug 1057378 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. Important CVE-2017-10919 SUSE bug 1047275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. Important CVE-2017-10923 SUSE bug 1047273 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. Moderate CVE-2017-10928 SUSE bug 1047356 SUSE bug 1047359 SUSE bug 1056277 SUSE bug 1060176 SUSE bug 1096261 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. Moderate CVE-2017-10971 SUSE bug 1035283 SUSE bug 1047730 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. Moderate CVE-2017-10972 SUSE bug 1035283 SUSE bug 1047730 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. Moderate CVE-2017-10978 SUSE bug 1049086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. Moderate CVE-2017-10983 SUSE bug 1049086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. Moderate CVE-2017-10984 SUSE bug 1049086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. Moderate CVE-2017-10985 SUSE bug 1049086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. Moderate CVE-2017-10987 SUSE bug 1049086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2017-10988 SUSE bug 1049086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. Moderate CVE-2017-10989 SUSE bug 1131919 SUSE bug 1132045 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. Moderate CVE-2017-10995 SUSE bug 1047908 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. Moderate CVE-2017-11102 SUSE bug 1047910 SUSE bug 1057000 SUSE bug 1107619 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. Important CVE-2017-11103 SUSE bug 1048278 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. Moderate CVE-2017-11108 SUSE bug 1047873 SUSE bug 1057247 SUSE bug 1123142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. Moderate CVE-2017-11112 SUSE bug 1046853 SUSE bug 1047964 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. Moderate CVE-2017-11113 SUSE bug 1046853 SUSE bug 1047965 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. Moderate CVE-2017-11140 SUSE bug 1047900 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call. Moderate CVE-2017-11141 SUSE bug 1047898 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. Moderate CVE-2017-11166 SUSE bug 1048110 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. Moderate CVE-2017-11170 SUSE bug 1048110 SUSE bug 1048272 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. Moderate CVE-2017-11171 SUSE bug 1025068 SUSE bug 1048274 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. Moderate CVE-2017-11176 SUSE bug 1048275 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. Important CVE-2017-11185 SUSE bug 1051222 SUSE bug 1107874 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. Moderate CVE-2017-11188 SUSE bug 1048457 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. Low CVE-2017-11331 SUSE bug 1081744 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. Moderate CVE-2017-11334 SUSE bug 1048902 SUSE bug 1048920 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. Moderate CVE-2017-11336 SUSE bug 1048883 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. Important CVE-2017-11337 SUSE bug 1048883 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. Important CVE-2017-11338 SUSE bug 1048883 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. Important CVE-2017-11339 SUSE bug 1048883 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. Important CVE-2017-11340 SUSE bug 1048883 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144. Moderate CVE-2017-11352 SUSE bug 1048936 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. Moderate CVE-2017-11360 SUSE bug 1019611 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. Moderate CVE-2017-11368 SUSE bug 1049819 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. Moderate CVE-2017-11403 SUSE bug 1049072 SUSE bug 1053809 SUSE bug 1053919 SUSE bug 1054600 SUSE bug 1057000 SUSE bug 1084062 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. Moderate CVE-2017-11406 SUSE bug 1049255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. Moderate CVE-2017-11407 SUSE bug 1049255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. Moderate CVE-2017-11408 SUSE bug 1049255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. Moderate CVE-2017-11410 SUSE bug 1033938 SUSE bug 1049255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. Moderate CVE-2017-11411 SUSE bug 1049255 SUSE bug 1049621 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. Moderate CVE-2017-11423 SUSE bug 1049423 SUSE bug 1083915 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. Important CVE-2017-11434 SUSE bug 1049381 SUSE bug 1049578 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. Moderate CVE-2017-11446 SUSE bug 1049379 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. Moderate CVE-2017-11447 SUSE bug 1049377 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. Moderate CVE-2017-11448 SUSE bug 1049375 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. Moderate CVE-2017-11449 SUSE bug 1049373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. Moderate CVE-2017-11450 SUSE bug 1049374 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. Moderate CVE-2017-11462 SUSE bug 1056995 SUSE bug 1122468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. Low CVE-2017-11464 SUSE bug 1049607 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. Moderate CVE-2017-11465 SUSE bug 1049589 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. Low CVE-2017-11472 SUSE bug 1049580 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table. Moderate CVE-2017-11473 SUSE bug 1049603 SUSE bug 1061680 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. Important CVE-2017-11478 SUSE bug 1049796 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Moderate CVE-2017-11479 SUSE bug 1044849 SUSE bug 1075536 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Moderate CVE-2017-11481 SUSE bug 1044849 SUSE bug 1072315 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. Moderate CVE-2017-11499 SUSE bug 1044849 SUSE bug 1048299 SUSE bug 1051117 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file. Moderate CVE-2017-11505 SUSE bug 1050072 SUSE bug 1050100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Moderate CVE-2017-11522 SUSE bug 1050076 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. Important CVE-2017-11523 SUSE bug 1050083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. Important CVE-2017-11524 SUSE bug 1050087 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Moderate CVE-2017-11525 SUSE bug 1050098 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. Moderate CVE-2017-11526 SUSE bug 1050072 SUSE bug 1050100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Moderate CVE-2017-11527 SUSE bug 1047054 SUSE bug 1050116 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-11528 SUSE bug 1050119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-11529 SUSE bug 1050120 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Moderate CVE-2017-11530 SUSE bug 1050122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. Moderate CVE-2017-11531 SUSE bug 1050126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. Moderate CVE-2017-11532 SUSE bug 1050129 SUSE bug 1050623 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. Moderate CVE-2017-11533 SUSE bug 1050132 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. Moderate CVE-2017-11534 SUSE bug 1050135 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. Important CVE-2017-11535 SUSE bug 1050139 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. Moderate CVE-2017-11536 SUSE bug 1050056 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. Important CVE-2017-11537 SUSE bug 1050048 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. Moderate CVE-2017-11538 SUSE bug 1050043 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. Important CVE-2017-11539 SUSE bug 1050037 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. Moderate CVE-2017-11540 SUSE bug 1050144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. Moderate CVE-2017-11541 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 SUSE bug 1123142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. Moderate CVE-2017-11542 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 SUSE bug 1123142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. Important CVE-2017-11543 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 SUSE bug 1123142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2017-11545 SUSE bug 1050219 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. Moderate CVE-2017-11548 SUSE bug 1081767 SUSE bug 1081784 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. Moderate CVE-2017-11553 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 SUSE bug 1103870 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. Moderate CVE-2017-11592 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 SUSE bug 1103872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. Important CVE-2017-11600 SUSE bug 1050231 SUSE bug 1096564 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. Important CVE-2017-11610 SUSE bug 1051136 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. Low CVE-2017-11613 SUSE bug 1082332 SUSE bug 1106853 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." Important CVE-2017-11624 SUSE bug 1050581 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop." Important CVE-2017-11625 SUSE bug 1050579 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." Low CVE-2017-11626 SUSE bug 1050578 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop." Important CVE-2017-11627 SUSE bug 1050577 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. Moderate CVE-2017-11636 SUSE bug 1050674 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. Moderate CVE-2017-11637 SUSE bug 1050669 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. Moderate CVE-2017-11638 SUSE bug 1050617 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. Moderate CVE-2017-11639 SUSE bug 1050635 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. Moderate CVE-2017-11640 SUSE bug 1050632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. Moderate CVE-2017-11641 SUSE bug 1050129 SUSE bug 1050623 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. Moderate CVE-2017-11642 SUSE bug 1050617 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. Moderate CVE-2017-11643 SUSE bug 1050611 SUSE bug 1050674 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. Low CVE-2017-11644 SUSE bug 1050606 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. Moderate CVE-2017-11671 SUSE bug 1050947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. Moderate CVE-2017-11714 SUSE bug 1051184 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. Low CVE-2017-11722 SUSE bug 1051411 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. Important CVE-2017-11724 SUSE bug 1051446 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Moderate CVE-2017-11750 SUSE bug 1047910 SUSE bug 1051442 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. Important CVE-2017-11751 SUSE bug 1051412 SUSE bug 1051416 SUSE bug 1051430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-11752 SUSE bug 1051441 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file. Moderate CVE-2017-11753 SUSE bug 1052488 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. Low CVE-2017-12132 SUSE bug 1051791 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. Moderate CVE-2017-12133 SUSE bug 1081556 SUSE bug 980854 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. Moderate CVE-2017-12134 SUSE bug 1051790 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. Important CVE-2017-12135 SUSE bug 1051787 SUSE bug 1169392 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. Moderate CVE-2017-12136 SUSE bug 1051789 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. Important CVE-2017-12137 SUSE bug 1051788 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. Moderate CVE-2017-12140 SUSE bug 1051847 SUSE bug 1052764 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-12143 SUSE bug 1051859 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-12145 SUSE bug 1051855 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as. Important CVE-2017-12148 SUSE bug 1059326 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Moderate CVE-2017-12150 SUSE bug 1058622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. Important CVE-2017-12151 SUSE bug 1058565 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. Moderate CVE-2017-12153 SUSE bug 1058410 SUSE bug 1058624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. Moderate CVE-2017-12154 SUSE bug 1058038 SUSE bug 1058507 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Moderate CVE-2017-12163 SUSE bug 1058410 SUSE bug 1058624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen. Moderate CVE-2017-12164 SUSE bug 1058136 SUSE bug 1180206 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. Critical CVE-2017-12166 SUSE bug 1060877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). Moderate CVE-2017-12168 SUSE bug 1059448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. Important CVE-2017-12172 SUSE bug 1062538 SUSE bug 1062722 SUSE bug 1185814 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. Low CVE-2017-12173 SUSE bug 1061832 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12176 SUSE bug 1063041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12177 SUSE bug 1063040 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12178 SUSE bug 1063039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12179 SUSE bug 1063038 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12180 SUSE bug 1063037 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12181 SUSE bug 1063037 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12182 SUSE bug 1063037 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12183 SUSE bug 1063035 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12184 SUSE bug 1063034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12185 SUSE bug 1063034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12186 SUSE bug 1063034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. Moderate CVE-2017-12187 SUSE bug 1063034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." Important CVE-2017-12188 SUSE bug 1062604 SUSE bug 1096566 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. Moderate CVE-2017-12193 SUSE bug 1066192 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition. Important CVE-2017-12374 SUSE bug 1077732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device. Important CVE-2017-12375 SUSE bug 1077732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code. Important CVE-2017-12376 SUSE bug 1077732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device. Important CVE-2017-12377 SUSE bug 1077732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device. Important CVE-2017-12378 SUSE bug 1077732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device. Important CVE-2017-12379 SUSE bug 1077732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition. Important CVE-2017-12380 SUSE bug 1077732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. Low CVE-2017-12418 SUSE bug 1052207 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. Moderate CVE-2017-12424 SUSE bug 1052261 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function. Moderate CVE-2017-12427 SUSE bug 1052248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. Moderate CVE-2017-12428 SUSE bug 1052249 SUSE bug 1052253 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12429 SUSE bug 1052251 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12430 SUSE bug 1052251 SUSE bug 1052252 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. Important CVE-2017-12431 SUSE bug 1052249 SUSE bug 1052253 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12432 SUSE bug 1052254 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. Moderate CVE-2017-12433 SUSE bug 1052545 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c. Moderate CVE-2017-12434 SUSE bug 1052550 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12435 SUSE bug 1052553 SUSE bug 1057508 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. Moderate CVE-2017-12440 SUSE bug 1052604 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. Moderate CVE-2017-12448 SUSE bug 1052518 SUSE bug 1059785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. Moderate CVE-2017-12450 SUSE bug 1052514 SUSE bug 1059785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. Low CVE-2017-12452 SUSE bug 1052511 SUSE bug 1059785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. Low CVE-2017-12453 SUSE bug 1052509 SUSE bug 1059785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. Low CVE-2017-12454 SUSE bug 1052507 SUSE bug 1059785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. Low CVE-2017-12456 SUSE bug 1052503 SUSE bug 1059785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Moderate CVE-2017-12562 SUSE bug 1052476 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12563 SUSE bug 1052460 SUSE bug 1072901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12564 SUSE bug 1052468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12565 SUSE bug 1047910 SUSE bug 1052470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c. Moderate CVE-2017-12566 SUSE bug 1052472 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c. Moderate CVE-2017-12587 SUSE bug 1052450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact. Moderate CVE-2017-12588 SUSE bug 1051798 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc. Low CVE-2017-12595 SUSE bug 1055960 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. Moderate CVE-2017-12596 SUSE bug 1052522 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka. Moderate CVE-2017-12610 SUSE bug 1102917 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Moderate CVE-2017-12613 SUSE bug 1064982 SUSE bug 1190072 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Moderate CVE-2017-12616 SUSE bug 1059551 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Moderate CVE-2017-12617 SUSE bug 1059554 SUSE bug 1180947 SUSE bug 1189861 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. Moderate CVE-2017-12618 SUSE bug 1064990 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. Important CVE-2017-12627 SUSE bug 1083630 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. Important CVE-2017-12636 SUSE bug 1068386 SUSE bug 1100973 SUSE bug 1104204 SUSE bug 1119720 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. Moderate CVE-2017-12640 SUSE bug 1052781 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. Moderate CVE-2017-12641 SUSE bug 1052777 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. Moderate CVE-2017-12642 SUSE bug 1052771 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c. Moderate CVE-2017-12643 SUSE bug 1052768 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. Moderate CVE-2017-12644 SUSE bug 1051847 SUSE bug 1052764 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libpng before 1.6.32 does not properly check the length of chunks against the user limit. Low CVE-2017-12652 SUSE bug 1141493 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-12654 SUSE bug 1052761 SUSE bug 1074119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. Moderate CVE-2017-12662 SUSE bug 1052758 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. Moderate CVE-2017-12663 SUSE bug 1052754 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. Moderate CVE-2017-12664 SUSE bug 1052750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. Moderate CVE-2017-12665 SUSE bug 1052747 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. Moderate CVE-2017-12667 SUSE bug 1052732 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. Moderate CVE-2017-12668 SUSE bug 1052688 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. Moderate CVE-2017-12669 SUSE bug 1052689 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12670 SUSE bug 1052731 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12671 SUSE bug 1052721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12672 SUSE bug 1052720 SUSE bug 1055434 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12673 SUSE bug 1052717 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12674 SUSE bug 1052711 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12675 SUSE bug 1052710 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. Moderate CVE-2017-12676 SUSE bug 1052708 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Moderate CVE-2017-12678 SUSE bug 1052699 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Moderate CVE-2017-12691 SUSE bug 1053955 SUSE bug 1058422 SUSE bug 1082363 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. Moderate CVE-2017-12692 SUSE bug 1053955 SUSE bug 1082362 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. Moderate CVE-2017-12693 SUSE bug 1053955 SUSE bug 1082348 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. Moderate CVE-2017-12794 SUSE bug 1056284 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. Low CVE-2017-12799 SUSE bug 1053347 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. Low CVE-2017-12805 SUSE bug 1135236 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. Moderate CVE-2017-12809 SUSE bug 1054724 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. Important CVE-2017-12814 SUSE bug 1057727 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." Important CVE-2017-12836 SUSE bug 1052481 SUSE bug 1052696 SUSE bug 1052932 SUSE bug 1053364 SUSE bug 1054653 SUSE bug 1066430 SUSE bug 1071709 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. Moderate CVE-2017-12837 SUSE bug 1057724 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. Moderate CVE-2017-12855 SUSE bug 1052686 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. Moderate CVE-2017-12858 SUSE bug 1055377 SUSE bug 1184178 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. Low CVE-2017-12875 SUSE bug 1056988 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. Moderate CVE-2017-12876 SUSE bug 1054034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. Critical CVE-2017-12877 SUSE bug 1054029 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11424. Reason: This candidate is a duplicate of CVE-2017-11424. Notes: All CVE users should reference CVE-2017-11424 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2017-12880 SUSE bug 1054106 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. Moderate CVE-2017-12883 SUSE bug 1057721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. Important CVE-2017-1289 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). Moderate CVE-2017-12893 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). Moderate CVE-2017-12894 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). Moderate CVE-2017-12895 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). Moderate CVE-2017-12896 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). Moderate CVE-2017-12897 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). Moderate CVE-2017-12898 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). Moderate CVE-2017-12899 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). Moderate CVE-2017-12900 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). Moderate CVE-2017-12901 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. Moderate CVE-2017-12902 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. Moderate CVE-2017-12935 SUSE bug 1054598 SUSE bug 1054600 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. Moderate CVE-2017-12938 SUSE bug 1054038 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. Moderate CVE-2017-12940 SUSE bug 1054038 SUSE bug 1196772 SUSE bug 1196774 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. Moderate CVE-2017-12941 SUSE bug 1054038 SUSE bug 1196772 SUSE bug 1196774 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. Moderate CVE-2017-12942 SUSE bug 1054038 SUSE bug 1054600 SUSE bug 1196772 SUSE bug 1196774 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. Moderate CVE-2017-12944 SUSE bug 1003874 SUSE bug 1054594 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. Low CVE-2017-12955 SUSE bug 1054593 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. Low CVE-2017-12956 SUSE bug 1054592 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. Moderate CVE-2017-12957 SUSE bug 1054590 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. Moderate CVE-2017-12967 SUSE bug 1054665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. Moderate CVE-2017-12982 SUSE bug 1054696 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Moderate CVE-2017-12983 SUSE bug 1054757 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). Moderate CVE-2017-12985 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). Moderate CVE-2017-12986 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). Moderate CVE-2017-12987 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). Moderate CVE-2017-12988 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). Moderate CVE-2017-12989 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. Moderate CVE-2017-12990 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). Moderate CVE-2017-12991 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). Moderate CVE-2017-12992 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. Moderate CVE-2017-12993 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). Moderate CVE-2017-12994 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). Moderate CVE-2017-12995 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). Moderate CVE-2017-12996 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). Moderate CVE-2017-12997 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). Moderate CVE-2017-12998 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). Moderate CVE-2017-12999 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). Moderate CVE-2017-13000 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). Moderate CVE-2017-13001 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). Moderate CVE-2017-13002 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). Moderate CVE-2017-13003 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). Moderate CVE-2017-13004 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). Moderate CVE-2017-13005 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. Moderate CVE-2017-13006 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). Moderate CVE-2017-13007 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). Moderate CVE-2017-13008 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). Moderate CVE-2017-13009 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). Moderate CVE-2017-13010 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). Moderate CVE-2017-13011 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 SUSE bug 1123142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). Moderate CVE-2017-13012 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. Moderate CVE-2017-13013 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. Moderate CVE-2017-13014 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). Moderate CVE-2017-13015 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). Moderate CVE-2017-13016 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). Moderate CVE-2017-13017 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Moderate CVE-2017-13018 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Moderate CVE-2017-13019 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). Moderate CVE-2017-13020 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). Moderate CVE-2017-13021 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). Moderate CVE-2017-13022 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). Moderate CVE-2017-13023 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). Moderate CVE-2017-13024 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). Moderate CVE-2017-13025 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. Moderate CVE-2017-13026 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). Moderate CVE-2017-13027 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). Moderate CVE-2017-13028 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). Moderate CVE-2017-13029 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. Moderate CVE-2017-13030 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). Moderate CVE-2017-13031 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). Moderate CVE-2017-13032 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). Moderate CVE-2017-13033 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). Moderate CVE-2017-13034 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). Moderate CVE-2017-13035 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). Moderate CVE-2017-13036 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). Moderate CVE-2017-13037 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). Moderate CVE-2017-13038 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. Moderate CVE-2017-13039 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. Moderate CVE-2017-13040 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). Moderate CVE-2017-13041 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). Moderate CVE-2017-13042 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). Moderate CVE-2017-13043 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). Moderate CVE-2017-13044 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). Moderate CVE-2017-13045 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). Moderate CVE-2017-13046 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). Moderate CVE-2017-13047 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). Moderate CVE-2017-13048 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). Moderate CVE-2017-13049 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). Moderate CVE-2017-13050 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). Moderate CVE-2017-13051 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). Moderate CVE-2017-13052 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). Moderate CVE-2017-13053 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). Moderate CVE-2017-13054 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). Moderate CVE-2017-13055 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-13058 SUSE bug 1055069 SUSE bug 1111072 SUSE bug 1117463 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. Moderate CVE-2017-13059 SUSE bug 1055068 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-13060 SUSE bug 1055065 SUSE bug 1055434 SUSE bug 1076021 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. Moderate CVE-2017-13061 SUSE bug 1055063 SUSE bug 1072901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. Moderate CVE-2017-13062 SUSE bug 1055053 SUSE bug 1055055 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. Important CVE-2017-13063 SUSE bug 1054598 SUSE bug 1054600 SUSE bug 1055038 SUSE bug 1055050 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. Important CVE-2017-13064 SUSE bug 1054598 SUSE bug 1054600 SUSE bug 1055042 SUSE bug 1055050 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. Moderate CVE-2017-13065 SUSE bug 1054598 SUSE bug 1054600 SUSE bug 1055038 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. Low CVE-2017-13066 SUSE bug 1036988 SUSE bug 1055010 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. Important CVE-2017-13078 SUSE bug 1056061 SUSE bug 1063479 SUSE bug 1063667 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. Important CVE-2017-13079 SUSE bug 1056061 SUSE bug 1063479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Important CVE-2017-13080 SUSE bug 1056061 SUSE bug 1063479 SUSE bug 1063667 SUSE bug 1063671 SUSE bug 1066295 SUSE bug 1105108 SUSE bug 1178872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. Important CVE-2017-13081 SUSE bug 1056061 SUSE bug 1063479 SUSE bug 1066295 SUSE bug 1105108 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Important CVE-2017-13087 SUSE bug 1056061 SUSE bug 1063479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Important CVE-2017-13088 SUSE bug 1056061 SUSE bug 1063479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. Important CVE-2017-13089 SUSE bug 1064715 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. Important CVE-2017-13090 SUSE bug 1064716 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. Moderate CVE-2017-13131 SUSE bug 1055229 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. Moderate CVE-2017-13132 SUSE bug 1055226 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. Important CVE-2017-13133 SUSE bug 1055219 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-13134 SUSE bug 1055214 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. Important CVE-2017-13139 SUSE bug 1055430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. Moderate CVE-2017-13140 SUSE bug 1053919 SUSE bug 1055458 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. Moderate CVE-2017-13141 SUSE bug 1055456 SUSE bug 1060162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. Moderate CVE-2017-13142 SUSE bug 1055455 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. Moderate CVE-2017-13144 SUSE bug 1055437 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. Moderate CVE-2017-13145 SUSE bug 1055464 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. Moderate CVE-2017-13146 SUSE bug 1055323 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. Moderate CVE-2017-13147 SUSE bug 1055374 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. Moderate CVE-2017-13166 SUSE bug 1072865 SUSE bug 1085447 SUSE bug 1087082 SUSE bug 1091815 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. Moderate CVE-2017-13168 SUSE bug 1072831 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201. Moderate CVE-2017-13194 SUSE bug 1075992 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. Moderate CVE-2017-13215 SUSE bug 1075908 SUSE bug 1091815 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053. Moderate CVE-2017-13220 SUSE bug 1076537 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938. Important CVE-2017-13221 SUSE bug 1076600 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. Moderate CVE-2017-13305 SUSE bug 1094353 SUSE bug 1105412 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. Moderate CVE-2017-13648 SUSE bug 1054598 SUSE bug 1054600 SUSE bug 1055434 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. Moderate CVE-2017-13658 SUSE bug 1055855 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. Low CVE-2017-13672 SUSE bug 1056334 SUSE bug 1056336 SUSE bug 1084604 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. Low CVE-2017-13673 SUSE bug 1056386 SUSE bug 1056387 SUSE bug 1084604 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Moderate CVE-2017-13685 SUSE bug 1056541 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. Moderate CVE-2017-13686 SUSE bug 1053919 SUSE bug 1055631 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). Moderate CVE-2017-13687 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). Moderate CVE-2017-13688 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). Moderate CVE-2017-13689 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. Moderate CVE-2017-13690 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. Low CVE-2017-13693 SUSE bug 1055713 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. Low CVE-2017-13694 SUSE bug 1055705 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. Low CVE-2017-13695 SUSE bug 1055710 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Important CVE-2017-13704 SUSE bug 1060586 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. Low CVE-2017-13711 SUSE bug 1056291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. Moderate CVE-2017-13720 SUSE bug 1054285 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. Moderate CVE-2017-13721 SUSE bug 1051150 SUSE bug 1052984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. Moderate CVE-2017-13722 SUSE bug 1049692 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. Moderate CVE-2017-13723 SUSE bug 1051150 SUSE bug 1052984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). Moderate CVE-2017-13725 SUSE bug 1050219 SUSE bug 1050222 SUSE bug 1050225 SUSE bug 1057247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. Moderate CVE-2017-13728 SUSE bug 1056136 SUSE bug 1069530 SUSE bug 1115932 SUSE bug 1123132 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. Moderate CVE-2017-13729 SUSE bug 1056132 SUSE bug 1069530 SUSE bug 1115932 SUSE bug 1123132 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. Moderate CVE-2017-13730 SUSE bug 1056131 SUSE bug 1069530 SUSE bug 1115932 SUSE bug 1123132 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. Moderate CVE-2017-13731 SUSE bug 1056129 SUSE bug 1069530 SUSE bug 1115932 SUSE bug 1123132 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Moderate CVE-2017-13732 SUSE bug 1056128 SUSE bug 1069530 SUSE bug 1115932 SUSE bug 1123132 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. Moderate CVE-2017-13733 SUSE bug 1056127 SUSE bug 1069530 SUSE bug 1115932 SUSE bug 1123132 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. Moderate CVE-2017-13734 SUSE bug 1056126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. Moderate CVE-2017-13738 SUSE bug 1056105 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. Moderate CVE-2017-13739 SUSE bug 1056101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. Moderate CVE-2017-13740 SUSE bug 1056097 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. Moderate CVE-2017-13741 SUSE bug 1056095 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. Moderate CVE-2017-13743 SUSE bug 1056090 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. Moderate CVE-2017-13744 SUSE bug 1056088 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154. Moderate CVE-2017-13745 SUSE bug 1053919 SUSE bug 1056069 SUSE bug 1092115 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. Moderate CVE-2017-13746 SUSE bug 1053919 SUSE bug 1056068 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Moderate CVE-2017-13747 SUSE bug 1053919 SUSE bug 1056067 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. Moderate CVE-2017-13748 SUSE bug 1053919 SUSE bug 1056066 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Moderate CVE-2017-13749 SUSE bug 1053919 SUSE bug 1056065 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. Moderate CVE-2017-13750 SUSE bug 1053919 SUSE bug 1056064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Moderate CVE-2017-13751 SUSE bug 1053919 SUSE bug 1056063 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. Moderate CVE-2017-13752 SUSE bug 1053919 SUSE bug 1056062 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9396. Reason: This candidate is a duplicate of CVE-2016-9396. Notes: All CVE users should reference CVE-2016-9396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2017-13753 SUSE bug 1053919 SUSE bug 1056060 SUSE bug 1082397 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. Moderate CVE-2017-13757 SUSE bug 1056312 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. Moderate CVE-2017-13758 SUSE bug 1056277 SUSE bug 1096261 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. Moderate CVE-2017-13764 SUSE bug 1056250 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. Moderate CVE-2017-13765 SUSE bug 1056251 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. Moderate CVE-2017-13766 SUSE bug 1056249 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. Moderate CVE-2017-13767 SUSE bug 1056248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. Moderate CVE-2017-13768 SUSE bug 1056434 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. Moderate CVE-2017-13769 SUSE bug 1056432 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. Moderate CVE-2017-13775 SUSE bug 1056431 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. Moderate CVE-2017-13777 SUSE bug 1056426 SUSE bug 1057719 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-13788 SUSE bug 1069925 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-13797 SUSE bug 1074985 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-13798 SUSE bug 1069925 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-13803 SUSE bug 1069925 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-13856 SUSE bug 1073654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-13866 SUSE bug 1073654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-13870 SUSE bug 1073654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. Moderate CVE-2017-14033 SUSE bug 1058757 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. Moderate CVE-2017-14039 SUSE bug 1056622 SUSE bug 1057511 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. Moderate CVE-2017-14040 SUSE bug 1056621 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. Moderate CVE-2017-14041 SUSE bug 1056562 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. Moderate CVE-2017-14042 SUSE bug 1054598 SUSE bug 1054600 SUSE bug 1056550 SUSE bug 1059721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. Moderate CVE-2017-14051 SUSE bug 1056588 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. Moderate CVE-2017-14060 SUSE bug 1056768 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Moderate CVE-2017-14064 SUSE bug 1056782 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. Moderate CVE-2017-14103 SUSE bug 1057000 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. Low CVE-2017-14106 SUSE bug 1056982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. Moderate CVE-2017-14107 SUSE bug 1056996 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. Low CVE-2017-14108 SUSE bug 1057184 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. Low CVE-2017-14120 SUSE bug 1057003 SUSE bug 1138468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references. Low CVE-2017-14121 SUSE bug 1057004 SUSE bug 1138468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. Important CVE-2017-14122 SUSE bug 1057005 SUSE bug 1138468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-14128 SUSE bug 1057139 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-14129 SUSE bug 1057144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-14130 SUSE bug 1057149 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. Low CVE-2017-14132 SUSE bug 1057152 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. Moderate CVE-2017-14137 SUSE bug 1057153 SUSE bug 1057157 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. Moderate CVE-2017-14138 SUSE bug 1057153 SUSE bug 1057157 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. Moderate CVE-2017-14139 SUSE bug 1057163 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. Low CVE-2017-14140 SUSE bug 1057179 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. Moderate CVE-2017-14151 SUSE bug 1057336 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. Moderate CVE-2017-14152 SUSE bug 1057335 SUSE bug 1057511 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. Moderate CVE-2017-14156 SUSE bug 1057347 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. Moderate CVE-2017-14159 SUSE bug 1057340 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. Moderate CVE-2017-14160 SUSE bug 1059812 SUSE bug 1091072 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. Moderate CVE-2017-14164 SUSE bug 1057511 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. Moderate CVE-2017-14166 SUSE bug 1057514 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. Low CVE-2017-14167 SUSE bug 1057585 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. Low CVE-2017-14172 SUSE bug 1057730 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. Low CVE-2017-14173 SUSE bug 1057729 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. Low CVE-2017-14174 SUSE bug 1057723 SUSE bug 1072901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. Moderate CVE-2017-14175 SUSE bug 1056426 SUSE bug 1056429 SUSE bug 1057719 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. Low CVE-2017-14224 SUSE bug 1058009 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. Moderate CVE-2017-14229 SUSE bug 1058000 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. Moderate CVE-2017-14245 SUSE bug 1059912 SUSE bug 1071777 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. Moderate CVE-2017-14246 SUSE bug 1059913 SUSE bug 1071767 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. Low CVE-2017-14248 SUSE bug 1058220 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. Low CVE-2017-14249 SUSE bug 1058082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. Low CVE-2017-14314 SUSE bug 1058630 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. Important CVE-2017-14316 SUSE bug 1056278 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). Moderate CVE-2017-14317 SUSE bug 1056281 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct. Moderate CVE-2017-14318 SUSE bug 1056280 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. Important CVE-2017-14319 SUSE bug 1056282 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-14324 SUSE bug 1058453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. Low CVE-2017-14325 SUSE bug 1058635 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. Low CVE-2017-14326 SUSE bug 1058640 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. Low CVE-2017-14333 SUSE bug 1058480 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. Moderate CVE-2017-14340 SUSE bug 1058524 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. Low CVE-2017-14341 SUSE bug 1058637 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. Low CVE-2017-14342 SUSE bug 1058485 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. Low CVE-2017-14343 SUSE bug 1058422 SUSE bug 1082363 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. Low CVE-2017-14400 SUSE bug 1058435 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. Important CVE-2017-14461 SUSE bug 1082826 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). Moderate CVE-2017-14482 SUSE bug 1058425 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. Moderate CVE-2017-14489 SUSE bug 1059051 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Moderate CVE-2017-14491 SUSE bug 1060354 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 SUSE bug 1063832 SUSE bug 1143944 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Moderate CVE-2017-14492 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 SUSE bug 1063832 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. Moderate CVE-2017-14493 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 SUSE bug 1063832 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. Moderate CVE-2017-14494 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. Important CVE-2017-14495 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. Important CVE-2017-14496 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. Critical CVE-2017-14497 SUSE bug 1059058 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. Moderate CVE-2017-14501 SUSE bug 1059139 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. Moderate CVE-2017-14502 SUSE bug 1059134 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. Moderate CVE-2017-14505 SUSE bug 1059735 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. Moderate CVE-2017-14517 SUSE bug 1059066 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. Moderate CVE-2017-14518 SUSE bug 1059101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. Moderate CVE-2017-14520 SUSE bug 1059155 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. Moderate CVE-2017-14528 SUSE bug 1059670 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. Moderate CVE-2017-14529 SUSE bug 1059050 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. Moderate CVE-2017-14531 SUSE bug 1057508 SUSE bug 1059666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. Moderate CVE-2017-14532 SUSE bug 1059663 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. Moderate CVE-2017-14533 SUSE bug 1059751 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. Moderate CVE-2017-14607 SUSE bug 1059778 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. Moderate CVE-2017-14624 SUSE bug 1059772 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. Moderate CVE-2017-14625 SUSE bug 1059770 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. Moderate CVE-2017-14626 SUSE bug 1059767 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. Moderate CVE-2017-14632 SUSE bug 1059809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). Moderate CVE-2017-14633 SUSE bug 1059811 SUSE bug 1081833 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. Moderate CVE-2017-14634 SUSE bug 1059911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). Moderate CVE-2017-14649 SUSE bug 1060162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. Moderate CVE-2017-14682 SUSE bug 1047356 SUSE bug 1060176 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. Moderate CVE-2017-14684 SUSE bug 1060177 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. Moderate CVE-2017-14729 SUSE bug 1060621 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Moderate CVE-2017-14733 SUSE bug 1060577 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. Moderate CVE-2017-14739 SUSE bug 1060382 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. Moderate CVE-2017-14745 SUSE bug 1060599 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Important CVE-2017-14746 SUSE bug 1060427 SUSE bug 1069666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. Important CVE-2017-14798 SUSE bug 1062722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. Low CVE-2017-14857 SUSE bug 1061013 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. Low CVE-2017-14858 SUSE bug 1061025 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Low CVE-2017-14859 SUSE bug 1061000 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. Low CVE-2017-14860 SUSE bug 1061023 SUSE bug 1061025 SUSE bug 1068871 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. Low CVE-2017-14861 SUSE bug 1060997 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. Low CVE-2017-14863 SUSE bug 1061031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. Low CVE-2017-14865 SUSE bug 1061003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. Low CVE-2017-14866 SUSE bug 1060994 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. Important CVE-2017-14867 SUSE bug 1060377 SUSE bug 1060378 SUSE bug 1061041 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. Moderate CVE-2017-14919 SUSE bug 1059050 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. Important CVE-2017-14926 SUSE bug 1061095 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. Moderate CVE-2017-14927 SUSE bug 1061094 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. Moderate CVE-2017-14928 SUSE bug 1061092 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. Moderate CVE-2017-14929 SUSE bug 1059050 SUSE bug 1061091 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Moderate CVE-2017-14952 SUSE bug 1067203 SUSE bug 1123121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call. Moderate CVE-2017-14954 SUSE bug 1061284 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." Moderate CVE-2017-14970 SUSE bug 1061310 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. Moderate CVE-2017-14974 SUSE bug 1061241 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. Moderate CVE-2017-14975 SUSE bug 1061263 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. Moderate CVE-2017-14976 SUSE bug 1061264 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. Moderate CVE-2017-14977 SUSE bug 1061265 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid. Moderate CVE-2017-14988 SUSE bug 1061305 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. Moderate CVE-2017-14989 SUSE bug 1061254 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. Moderate CVE-2017-14994 SUSE bug 1061587 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. Low CVE-2017-15015 SUSE bug 1082289 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. Low CVE-2017-15016 SUSE bug 1082291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. Low CVE-2017-15017 SUSE bug 1082283 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. Moderate CVE-2017-15023 SUSE bug 1061623 SUSE bug 1065689 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Moderate CVE-2017-15032 SUSE bug 1061868 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. Moderate CVE-2017-15033 SUSE bug 1061873 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. Low CVE-2017-15038 SUSE bug 1062069 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat. Important CVE-2017-15088 SUSE bug 1065274 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Moderate CVE-2017-15095 SUSE bug 1192165 SUSE bug 1193944 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. Important CVE-2017-15098 SUSE bug 1067844 SUSE bug 1185814 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. Important CVE-2017-15099 SUSE bug 1067841 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. Important CVE-2017-15101 SUSE bug 1067336 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. Moderate CVE-2017-15107 SUSE bug 1076958 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. Important CVE-2017-15108 SUSE bug 1070724 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. Moderate CVE-2017-15115 SUSE bug 1068671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. Important CVE-2017-15118 SUSE bug 1070147 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. Low CVE-2017-15119 SUSE bug 1070144 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Moderate CVE-2017-15121 SUSE bug 1071726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Moderate CVE-2017-15124 SUSE bug 1073489 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put(). Important CVE-2017-15126 SUSE bug 1073108 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). Moderate CVE-2017-15127 SUSE bug 1073113 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). Moderate CVE-2017-15128 SUSE bug 1073112 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. Moderate CVE-2017-15129 SUSE bug 1074839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. Moderate CVE-2017-15130 SUSE bug 1082828 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux. Low CVE-2017-15131 SUSE bug 1075378 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. Moderate CVE-2017-15132 SUSE bug 1075608 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. Moderate CVE-2017-15139 SUSE bug 1105476 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. Important CVE-2017-15191 SUSE bug 1062645 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. Important CVE-2017-15192 SUSE bug 1062645 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. Important CVE-2017-15193 SUSE bug 1062645 SUSE bug 983671 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. Moderate CVE-2017-15217 SUSE bug 1062750 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. Moderate CVE-2017-15218 SUSE bug 1047910 SUSE bug 1062752 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Moderate CVE-2017-15232 SUSE bug 1062937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. Moderate CVE-2017-15238 SUSE bug 1067198 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. Moderate CVE-2017-15265 SUSE bug 1062520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. Moderate CVE-2017-15268 SUSE bug 1062942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. Moderate CVE-2017-15274 SUSE bug 1045327 SUSE bug 1062471 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Moderate CVE-2017-15275 SUSE bug 1063008 SUSE bug 1069666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. Moderate CVE-2017-15277 SUSE bug 1063050 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." Moderate CVE-2017-15281 SUSE bug 1063049 SUSE bug 1072901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. Moderate CVE-2017-15286 SUSE bug 1063145 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. Moderate CVE-2017-15289 SUSE bug 1063122 SUSE bug 1063123 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. Moderate CVE-2017-15306 SUSE bug 1066707 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. Moderate CVE-2017-15365 SUSE bug 1072167 SUSE bug 1076506 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Moderate CVE-2017-15412 SUSE bug 1071691 SUSE bug 1077993 SUSE bug 1123129 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Moderate CVE-2017-15422 SUSE bug 1071691 SUSE bug 1077999 SUSE bug 1123121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. Moderate CVE-2017-15535 SUSE bug 1065956 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. Important CVE-2017-15588 SUSE bug 1061082 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. Moderate CVE-2017-15589 SUSE bug 1061080 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. Important CVE-2017-15590 SUSE bug 1061076 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. Moderate CVE-2017-15591 SUSE bug 1061077 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. Important CVE-2017-15592 SUSE bug 1061086 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. Moderate CVE-2017-15593 SUSE bug 1061084 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. Important CVE-2017-15594 SUSE bug 1061087 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking. Important CVE-2017-15595 SUSE bug 1061081 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. Moderate CVE-2017-15596 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042931 SUSE bug 1042938 SUSE bug 1047275 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1052686 SUSE bug 1055321 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out. Important CVE-2017-15597 SUSE bug 1061075 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. Moderate CVE-2017-15638 SUSE bug 1064127 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. Important CVE-2017-15649 SUSE bug 1064388 SUSE bug 1064392 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well. Moderate CVE-2017-15652 SUSE bug 1136756 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. Important CVE-2017-15670 SUSE bug 1064583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). Important CVE-2017-15671 SUSE bug 1064569 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. Moderate CVE-2017-15698 SUSE bug 1078679 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. Low CVE-2017-15706 SUSE bug 1078677 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. Moderate CVE-2017-15710 SUSE bug 1086776 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. Moderate CVE-2017-15715 SUSE bug 1086774 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. Moderate CVE-2017-15804 SUSE bug 1064580 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. Moderate CVE-2017-15868 SUSE bug 1071470 SUSE bug 1071471 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. Important CVE-2017-15873 SUSE bug 1064976 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. Low CVE-2017-15874 SUSE bug 1064978 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. Moderate CVE-2017-15896 SUSE bug 1071905 SUSE bug 1072322 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. Moderate CVE-2017-15897 SUSE bug 1072320 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. Moderate CVE-2017-15906 SUSE bug 1064285 SUSE bug 1065000 SUSE bug 1074115 SUSE bug 1079488 SUSE bug 1090163 SUSE bug 1099316 SUSE bug 1138392 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. Moderate CVE-2017-15908 SUSE bug 1065276 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. Moderate CVE-2017-15930 SUSE bug 1066003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). Moderate CVE-2017-15938 SUSE bug 1065693 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. Moderate CVE-2017-15939 SUSE bug 1061623 SUSE bug 1065689 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. Moderate CVE-2017-15951 SUSE bug 1062840 SUSE bug 1065615 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. Moderate CVE-2017-15994 SUSE bug 1065646 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. Moderate CVE-2017-15996 SUSE bug 1065643 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9251. Reason: This candidate is a duplicate of CVE-2015-9251. Notes: All CVE users should reference CVE-2015-9251 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2017-16012 SUSE bug 1111660 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. Moderate CVE-2017-16227 SUSE bug 1065641 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue. Low CVE-2017-16232 SUSE bug 1069213 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. Moderate CVE-2017-16239 SUSE bug 1066198 SUSE bug 1070500 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. Moderate CVE-2017-16352 SUSE bug 1066168 SUSE bug 1066170 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. Moderate CVE-2017-16353 SUSE bug 1066170 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261. Low CVE-2017-1651 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. Moderate CVE-2017-16525 SUSE bug 1066618 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16528 SUSE bug 1066629 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16532 SUSE bug 1066673 SUSE bug 1087082 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16536 SUSE bug 1066606 SUSE bug 1087082 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16537 SUSE bug 1066573 SUSE bug 1087082 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). Moderate CVE-2017-16538 SUSE bug 1066569 SUSE bug 1087082 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. Moderate CVE-2017-16541 SUSE bug 1066489 SUSE bug 1107343 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. Important CVE-2017-16544 SUSE bug 1069412 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. Moderate CVE-2017-16545 SUSE bug 1067184 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. Moderate CVE-2017-16546 SUSE bug 1067181 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. Moderate CVE-2017-16548 SUSE bug 1066644 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. Moderate CVE-2017-16611 SUSE bug 1050459 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. Important CVE-2017-16612 SUSE bug 1065386 SUSE bug 1159415 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16644 SUSE bug 1067118 SUSE bug 1087082 SUSE bug 1091815 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16645 SUSE bug 1067132 SUSE bug 1087082 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16646 SUSE bug 1067105 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. Moderate CVE-2017-16647 SUSE bug 1067102 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. Moderate CVE-2017-16648 SUSE bug 1067087 SUSE bug 1087082 SUSE bug 1146519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. Moderate CVE-2017-16669 SUSE bug 1067409 SUSE bug 1072898 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. Important CVE-2017-16818 SUSE bug 1063014 SUSE bug 1069253 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. Moderate CVE-2017-16826 SUSE bug 1068640 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. Moderate CVE-2017-16827 SUSE bug 1069202 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. Moderate CVE-2017-16828 SUSE bug 1069176 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. Low CVE-2017-16829 SUSE bug 1068950 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. Low CVE-2017-16830 SUSE bug 1068888 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. Moderate CVE-2017-16831 SUSE bug 1068887 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. Low CVE-2017-16832 SUSE bug 1068643 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. Important CVE-2017-16837 SUSE bug 1068390 SUSE bug 889339 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. Moderate CVE-2017-16844 SUSE bug 1068648 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. Low CVE-2017-16845 SUSE bug 1068613 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763. Important CVE-2017-16852 SUSE bug 1068689 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. Important CVE-2017-16853 SUSE bug 1068685 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. Important CVE-2017-16879 SUSE bug 1069530 SUSE bug 1123132 SUSE bug 1175501 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. Moderate CVE-2017-16899 SUSE bug 1069257 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. Moderate CVE-2017-16912 SUSE bug 1078673 SUSE bug 1087082 SUSE bug 1091815 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. Moderate CVE-2017-16913 SUSE bug 1078672 SUSE bug 1087082 SUSE bug 1091815 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream. Moderate CVE-2017-16927 SUSE bug 1069591 SUSE bug 442182 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. Important CVE-2017-16932 SUSE bug 1069689 SUSE bug 1103099 SUSE bug 1123129 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. Important CVE-2017-16939 SUSE bug 1069702 SUSE bug 1069708 SUSE bug 1120260 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. Moderate CVE-2017-16942 SUSE bug 1069874 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. Moderate CVE-2017-16994 SUSE bug 1069996 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. Important CVE-2017-16997 SUSE bug 1073231 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled. Moderate CVE-2017-17046 SUSE bug 1061090 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. Moderate CVE-2017-17052 SUSE bug 1069496 SUSE bug 1070266 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. Moderate CVE-2017-17083 SUSE bug 1070727 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. Moderate CVE-2017-17084 SUSE bug 1070727 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. Moderate CVE-2017-17085 SUSE bug 1070727 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. Low CVE-2017-17087 SUSE bug 1065958 SUSE bug 1070955 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. Important CVE-2017-17095 SUSE bug 1071031 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. Moderate CVE-2017-17121 SUSE bug 1071544 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. Moderate CVE-2017-17122 SUSE bug 1071440 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. Moderate CVE-2017-17125 SUSE bug 1071022 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. Moderate CVE-2017-17126 SUSE bug 1071016 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. Moderate CVE-2017-17381 SUSE bug 1071228 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. Important CVE-2017-17405 SUSE bug 1073002 SUSE bug 1078782 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. Moderate CVE-2017-17426 SUSE bug 1071479 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. Moderate CVE-2017-17433 SUSE bug 1071459 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. Moderate CVE-2017-17434 SUSE bug 1071460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. Moderate CVE-2017-17448 SUSE bug 1071693 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. Moderate CVE-2017-17449 SUSE bug 1071694 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. Low CVE-2017-17450 SUSE bug 1071695 SUSE bug 1074033 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. Moderate CVE-2017-17484 SUSE bug 1072193 SUSE bug 1123121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. Moderate CVE-2017-17498 SUSE bug 1072103 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. Moderate CVE-2017-17500 SUSE bug 1077737 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. Low CVE-2017-17501 SUSE bug 1074023 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. Low CVE-2017-17502 SUSE bug 1073081 SUSE bug 1077737 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. Moderate CVE-2017-17503 SUSE bug 1072934 SUSE bug 1073081 SUSE bug 1077737 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. Moderate CVE-2017-17504 SUSE bug 1072362 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. Moderate CVE-2017-17563 SUSE bug 1070159 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. Moderate CVE-2017-17564 SUSE bug 1070160 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. Moderate CVE-2017-17565 SUSE bug 1070163 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. Moderate CVE-2017-17566 SUSE bug 1070158 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. Moderate CVE-2017-17680 SUSE bug 1072902 SUSE bug 1074122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. Moderate CVE-2017-17681 SUSE bug 1072901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. Moderate CVE-2017-17682 SUSE bug 1072898 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. Important CVE-2017-17688 SUSE bug 1093151 SUSE bug 1093727 SUSE bug 1093971 SUSE bug 1093973 SUSE bug 1115719 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. Moderate CVE-2017-17689 SUSE bug 1093152 SUSE bug 1093727 SUSE bug 1093969 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. Important CVE-2017-17712 SUSE bug 1073229 SUSE bug 1073230 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference. Moderate CVE-2017-17725 SUSE bug 1080734 SUSE bug 1184749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. Important CVE-2017-17741 SUSE bug 1073311 SUSE bug 1091815 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. Moderate CVE-2017-17742 SUSE bug 1087434 SUSE bug 1136906 SUSE bug 1152992 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. Moderate CVE-2017-17790 SUSE bug 1073002 SUSE bug 1078782 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. Important CVE-2017-17805 SUSE bug 1073792 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. Low CVE-2017-17806 SUSE bug 1073874 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. Moderate CVE-2017-17807 SUSE bug 1073860 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. Important CVE-2017-17833 SUSE bug 1090638 SUSE bug 1099519 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. Moderate CVE-2017-17862 SUSE bug 1073928 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." Moderate CVE-2017-17864 SUSE bug 1073928 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. Low CVE-2017-17879 SUSE bug 1074125 SUSE bug 1074175 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. Moderate CVE-2017-17880 SUSE bug 1074124 SUSE bug 1074299 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. Moderate CVE-2017-17881 SUSE bug 1074123 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. Moderate CVE-2017-17882 SUSE bug 1074122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. Moderate CVE-2017-17883 SUSE bug 1074121 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. Moderate CVE-2017-17884 SUSE bug 1074120 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. Moderate CVE-2017-17885 SUSE bug 1074119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. Moderate CVE-2017-17887 SUSE bug 1074117 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. Moderate CVE-2017-17914 SUSE bug 1074185 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 ** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. Moderate CVE-2017-17916 SUSE bug 1074346 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. Moderate CVE-2017-17917 SUSE bug 1074347 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. Moderate CVE-2017-17919 SUSE bug 1074348 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input. Moderate CVE-2017-17920 SUSE bug 1074349 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. Moderate CVE-2017-17934 SUSE bug 1074170 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. Moderate CVE-2017-17935 SUSE bug 1074171 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. Moderate CVE-2017-17942 SUSE bug 1074186 SUSE bug 1150480 SUSE bug 983440 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. Important CVE-2017-17969 SUSE bug 1077725 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue. Important CVE-2017-17973 SUSE bug 1074318 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. Low CVE-2017-17975 SUSE bug 1074426 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. Moderate CVE-2017-17997 SUSE bug 1077080 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. Moderate CVE-2017-18008 SUSE bug 1074309 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. Important CVE-2017-18013 SUSE bug 1074317 SUSE bug 1082825 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Moderate CVE-2017-18017 SUSE bug 1074488 SUSE bug 1080255 SUSE bug 1091815 SUSE bug 971126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. Moderate CVE-2017-18022 SUSE bug 1074969 SUSE bug 1074975 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. Moderate CVE-2017-18027 SUSE bug 1076051 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. Low CVE-2017-18028 SUSE bug 1076182 SUSE bug 1082792 SUSE bug 1085236 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. Moderate CVE-2017-18029 SUSE bug 1076021 SUSE bug 1076051 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. Low CVE-2017-18030 SUSE bug 1076179 SUSE bug 1076180 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). Low CVE-2017-18043 SUSE bug 1076775 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. Important CVE-2017-18078 SUSE bug 1077925 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. Moderate CVE-2017-18174 SUSE bug 1080533 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. Moderate CVE-2017-18183 SUSE bug 1080935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. Moderate CVE-2017-18184 SUSE bug 1080952 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. Moderate CVE-2017-18186 SUSE bug 1080925 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). Important CVE-2017-18190 SUSE bug 1081557 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. Moderate CVE-2017-18191 SUSE bug 1081685 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. Moderate CVE-2017-18200 SUSE bug 1082754 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. Moderate CVE-2017-18201 SUSE bug 1082877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. Moderate CVE-2017-18204 SUSE bug 1083244 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. Moderate CVE-2017-18205 SUSE bug 1082998 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. Moderate CVE-2017-18206 SUSE bug 1083002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. Moderate CVE-2017-18208 SUSE bug 1083494 SUSE bug 1087082 SUSE bug 1091815 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. Low CVE-2017-18209 SUSE bug 1083628 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. Moderate CVE-2017-18210 SUSE bug 1083632 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. Low CVE-2017-18211 SUSE bug 1083634 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit. Moderate CVE-2017-18218 SUSE bug 1084055 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. Moderate CVE-2017-18219 SUSE bug 1084060 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. Moderate CVE-2017-18220 SUSE bug 1084062 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings. Important CVE-2017-18222 SUSE bug 1084529 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. Moderate CVE-2017-18224 SUSE bug 1084831 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. Moderate CVE-2017-18229 SUSE bug 1076182 SUSE bug 1085236 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-18230 SUSE bug 1085233 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-18231 SUSE bug 1085232 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file. Low CVE-2017-18233 SUSE bug 1085584 SUSE bug 1085585 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. Moderate CVE-2017-18234 SUSE bug 1085585 SUSE bug 1103718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file. Low CVE-2017-18235 SUSE bug 1085587 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. Low CVE-2017-18236 SUSE bug 1085585 SUSE bug 1085589 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file. Low CVE-2017-18237 SUSE bug 1085590 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. Low CVE-2017-18238 SUSE bug 1085583 SUSE bug 1085585 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. Moderate CVE-2017-18241 SUSE bug 1086400 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. Moderate CVE-2017-18249 SUSE bug 1087036 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. Low CVE-2017-18250 SUSE bug 1087039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. Low CVE-2017-18251 SUSE bug 1087037 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. Low CVE-2017-18252 SUSE bug 1087033 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. Low CVE-2017-18253 SUSE bug 1087030 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. Low CVE-2017-18254 SUSE bug 1087027 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. Moderate CVE-2017-18255 SUSE bug 1087082 SUSE bug 1087813 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. Moderate CVE-2017-18257 SUSE bug 1088241 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. Low CVE-2017-18258 SUSE bug 1088279 SUSE bug 1088601 SUSE bug 1105166 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER. Moderate CVE-2017-18261 SUSE bug 1090225 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. Low CVE-2017-18267 SUSE bug 1092945 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. Moderate CVE-2017-18269 SUSE bug 1094150 SUSE bug 1118435 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. Important CVE-2017-18342 SUSE bug 1099308 SUSE bug 1164453 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). Important CVE-2017-18344 SUSE bug 1087082 SUSE bug 1102851 SUSE bug 1103203 SUSE bug 1103580 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. Moderate CVE-2017-18509 SUSE bug 1145477 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. Moderate CVE-2017-18551 SUSE bug 1146163 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. Moderate CVE-2017-18595 SUSE bug 1149555 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. Moderate CVE-2017-18635 SUSE bug 1152255 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. Important CVE-2017-18922 SUSE bug 1173477 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). Important CVE-2017-18926 SUSE bug 1178593 SUSE bug 1178784 SUSE bug 1178903 SUSE bug 1183914 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). Moderate CVE-2017-20006 SUSE bug 1187974 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Moderate CVE-2017-2350 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2354 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site. Moderate CVE-2017-2355 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2356 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2362 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Moderate CVE-2017-2363 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Moderate CVE-2017-2364 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Moderate CVE-2017-2365 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2366 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2369 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. Moderate CVE-2017-2371 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2373 SUSE bug 1024749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2496 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. Moderate CVE-2017-2510 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. Important CVE-2017-2518 SUSE bug 1155787 SUSE bug 1194085 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2538 SUSE bug 1045460 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-2539 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution. Moderate CVE-2017-2581 SUSE bug 1024287 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. Moderate CVE-2017-2583 SUSE bug 1020602 SUSE bug 1030573 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. Moderate CVE-2017-2584 SUSE bug 1019851 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash. Moderate CVE-2017-2586 SUSE bug 1024287 SUSE bug 1024292 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash. Moderate CVE-2017-2587 SUSE bug 1024287 SUSE bug 1024294 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens). Moderate CVE-2017-2592 SUSE bug 1022043 SUSE bug 1022152 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. Low CVE-2017-2596 SUSE bug 1022785 SUSE bug 1027179 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Moderate CVE-2017-2615 SUSE bug 1023004 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. Important CVE-2017-2616 SUSE bug 1023041 SUSE bug 1123789 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Important CVE-2017-2619 SUSE bug 1027147 SUSE bug 1036283 SUSE bug 1054017 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Moderate CVE-2017-2620 SUSE bug 1024834 SUSE bug 1024972 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. Moderate CVE-2017-2624 SUSE bug 1025029 SUSE bug 1025639 SUSE bug 1035283 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. Moderate CVE-2017-2625 SUSE bug 1025046 SUSE bug 1025068 SUSE bug 1025639 SUSE bug 1123802 SUSE bug 815650 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. Moderate CVE-2017-2626 SUSE bug 1025068 SUSE bug 1025639 SUSE bug 1048274 SUSE bug 1123800 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. Moderate CVE-2017-2628 SUSE bug 1092962 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status). Moderate CVE-2017-2629 SUSE bug 1025379 SUSE bug 1042181 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. Moderate CVE-2017-2630 SUSE bug 1025396 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. Low CVE-2017-2633 SUSE bug 1026612 SUSE bug 1026636 SUSE bug 1074701 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. Moderate CVE-2017-2634 SUSE bug 1026830 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service. Low CVE-2017-2635 SUSE bug 1027075 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Moderate CVE-2017-2636 SUSE bug 1027565 SUSE bug 1027575 SUSE bug 1028372 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. Moderate CVE-2017-2647 SUSE bug 1030593 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang. Moderate CVE-2017-2669 SUSE bug 1032248 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. Moderate CVE-2017-2671 SUSE bug 1027179 SUSE bug 1031003 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. Important CVE-2017-2810 SUSE bug 1044329 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. Important CVE-2017-2814 SUSE bug 1047909 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. Important CVE-2017-2818 SUSE bug 1047950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. Moderate CVE-2017-2820 SUSE bug 1047949 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. Moderate CVE-2017-2862 SUSE bug 1048289 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. Moderate CVE-2017-2870 SUSE bug 1048289 SUSE bug 1048544 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Important CVE-2017-2885 SUSE bug 1052916 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Important CVE-2017-2888 SUSE bug 1062777 SUSE bug 1062784 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. Important CVE-2017-3135 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1024130 SUSE bug 1033466 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. Important CVE-2017-3136 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1024130 SUSE bug 1033461 SUSE bug 1033466 SUSE bug 1081545 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Important CVE-2017-3137 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1024130 SUSE bug 1033461 SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1034162 SUSE bug 1076118 SUSE bug 1081545 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9. Moderate CVE-2017-3138 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1024130 SUSE bug 1033461 SUSE bug 1033466 SUSE bug 1033468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1. Moderate CVE-2017-3140 SUSE bug 1044225 SUSE bug 1044226 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1. Moderate CVE-2017-3141 SUSE bug 1044225 SUSE bug 1044226 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. Moderate CVE-2017-3142 SUSE bug 1024130 SUSE bug 1046554 SUSE bug 1046555 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. Moderate CVE-2017-3143 SUSE bug 1024130 SUSE bug 1046554 SUSE bug 1046555 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Moderate CVE-2017-3144 SUSE bug 1076118 SUSE bug 1076119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. Important CVE-2017-3145 SUSE bug 1076118 SUSE bug 1101131 SUSE bug 1177790 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Moderate CVE-2017-3167 SUSE bug 1045065 SUSE bug 1078450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. Moderate CVE-2017-3169 SUSE bug 1045062 SUSE bug 1078450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data. Moderate CVE-2017-3225 SUSE bug 1058437 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message. Moderate CVE-2017-3226 SUSE bug 1058438 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). Moderate CVE-2017-3231 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). Moderate CVE-2017-3238 SUSE bug 1020868 SUSE bug 1020882 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). Critical CVE-2017-3241 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). Moderate CVE-2017-3243 SUSE bug 1020868 SUSE bug 1020891 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). Moderate CVE-2017-3244 SUSE bug 1020868 SUSE bug 1020877 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts). Moderate CVE-2017-3251 SUSE bug 1020868 SUSE bug 1020888 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts). Important CVE-2017-3252 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts). Important CVE-2017-3253 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). Moderate CVE-2017-3256 SUSE bug 1020868 SUSE bug 1020883 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). Moderate CVE-2017-3257 SUSE bug 1020868 SUSE bug 1020878 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). Moderate CVE-2017-3258 SUSE bug 1020868 SUSE bug 1020875 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts). Moderate CVE-2017-3259 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). Important CVE-2017-3260 SUSE bug 1020905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). Moderate CVE-2017-3261 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). Moderate CVE-2017-3265 SUSE bug 1020868 SUSE bug 1020885 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). Critical CVE-2017-3272 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). Moderate CVE-2017-3273 SUSE bug 1020868 SUSE bug 1020876 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). Critical CVE-2017-3289 SUSE bug 1020905 SUSE bug 1024218 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). Moderate CVE-2017-3291 SUSE bug 1020868 SUSE bug 1020884 SUSE bug 998309 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. Moderate CVE-2017-3302 SUSE bug 1022428 SUSE bug 1034850 SUSE bug 1034911 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle". Moderate CVE-2017-3305 SUSE bug 1029396 SUSE bug 1034850 SUSE bug 1037590 SUSE bug 924663 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Moderate CVE-2017-3308 SUSE bug 1034850 SUSE bug 1048715 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). Moderate CVE-2017-3309 SUSE bug 1034850 SUSE bug 1048715 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). Moderate CVE-2017-3312 SUSE bug 1020868 SUSE bug 1020873 SUSE bug 998309 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). Low CVE-2017-3313 SUSE bug 1020868 SUSE bug 1020890 SUSE bug 1034911 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). Low CVE-2017-3317 SUSE bug 1020868 SUSE bug 1020894 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). Low CVE-2017-3318 SUSE bug 1020868 SUSE bug 1020896 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). Low CVE-2017-3319 SUSE bug 1020868 SUSE bug 1020898 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts). Moderate CVE-2017-3320 SUSE bug 1020868 SUSE bug 1020901 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3331 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3450 SUSE bug 1034850 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3452 SUSE bug 1034850 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3453 SUSE bug 1034850 SUSE bug 1048715 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Moderate CVE-2017-3455 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3456 SUSE bug 1034850 SUSE bug 1048715 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3457 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3458 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3459 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3460 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2017-3464 SUSE bug 1034850 SUSE bug 1048715 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2017-3465 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2017-3467 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). Moderate CVE-2017-3509 SUSE bug 1034849 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2017-3511 SUSE bug 1034849 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Moderate CVE-2017-3512 SUSE bug 1034849 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Moderate CVE-2017-3514 SUSE bug 1034849 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Important CVE-2017-3526 SUSE bug 1034849 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3529 SUSE bug 1049393 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2017-3533 SUSE bug 1034849 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Moderate CVE-2017-3539 SUSE bug 1005522 SUSE bug 1034849 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Important CVE-2017-3544 SUSE bug 1034849 SUSE bug 1038505 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet. Moderate CVE-2017-3599 SUSE bug 1034850 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H). Moderate CVE-2017-3633 SUSE bug 1049394 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3634 SUSE bug 1049396 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Moderate CVE-2017-3636 SUSE bug 1049399 SUSE bug 1049422 SUSE bug 1054591 SUSE bug 1076506 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3637 SUSE bug 1049400 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3638 SUSE bug 1049401 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3639 SUSE bug 1049402 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3640 SUSE bug 1049403 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3641 SUSE bug 1049404 SUSE bug 1049422 SUSE bug 1054591 SUSE bug 1076506 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3642 SUSE bug 1049405 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3643 SUSE bug 1049406 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3644 SUSE bug 1049407 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3645 SUSE bug 1049408 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3646 SUSE bug 1049409 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3647 SUSE bug 1049410 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3648 SUSE bug 1049411 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2017-3649 SUSE bug 1049412 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Low CVE-2017-3650 SUSE bug 1049414 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2017-3651 SUSE bug 1049415 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). Moderate CVE-2017-3652 SUSE bug 1049416 SUSE bug 1049422 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). Low CVE-2017-3653 SUSE bug 1049417 SUSE bug 1049422 SUSE bug 1054591 SUSE bug 1076506 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. Moderate CVE-2017-3730 SUSE bug 1021641 SUSE bug 1022084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. Moderate CVE-2017-3731 SUSE bug 1021641 SUSE bug 1022085 SUSE bug 1064118 SUSE bug 1064119 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. Low CVE-2017-3732 SUSE bug 1021641 SUSE bug 1022086 SUSE bug 1049418 SUSE bug 1049421 SUSE bug 1049422 SUSE bug 1066242 SUSE bug 1071906 SUSE bug 957814 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. Moderate CVE-2017-3733 SUSE bug 1025661 SUSE bug 1064200 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. Moderate CVE-2017-3735 SUSE bug 1056058 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Moderate CVE-2017-3736 SUSE bug 1066242 SUSE bug 1071906 SUSE bug 1076369 SUSE bug 957814 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. Moderate CVE-2017-3737 SUSE bug 1071905 SUSE bug 1072322 SUSE bug 1076369 SUSE bug 1089987 SUSE bug 1089997 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. Low CVE-2017-3738 SUSE bug 1071906 SUSE bug 1097757 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. Low CVE-2017-4965 SUSE bug 1037777 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. Low CVE-2017-4967 SUSE bug 1037777 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Moderate CVE-2017-5029 SUSE bug 1028848 SUSE bug 1028875 SUSE bug 1035905 SUSE bug 1123130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Important CVE-2017-5031 SUSE bug 1028848 SUSE bug 1028875 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. Important CVE-2017-5123 SUSE bug 1062473 SUSE bug 1122971 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. Important CVE-2017-5130 SUSE bug 1064066 SUSE bug 1064089 SUSE bug 1078806 SUSE bug 1123129 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). Moderate CVE-2017-5202 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). Moderate CVE-2017-5203 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). Moderate CVE-2017-5204 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). Moderate CVE-2017-5205 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. Moderate CVE-2017-5209 SUSE bug 1019531 SUSE bug 1021610 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. Moderate CVE-2017-5225 SUSE bug 1019611 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. Moderate CVE-2017-5334 SUSE bug 1018831 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. Moderate CVE-2017-5335 SUSE bug 1018832 SUSE bug 1021057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. Moderate CVE-2017-5336 SUSE bug 1018832 SUSE bug 1021057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Moderate CVE-2017-5337 SUSE bug 1018832 SUSE bug 1021057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). Moderate CVE-2017-5341 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). Moderate CVE-2017-5342 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. Low CVE-2017-5357 SUSE bug 1019807 SUSE bug 1148899 SUSE bug 1196769 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Important CVE-2017-5373 SUSE bug 1021824 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Important CVE-2017-5374 SUSE bug 1021841 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Important CVE-2017-5375 SUSE bug 1021814 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Important CVE-2017-5376 SUSE bug 1021817 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. Important CVE-2017-5377 SUSE bug 1021826 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Moderate CVE-2017-5378 SUSE bug 1021818 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. Moderate CVE-2017-5379 SUSE bug 1021827 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Moderate CVE-2017-5380 SUSE bug 1021819 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. Moderate CVE-2017-5381 SUSE bug 1021830 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. Moderate CVE-2017-5382 SUSE bug 1021831 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Moderate CVE-2017-5383 SUSE bug 1021822 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51. Moderate CVE-2017-5384 SUSE bug 1021832 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. Moderate CVE-2017-5385 SUSE bug 1021833 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Moderate CVE-2017-5386 SUSE bug 1021823 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51. Low CVE-2017-5387 SUSE bug 1021839 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. Moderate CVE-2017-5388 SUSE bug 1021840 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. Moderate CVE-2017-5389 SUSE bug 1021828 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Moderate CVE-2017-5390 SUSE bug 1021820 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51. Important CVE-2017-5391 SUSE bug 1021835 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Important CVE-2017-5392 SUSE bug 1021836 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. Moderate CVE-2017-5393 SUSE bug 1021837 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Moderate CVE-2017-5394 SUSE bug 1021834 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. Moderate CVE-2017-5395 SUSE bug 1021838 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Moderate CVE-2017-5396 SUSE bug 1021821 SUSE bug 1021991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. Critical CVE-2017-5397 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5398 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5400 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5401 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5402 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5404 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5405 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5407 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5408 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52. Moderate CVE-2017-5409 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Moderate CVE-2017-5410 SUSE bug 1028391 SUSE bug 1028393 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. Important CVE-2017-5428 SUSE bug 1029822 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5429 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Critical CVE-2017-5430 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5432 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5433 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5434 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Critical CVE-2017-5435 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Moderate CVE-2017-5436 SUSE bug 1035082 SUSE bug 1035204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197. Reason: This candidate is a duplicate of CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. Notes: All CVE users should reference CVE-2016-10195, CVE-2016-10196, and/or CVE-2016-10197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2017-5437 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5438 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5439 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5440 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5441 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5442 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5443 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5444 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5445 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5446 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5447 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5448 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Moderate CVE-2017-5449 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Moderate CVE-2017-5451 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5454 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Important CVE-2017-5455 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. Important CVE-2017-5456 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Critical CVE-2017-5459 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5460 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. Critical CVE-2017-5461 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5462 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5464 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5465 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Critical CVE-2017-5466 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Moderate CVE-2017-5467 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Important CVE-2017-5469 SUSE bug 1035082 SUSE bug 1035209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-5470 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-5472 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. Moderate CVE-2017-5482 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). Moderate CVE-2017-5483 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). Moderate CVE-2017-5484 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap(). Moderate CVE-2017-5485 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). Moderate CVE-2017-5486 SUSE bug 1020940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10. Moderate CVE-2017-5495 SUSE bug 1021669 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. Low CVE-2017-5498 SUSE bug 1020353 SUSE bug 1020451 SUSE bug 1020456 SUSE bug 1020460 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. Moderate CVE-2017-5506 SUSE bug 1020436 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. Moderate CVE-2017-5507 SUSE bug 1020439 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. Moderate CVE-2017-5508 SUSE bug 1020441 SUSE bug 1086782 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. Moderate CVE-2017-5509 SUSE bug 1020445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. Moderate CVE-2017-5510 SUSE bug 1020446 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. Moderate CVE-2017-5511 SUSE bug 1020448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. Moderate CVE-2017-5525 SUSE bug 1020491 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. Moderate CVE-2017-5526 SUSE bug 1020589 SUSE bug 1059777 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. Moderate CVE-2017-5545 SUSE bug 1021610 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Moderate CVE-2017-5548 SUSE bug 1021255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. Moderate CVE-2017-5550 SUSE bug 1021257 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. Low CVE-2017-5551 SUSE bug 1021258 SUSE bug 995968 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. Moderate CVE-2017-5552 SUSE bug 1021195 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call. Low CVE-2017-5576 SUSE bug 1021294 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. Low CVE-2017-5577 SUSE bug 1021294 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. Moderate CVE-2017-5578 SUSE bug 1021481 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. Low CVE-2017-5579 SUSE bug 1021741 SUSE bug 1022627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction. Moderate CVE-2017-5580 SUSE bug 1021627 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. Low CVE-2017-5596 SUSE bug 1021739 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. Low CVE-2017-5597 SUSE bug 1021739 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. Moderate CVE-2017-5601 SUSE bug 1022528 SUSE bug 1189528 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. Important CVE-2017-5618 SUSE bug 1021743 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later. Important CVE-2017-5637 SUSE bug 1040519 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Moderate CVE-2017-5645 SUSE bug 1034569 SUSE bug 1159646 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. Moderate CVE-2017-5647 SUSE bug 1033448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Low CVE-2017-5648 SUSE bug 1033447 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads. Important CVE-2017-5650 SUSE bug 1033446 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Moderate CVE-2017-5651 SUSE bug 1033444 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. Moderate CVE-2017-5664 SUSE bug 1042910 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. Moderate CVE-2017-5667 SUSE bug 1022541 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. Moderate CVE-2017-5669 SUSE bug 1026914 SUSE bug 1102390 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Important CVE-2017-5715 SUSE bug 1068032 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1074741 SUSE bug 1074919 SUSE bug 1075006 SUSE bug 1075007 SUSE bug 1075262 SUSE bug 1075419 SUSE bug 1076115 SUSE bug 1076372 SUSE bug 1078353 SUSE bug 1080039 SUSE bug 1087887 SUSE bug 1087939 SUSE bug 1088147 SUSE bug 1091815 SUSE bug 1095735 SUSE bug 1102517 SUSE bug 1105108 SUSE bug 1126516 SUSE bug 1173489 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Important CVE-2017-5753 SUSE bug 1068032 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075419 SUSE bug 1075748 SUSE bug 1080039 SUSE bug 1087084 SUSE bug 1087939 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. Important CVE-2017-5754 SUSE bug 1068032 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 1074701 SUSE bug 1075006 SUSE bug 1075008 SUSE bug 1087939 SUSE bug 1115045 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. Moderate CVE-2017-5834 SUSE bug 1023848 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. Low CVE-2017-5835 SUSE bug 1023822 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. Low CVE-2017-5836 SUSE bug 1023807 SUSE bug 1023848 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. Low CVE-2017-5837 SUSE bug 1023259 SUSE bug 1024076 SUSE bug 1024079 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. Moderate CVE-2017-5838 SUSE bug 1023259 SUSE bug 1024051 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. Low CVE-2017-5839 SUSE bug 1023259 SUSE bug 1024047 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. Low CVE-2017-5840 SUSE bug 1023259 SUSE bug 1024034 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. Low CVE-2017-5841 SUSE bug 1023259 SUSE bug 1024030 SUSE bug 1024062 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. Low CVE-2017-5842 SUSE bug 1023259 SUSE bug 1024041 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. Low CVE-2017-5843 SUSE bug 1023259 SUSE bug 1024044 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. Low CVE-2017-5844 SUSE bug 1023259 SUSE bug 1024079 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. Low CVE-2017-5845 SUSE bug 1023259 SUSE bug 1024062 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. Low CVE-2017-5848 SUSE bug 1023259 SUSE bug 1024068 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. Moderate CVE-2017-5849 SUSE bug 1022790 SUSE bug 1022791 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. Moderate CVE-2017-5856 SUSE bug 1023053 SUSE bug 1024186 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. Low CVE-2017-5857 SUSE bug 1023073 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. Moderate CVE-2017-5884 SUSE bug 1024266 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. Moderate CVE-2017-5885 SUSE bug 1024268 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. Moderate CVE-2017-5897 SUSE bug 1023762 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. Moderate CVE-2017-5898 SUSE bug 1023907 SUSE bug 1024307 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. Moderate CVE-2017-5931 SUSE bug 1024114 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. Moderate CVE-2017-5932 SUSE bug 1024171 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command. Moderate CVE-2017-5937 SUSE bug 1024232 SUSE bug 1041089 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Moderate CVE-2017-5951 SUSE bug 1032114 SUSE bug 1036453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. Moderate CVE-2017-5953 SUSE bug 1024724 SUSE bug 1123143 SUSE bug 1173534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index. Moderate CVE-2017-5956 SUSE bug 1024992 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument. Moderate CVE-2017-5957 SUSE bug 1024993 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser." Moderate CVE-2017-5969 SUSE bug 1024989 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. Important CVE-2017-5970 SUSE bug 1024938 SUSE bug 1025013 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. Moderate CVE-2017-5973 SUSE bug 1025109 SUSE bug 1025188 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. Moderate CVE-2017-5986 SUSE bug 1025235 SUSE bug 1027066 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. Low CVE-2017-5987 SUSE bug 1025311 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands. Low CVE-2017-5993 SUSE bug 1025505 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter. Low CVE-2017-5994 SUSE bug 1025507 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Low CVE-2017-6000 SUSE bug 1025594 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. Moderate CVE-2017-6001 SUSE bug 1015160 SUSE bug 1025626 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression. Important CVE-2017-6004 SUSE bug 1025709 SUSE bug 1191803 SUSE bug 1193384 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. Moderate CVE-2017-6014 SUSE bug 1025913 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping. Moderate CVE-2017-6058 SUSE bug 1025837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. Important CVE-2017-6074 SUSE bug 1026024 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. Moderate CVE-2017-6181 SUSE bug 1033625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. Moderate CVE-2017-6196 SUSE bug 1027039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties. Moderate CVE-2017-6209 SUSE bug 1026723 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero). Moderate CVE-2017-6210 SUSE bug 1026725 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. Moderate CVE-2017-6214 SUSE bug 1026722 SUSE bug 1027179 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. Moderate CVE-2017-6311 SUSE bug 1027024 SUSE bug 1027027 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. Moderate CVE-2017-6312 SUSE bug 1027024 SUSE bug 1027026 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. Moderate CVE-2017-6313 SUSE bug 1027024 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. Moderate CVE-2017-6314 SUSE bug 1027024 SUSE bug 1027025 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable. Moderate CVE-2017-6317 SUSE bug 1026922 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. Moderate CVE-2017-6318 SUSE bug 1027197 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. Moderate CVE-2017-6345 SUSE bug 1027179 SUSE bug 1027190 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. Moderate CVE-2017-6346 SUSE bug 1027179 SUSE bug 1027189 SUSE bug 1064388 SUSE bug 1064392 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. Moderate CVE-2017-6347 SUSE bug 1027179 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. Moderate CVE-2017-6348 SUSE bug 1027178 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. Moderate CVE-2017-6349 SUSE bug 1027057 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. Moderate CVE-2017-6350 SUSE bug 1027053 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. Moderate CVE-2017-6353 SUSE bug 1025235 SUSE bug 1027066 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access. Moderate CVE-2017-6355 SUSE bug 1027108 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. Important CVE-2017-6362 SUSE bug 1056993 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands. Low CVE-2017-6386 SUSE bug 1027376 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object. Moderate CVE-2017-6414 SUSE bug 1027514 SUSE bug 1027570 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Moderate CVE-2017-6418 SUSE bug 1052466 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. Moderate CVE-2017-6419 SUSE bug 1052449 SUSE bug 1083915 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. Moderate CVE-2017-6420 SUSE bug 1052448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file. Moderate CVE-2017-6435 SUSE bug 1029639 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Low CVE-2017-6436 SUSE bug 1029751 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file. Moderate CVE-2017-6437 SUSE bug 1029707 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file. Moderate CVE-2017-6438 SUSE bug 1029706 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file. Moderate CVE-2017-6439 SUSE bug 1029638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. Moderate CVE-2017-6440 SUSE bug 1029631 SUSE bug 1029706 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. Moderate CVE-2017-6451 SUSE bug 1030050 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Moderate CVE-2017-6458 SUSE bug 1030050 SUSE bug 1038049 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. Moderate CVE-2017-6460 SUSE bug 1030050 SUSE bug 1038049 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. Moderate CVE-2017-6462 SUSE bug 1030050 SUSE bug 1038049 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. Moderate CVE-2017-6463 SUSE bug 1030050 SUSE bug 1038049 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. Moderate CVE-2017-6464 SUSE bug 1030050 SUSE bug 1038049 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). Low CVE-2017-6497 SUSE bug 1028087 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. Moderate CVE-2017-6498 SUSE bug 1028085 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). Low CVE-2017-6499 SUSE bug 1028083 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. Moderate CVE-2017-6501 SUSE bug 1028071 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). Low CVE-2017-6502 SUSE bug 1028075 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. Moderate CVE-2017-6505 SUSE bug 1028184 SUSE bug 1028235 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic. Moderate CVE-2017-6507 SUSE bug 1029696 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. Moderate CVE-2017-6508 SUSE bug 1028301 SUSE bug 1159418 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. Moderate CVE-2017-6512 SUSE bug 1042218 SUSE bug 1047178 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. Moderate CVE-2017-6519 SUSE bug 1037001 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries. Moderate CVE-2017-6590 SUSE bug 1028792 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. Moderate CVE-2017-6827 SUSE bug 1026979 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. Moderate CVE-2017-6828 SUSE bug 1026980 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Moderate CVE-2017-6829 SUSE bug 1026981 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Moderate CVE-2017-6830 SUSE bug 1026982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Low CVE-2017-6831 SUSE bug 1026983 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Low CVE-2017-6832 SUSE bug 1026984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. Low CVE-2017-6833 SUSE bug 1026985 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Moderate CVE-2017-6834 SUSE bug 1026986 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. Low CVE-2017-6835 SUSE bug 1026988 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file. Low CVE-2017-6836 SUSE bug 1026987 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. Moderate CVE-2017-6837 SUSE bug 1026978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Moderate CVE-2017-6838 SUSE bug 1026978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. Moderate CVE-2017-6839 SUSE bug 1026978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. Low CVE-2017-6850 SUSE bug 1021868 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. Moderate CVE-2017-6874 SUSE bug 1029314 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. Moderate CVE-2017-6888 SUSE bug 1091045 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. Moderate CVE-2017-6892 SUSE bug 1043978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the "dead" type. Moderate CVE-2017-6951 SUSE bug 1029850 SUSE bug 1030593 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. Moderate CVE-2017-6965 SUSE bug 1029909 SUSE bug 1030295 SUSE bug 1030296 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. Important CVE-2017-6966 SUSE bug 1029908 SUSE bug 1030295 SUSE bug 1030296 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. Moderate CVE-2017-6967 SUSE bug 1029912 SUSE bug 442182 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. Moderate CVE-2017-6969 SUSE bug 1029907 SUSE bug 1030295 SUSE bug 1030296 SUSE bug 1105209 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. Critical CVE-2017-7006 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements. Critical CVE-2017-7011 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7012 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7018 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7019 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7020 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7030 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7034 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7037 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. Critical CVE-2017-7038 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7039 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7040 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7041 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7042 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7043 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7046 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7048 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7049 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7052 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7055 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7056 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. Critical CVE-2017-7059 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Critical CVE-2017-7061 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Critical CVE-2017-7064 SUSE bug 1050469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7081 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7087 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. Important CVE-2017-7089 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. Important CVE-2017-7090 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-7091 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-7092 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7093 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7094 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-7095 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7096 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7098 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7099 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7100 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7102 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7104 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7107 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy. Important CVE-2017-7109 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-7111 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7117 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Important CVE-2017-7120 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. Important CVE-2017-7142 SUSE bug 1066892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-7156 SUSE bug 1073654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Moderate CVE-2017-7157 SUSE bug 1073654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. Moderate CVE-2017-7184 SUSE bug 1030573 SUSE bug 1030575 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. Moderate CVE-2017-7186 SUSE bug 1030066 SUSE bug 1037164 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. Moderate CVE-2017-7187 SUSE bug 1027179 SUSE bug 1030213 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. Low CVE-2017-7207 SUSE bug 1030263 SUSE bug 1036453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. Moderate CVE-2017-7209 SUSE bug 1030295 SUSE bug 1030296 SUSE bug 1030298 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. Moderate CVE-2017-7210 SUSE bug 1030295 SUSE bug 1030296 SUSE bug 1030297 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. Moderate CVE-2017-7214 SUSE bug 1030406 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. Moderate CVE-2017-7223 SUSE bug 1030295 SUSE bug 1030296 SUSE bug 1030589 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. Moderate CVE-2017-7224 SUSE bug 1030295 SUSE bug 1030296 SUSE bug 1030588 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. Moderate CVE-2017-7225 SUSE bug 1030295 SUSE bug 1030296 SUSE bug 1030585 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. Moderate CVE-2017-7226 SUSE bug 1030295 SUSE bug 1030296 SUSE bug 1030584 SUSE bug 1105209 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. Moderate CVE-2017-7227 SUSE bug 1030583 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. Important CVE-2017-7228 SUSE bug 1030442 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. Moderate CVE-2017-7233 SUSE bug 1031450 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability. Moderate CVE-2017-7234 SUSE bug 1031451 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. Moderate CVE-2017-7244 SUSE bug 1030807 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. Moderate CVE-2017-7245 SUSE bug 1030805 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. Moderate CVE-2017-7246 SUSE bug 1030803 SUSE bug 1030805 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. Moderate CVE-2017-7261 SUSE bug 1027179 SUSE bug 1031052 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. Moderate CVE-2017-7275 SUSE bug 1031267 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. Moderate CVE-2017-7277 SUSE bug 1031265 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Low CVE-2017-7286 SUSE bug 1033458 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. Moderate CVE-2017-7294 SUSE bug 1027179 SUSE bug 1031440 SUSE bug 1031481 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. Moderate CVE-2017-7299 SUSE bug 1030295 SUSE bug 1031644 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. Moderate CVE-2017-7300 SUSE bug 1030295 SUSE bug 1031656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. Moderate CVE-2017-7301 SUSE bug 1030295 SUSE bug 1031638 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. Moderate CVE-2017-7302 SUSE bug 1030295 SUSE bug 1031595 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. Moderate CVE-2017-7303 SUSE bug 1030295 SUSE bug 1031593 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. Moderate CVE-2017-7304 SUSE bug 1030295 SUSE bug 1031590 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. Moderate CVE-2017-7308 SUSE bug 1027179 SUSE bug 1031579 SUSE bug 1031660 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Low CVE-2017-7319 SUSE bug 1033438 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. Moderate CVE-2017-7346 SUSE bug 1031796 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. Moderate CVE-2017-7374 SUSE bug 1027179 SUSE bug 1032006 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). Moderate CVE-2017-7375 SUSE bug 1044894 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. Moderate CVE-2017-7376 SUSE bug 1044887 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. Moderate CVE-2017-7377 SUSE bug 1032075 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. Low CVE-2017-7392 SUSE bug 1031886 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. Moderate CVE-2017-7393 SUSE bug 1031875 SUSE bug 1031879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. Moderate CVE-2017-7394 SUSE bug 1031879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. Moderate CVE-2017-7395 SUSE bug 1031877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. Low CVE-2017-7396 SUSE bug 1031886 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. Moderate CVE-2017-7400 SUSE bug 1032322 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. Moderate CVE-2017-7407 SUSE bug 1032309 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. Important CVE-2017-7435 SUSE bug 1009127 SUSE bug 1038984 SUSE bug 1045735 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. Important CVE-2017-7436 SUSE bug 1008325 SUSE bug 1009127 SUSE bug 1038984 SUSE bug 1045735 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Important CVE-2017-7466 SUSE bug 1019021 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. Moderate CVE-2017-7467 SUSE bug 1033783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range. Moderate CVE-2017-7468 SUSE bug 1033413 SUSE bug 1033442 SUSE bug 1042181 SUSE bug 991389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. Moderate CVE-2017-7471 SUSE bug 1034866 SUSE bug 1034990 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. Moderate CVE-2017-7475 SUSE bug 1036789 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. Moderate CVE-2017-7476 SUSE bug 1036636 SUSE bug 1037124 SUSE bug 1037125 SUSE bug 1037142 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. Important CVE-2017-7477 SUSE bug 1035823 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. Important CVE-2017-7478 SUSE bug 1038709 SUSE bug 1038713 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. Moderate CVE-2017-7479 SUSE bug 1038711 SUSE bug 1038713 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Moderate CVE-2017-7481 SUSE bug 1038785 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. Moderate CVE-2017-7482 SUSE bug 1046107 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. Moderate CVE-2017-7484 SUSE bug 1037603 SUSE bug 1051015 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. Moderate CVE-2017-7485 SUSE bug 1038293 SUSE bug 1051015 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. Moderate CVE-2017-7486 SUSE bug 1037624 SUSE bug 1051015 SUSE bug 1051685 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. Moderate CVE-2017-7487 SUSE bug 1038879 SUSE bug 1038883 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 870618 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. Important CVE-2017-7493 SUSE bug 1039495 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Important CVE-2017-7494 SUSE bug 1038231 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. Moderate CVE-2017-7495 SUSE bug 1039010 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. Moderate CVE-2017-7500 SUSE bug 1126909 SUSE bug 1135195 SUSE bug 1157882 SUSE bug 1157883 SUSE bug 943457 SUSE bug 964063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. Moderate CVE-2017-7501 SUSE bug 1119217 SUSE bug 1126909 SUSE bug 1135195 SUSE bug 1157882 SUSE bug 1157883 SUSE bug 943457 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. Important CVE-2017-7506 SUSE bug 1046779 SUSE bug 1047730 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. Important CVE-2017-7507 SUSE bug 1043398 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. Important CVE-2017-7508 SUSE bug 1044947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. Low CVE-2017-7511 SUSE bug 1041783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. Low CVE-2017-7515 SUSE bug 1043088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2017-7516 SUSE bug 1077990 SUSE bug 913677 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. Moderate CVE-2017-7518 SUSE bug 1045922 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. Important CVE-2017-7520 SUSE bug 1044947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). Important CVE-2017-7521 SUSE bug 1044947 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. Low CVE-2017-7526 SUSE bug 1046607 SUSE bug 1047462 SUSE bug 1123792 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. Moderate CVE-2017-7533 SUSE bug 1049483 SUSE bug 1050677 SUSE bug 1050751 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. Moderate CVE-2017-7541 SUSE bug 1049645 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. Moderate CVE-2017-7542 SUSE bug 1049882 SUSE bug 1061936 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. Moderate CVE-2017-7543 SUSE bug 1052914 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. Low CVE-2017-7544 SUSE bug 1059893 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. Moderate CVE-2017-7546 SUSE bug 1051684 SUSE bug 1054365 SUSE bug 1140876 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. Moderate CVE-2017-7547 SUSE bug 1051685 SUSE bug 1054365 SUSE bug 1140876 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. Important CVE-2017-7548 SUSE bug 1053259 SUSE bug 1054365 SUSE bug 1140876 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation. Important CVE-2017-7550 SUSE bug 1035124 SUSE bug 1065872 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. Moderate CVE-2017-7555 SUSE bug 1054171 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. Moderate CVE-2017-7558 SUSE bug 1053919 SUSE bug 1055300 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. Moderate CVE-2017-7585 SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. Moderate CVE-2017-7586 SUSE bug 1033053 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7592 SUSE bug 1033131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. Moderate CVE-2017-7593 SUSE bug 1033129 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. Moderate CVE-2017-7594 SUSE bug 1033128 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. Moderate CVE-2017-7595 SUSE bug 1033111 SUSE bug 1033127 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7596 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7597 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. Moderate CVE-2017-7598 SUSE bug 1033118 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7599 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7600 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033120 SUSE bug 1033126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7601 SUSE bug 1033111 SUSE bug 1033127 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7602 SUSE bug 1033109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Moderate CVE-2017-7606 SUSE bug 1033091 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-7607 SUSE bug 1033084 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-7608 SUSE bug 1033085 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. Moderate CVE-2017-7609 SUSE bug 1033086 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-7610 SUSE bug 1033087 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-7611 SUSE bug 1033088 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Moderate CVE-2017-7612 SUSE bug 1033089 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. Moderate CVE-2017-7613 SUSE bug 1033090 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. Moderate CVE-2017-7614 SUSE bug 1033122 SUSE bug 1105209 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. Moderate CVE-2017-7616 SUSE bug 1033336 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. Moderate CVE-2017-7618 SUSE bug 1033340 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. Moderate CVE-2017-7619 SUSE bug 1033361 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. Low CVE-2017-7659 SUSE bug 1045160 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Moderate CVE-2017-7668 SUSE bug 1045061 SUSE bug 1078450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. Moderate CVE-2017-7674 SUSE bug 1053352 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. Moderate CVE-2017-7675 SUSE bug 1053357 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Moderate CVE-2017-7679 SUSE bug 1045060 SUSE bug 1057861 SUSE bug 1078450 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. Moderate CVE-2017-7697 SUSE bug 1033564 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. Important CVE-2017-7700 SUSE bug 1033936 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. Moderate CVE-2017-7701 SUSE bug 1033937 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. Important CVE-2017-7702 SUSE bug 1033938 SUSE bug 1049255 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. Moderate CVE-2017-7703 SUSE bug 1033939 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. Important CVE-2017-7704 SUSE bug 1033940 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. Important CVE-2017-7705 SUSE bug 1033941 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. Moderate CVE-2017-7718 SUSE bug 1034908 SUSE bug 1034994 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Moderate CVE-2017-7741 SUSE bug 1033054 SUSE bug 1033915 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. Moderate CVE-2017-7742 SUSE bug 1033054 SUSE bug 1033914 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. Important CVE-2017-7745 SUSE bug 1033942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. Important CVE-2017-7746 SUSE bug 1033943 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. Moderate CVE-2017-7747 SUSE bug 1033944 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. Moderate CVE-2017-7748 SUSE bug 1033945 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7749 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7750 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7751 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7752 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7753 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7754 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7755 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7756 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7757 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7758 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. Important CVE-2017-7761 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7763 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7764 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7765 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. Important CVE-2017-7768 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Important CVE-2017-7778 SUSE bug 1043960 SUSE bug 1044239 SUSE bug 1044240 SUSE bug 1044241 SUSE bug 1044242 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7779 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Moderate CVE-2017-7782 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7784 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7785 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7786 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7787 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. Moderate CVE-2017-7789 SUSE bug 1047281 SUSE bug 1052829 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7791 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7792 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7793 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. Important CVE-2017-7798 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7800 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7801 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7802 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7803 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Moderate CVE-2017-7804 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7805 SUSE bug 1060445 SUSE bug 1061005 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Important CVE-2017-7807 SUSE bug 1052829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7810 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7814 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7818 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7819 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7823 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7824 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Important CVE-2017-7825 SUSE bug 1060445 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Important CVE-2017-7826 SUSE bug 1068101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Important CVE-2017-7828 SUSE bug 1068101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Important CVE-2017-7830 SUSE bug 1068101 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. Moderate CVE-2017-7844 SUSE bug 1072034 SUSE bug 1072036 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. Critical CVE-2017-7845 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Moderate CVE-2017-7857 SUSE bug 1034189 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Moderate CVE-2017-7858 SUSE bug 1034186 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. Critical CVE-2017-7864 SUSE bug 1034178 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. Moderate CVE-2017-7867 SUSE bug 1034678 SUSE bug 1123121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. Important CVE-2017-7868 SUSE bug 1034674 SUSE bug 1123121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. Moderate CVE-2017-7869 SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1149679 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Important CVE-2017-7874 SUSE bug 1034330 SUSE bug 493158 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. Moderate CVE-2017-7889 SUSE bug 1034405 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. Moderate CVE-2017-7941 SUSE bug 1034876 SUSE bug 1126909 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. Moderate CVE-2017-7942 SUSE bug 1034872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. Moderate CVE-2017-7943 SUSE bug 1034870 SUSE bug 1036985 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. Moderate CVE-2017-7948 SUSE bug 1035036 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. Moderate CVE-2017-7960 SUSE bug 1034481 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components." Low CVE-2017-7961 SUSE bug 1034482 SUSE bug 1132069 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. Moderate CVE-2017-7979 SUSE bug 1035107 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Moderate CVE-2017-7980 SUSE bug 1035406 SUSE bug 1035483 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. Moderate CVE-2017-7982 SUSE bug 1035312 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. Moderate CVE-2017-7995 SUSE bug 1033948 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Low CVE-2017-8061 SUSE bug 1035693 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Moderate CVE-2017-8062 SUSE bug 1035691 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Low CVE-2017-8063 SUSE bug 1035689 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Moderate CVE-2017-8064 SUSE bug 1035681 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Moderate CVE-2017-8065 SUSE bug 1035673 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Low CVE-2017-8066 SUSE bug 1035672 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Moderate CVE-2017-8067 SUSE bug 1035670 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Moderate CVE-2017-8068 SUSE bug 1035669 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Low CVE-2017-8069 SUSE bug 1035668 SUSE bug 1138468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. Moderate CVE-2017-8070 SUSE bug 1035658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. Moderate CVE-2017-8071 SUSE bug 1035667 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors. Moderate CVE-2017-8072 SUSE bug 1035649 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. Moderate CVE-2017-8086 SUSE bug 1035950 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Moderate CVE-2017-8105 SUSE bug 1034186 SUSE bug 1035807 SUSE bug 1036457 SUSE bug 1079459 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer. Moderate CVE-2017-8106 SUSE bug 1035877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. Low CVE-2017-8112 SUSE bug 1036211 SUSE bug 1036470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. Moderate CVE-2017-8287 SUSE bug 1034186 SUSE bug 1035807 SUSE bug 1036457 SUSE bug 1079459 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. Moderate CVE-2017-8288 SUSE bug 1036494 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Important CVE-2017-8291 SUSE bug 1036453 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. Low CVE-2017-8309 SUSE bug 1037242 SUSE bug 1037243 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8343 SUSE bug 1036977 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8344 SUSE bug 1036978 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8345 SUSE bug 1036980 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8346 SUSE bug 1036981 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8347 SUSE bug 1036982 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8348 SUSE bug 1036983 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8349 SUSE bug 1036984 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8350 SUSE bug 1036985 SUSE bug 1053919 SUSE bug 1126909 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8351 SUSE bug 1036986 SUSE bug 1126909 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8352 SUSE bug 1036987 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8353 SUSE bug 1036988 SUSE bug 1055010 SUSE bug 1126909 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8354 SUSE bug 1036989 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8355 SUSE bug 1036990 SUSE bug 1126909 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8356 SUSE bug 1036991 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8357 SUSE bug 1036976 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. Moderate CVE-2017-8361 SUSE bug 1036944 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. Moderate CVE-2017-8362 SUSE bug 1036943 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Moderate CVE-2017-8363 SUSE bug 1036945 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. Moderate CVE-2017-8365 SUSE bug 1036946 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. Low CVE-2017-8379 SUSE bug 1037334 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. Low CVE-2017-8380 SUSE bug 1037336 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. Moderate CVE-2017-8386 SUSE bug 1038395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. Moderate CVE-2017-8392 SUSE bug 1037052 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. Moderate CVE-2017-8393 SUSE bug 1037057 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. Moderate CVE-2017-8394 SUSE bug 1037061 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. Moderate CVE-2017-8395 SUSE bug 1037062 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. Moderate CVE-2017-8396 SUSE bug 1037066 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. Moderate CVE-2017-8397 SUSE bug 1037070 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. Moderate CVE-2017-8398 SUSE bug 1037072 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. Moderate CVE-2017-8421 SUSE bug 1037273 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. Important CVE-2017-8422 SUSE bug 1033300 SUSE bug 1036244 SUSE bug 1041511 SUSE bug 749065 SUSE bug 869959 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. Moderate CVE-2017-8439 SUSE bug 1075545 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Moderate CVE-2017-8440 SUSE bug 1075545 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs. Moderate CVE-2017-8443 SUSE bug 1075538 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. Moderate CVE-2017-8452 SUSE bug 1044849 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. Moderate CVE-2017-8765 SUSE bug 1037527 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. Important CVE-2017-8779 SUSE bug 1037559 SUSE bug 1037930 SUSE bug 1101814 SUSE bug 798028 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. Important CVE-2017-8797 SUSE bug 1046202 SUSE bug 1046206 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references] Moderate CVE-2017-8804 SUSE bug 1037559 SUSE bug 1037930 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. Moderate CVE-2017-8816 SUSE bug 1069226 SUSE bug 1106019 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. Moderate CVE-2017-8817 SUSE bug 1069222 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. Important CVE-2017-8818 SUSE bug 1069714 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. Important CVE-2017-8824 SUSE bug 1070771 SUSE bug 1076734 SUSE bug 1092904 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-8830 SUSE bug 1038000 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. Moderate CVE-2017-8831 SUSE bug 1037994 SUSE bug 1061936 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. Low CVE-2017-8834 SUSE bug 1043898 SUSE bug 1043899 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. Low CVE-2017-8871 SUSE bug 1043898 SUSE bug 1043899 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. Moderate CVE-2017-8872 SUSE bug 1038444 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. Important CVE-2017-8890 SUSE bug 1038544 SUSE bug 1038564 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1042364 SUSE bug 1051906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. Important CVE-2017-8905 SUSE bug 1034845 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. Moderate CVE-2017-8908 SUSE bug 1038835 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. Moderate CVE-2017-8924 SUSE bug 1037182 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 870618 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. Moderate CVE-2017-8925 SUSE bug 1037183 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 870618 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. Moderate CVE-2017-9022 SUSE bug 1039514 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. Moderate CVE-2017-9023 SUSE bug 1039515 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. Low CVE-2017-9038 SUSE bug 1038874 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. Low CVE-2017-9039 SUSE bug 1038875 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. Low CVE-2017-9040 SUSE bug 1038876 SUSE bug 1038877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. Low CVE-2017-9041 SUSE bug 1038874 SUSE bug 1038877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. Moderate CVE-2017-9042 SUSE bug 1038878 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. Moderate CVE-2017-9043 SUSE bug 1038880 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. Low CVE-2017-9044 SUSE bug 1038881 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. Moderate CVE-2017-9047 SUSE bug 1039063 SUSE bug 1039066 SUSE bug 1039657 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. Moderate CVE-2017-9048 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. Important CVE-2017-9049 SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039659 SUSE bug 1039661 SUSE bug 1069690 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. Moderate CVE-2017-9050 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 SUSE bug 1069433 SUSE bug 1069690 SUSE bug 1123919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. Moderate CVE-2017-9059 SUSE bug 1039674 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands. Moderate CVE-2017-9060 SUSE bug 1039886 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Moderate CVE-2017-9074 SUSE bug 1039882 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Important CVE-2017-9075 SUSE bug 1038544 SUSE bug 1039883 SUSE bug 1051906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Important CVE-2017-9076 SUSE bug 1038544 SUSE bug 1039885 SUSE bug 1040069 SUSE bug 1051906 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. Important CVE-2017-9077 SUSE bug 1038544 SUSE bug 1040069 SUSE bug 1042364 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file. Low CVE-2017-9083 SUSE bug 1040170 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. Moderate CVE-2017-9098 SUSE bug 1040025 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. Important CVE-2017-9103 SUSE bug 1172265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. Important CVE-2017-9104 SUSE bug 1172265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. Important CVE-2017-9105 SUSE bug 1172265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type. Important CVE-2017-9106 SUSE bug 1172265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack. Important CVE-2017-9107 SUSE bug 1172265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte. Important CVE-2017-9108 SUSE bug 1172265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. Important CVE-2017-9109 SUSE bug 1172265 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. Moderate CVE-2017-9110 SUSE bug 1040107 SUSE bug 1040112 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. Moderate CVE-2017-9111 SUSE bug 1040109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. Moderate CVE-2017-9112 SUSE bug 1040112 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. Moderate CVE-2017-9113 SUSE bug 1040113 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. Moderate CVE-2017-9114 SUSE bug 1040114 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. Moderate CVE-2017-9115 SUSE bug 1040115 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. Moderate CVE-2017-9116 SUSE bug 1040116 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. Moderate CVE-2017-9122 SUSE bug 1044000 SUSE bug 1044002 SUSE bug 1044006 SUSE bug 1044008 SUSE bug 1044009 SUSE bug 1044077 SUSE bug 1044122 SUSE bug 1051855 SUSE bug 1051859 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. Low CVE-2017-9123 SUSE bug 1044009 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. Low CVE-2017-9124 SUSE bug 1044008 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. Moderate CVE-2017-9125 SUSE bug 1044122 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. Low CVE-2017-9126 SUSE bug 1044006 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. Low CVE-2017-9127 SUSE bug 1044002 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. Low CVE-2017-9128 SUSE bug 1044000 SUSE bug 1044002 SUSE bug 1044006 SUSE bug 1044008 SUSE bug 1044009 SUSE bug 1044077 SUSE bug 1044122 SUSE bug 1051855 SUSE bug 1051859 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. Moderate CVE-2017-9141 SUSE bug 1040303 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. Moderate CVE-2017-9142 SUSE bug 1036985 SUSE bug 1040304 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. Moderate CVE-2017-9143 SUSE bug 1040306 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. Moderate CVE-2017-9144 SUSE bug 1040332 SUSE bug 1048936 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. Moderate CVE-2017-9148 SUSE bug 1041445 SUSE bug 1046141 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. Moderate CVE-2017-9150 SUSE bug 1040279 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. Moderate CVE-2017-9208 SUSE bug 1040311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. Moderate CVE-2017-9209 SUSE bug 1040312 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. Moderate CVE-2017-9210 SUSE bug 1040313 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. Moderate CVE-2017-9211 SUSE bug 1040389 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. Moderate CVE-2017-9214 SUSE bug 1040543 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. Moderate CVE-2017-9216 SUSE bug 1040643 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. Moderate CVE-2017-9217 SUSE bug 1040614 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. Moderate CVE-2017-9225 SUSE bug 1040890 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. Moderate CVE-2017-9228 SUSE bug 1068376 SUSE bug 1069606 SUSE bug 1069607 SUSE bug 1076391 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Moderate CVE-2017-9229 SUSE bug 1068376 SUSE bug 1069631 SUSE bug 1069632 SUSE bug 1076391 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. Moderate CVE-2017-9233 SUSE bug 1030296 SUSE bug 1047236 SUSE bug 1073350 SUSE bug 1123115 SUSE bug 983216 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. Low CVE-2017-9239 SUSE bug 1040973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. Moderate CVE-2017-9242 SUSE bug 1041431 SUSE bug 1042892 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-9261 SUSE bug 1043354 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-9262 SUSE bug 1043353 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. Moderate CVE-2017-9263 SUSE bug 1041470 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. Moderate CVE-2017-9265 SUSE bug 1041447 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content. Important CVE-2017-9269 SUSE bug 1038984 SUSE bug 1045735 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. Moderate CVE-2017-9271 SUSE bug 1050625 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. Moderate CVE-2017-9287 SUSE bug 1041764 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. Low CVE-2017-9330 SUSE bug 1042159 SUSE bug 1042160 SUSE bug 1043157 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. Moderate CVE-2017-9343 SUSE bug 1042309 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 SUSE bug 1077080 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. Moderate CVE-2017-9344 SUSE bug 1042298 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. Moderate CVE-2017-9345 SUSE bug 1042300 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. Moderate CVE-2017-9346 SUSE bug 1042301 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. Moderate CVE-2017-9347 SUSE bug 1042308 SUSE bug 1042324 SUSE bug 1042330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. Moderate CVE-2017-9348 SUSE bug 1042303 SUSE bug 1042324 SUSE bug 1042330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. Moderate CVE-2017-9349 SUSE bug 1042305 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. Moderate CVE-2017-9350 SUSE bug 1042299 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 SUSE bug 1049255 SUSE bug 1049621 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. Moderate CVE-2017-9351 SUSE bug 1042302 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. Moderate CVE-2017-9352 SUSE bug 1042304 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. Moderate CVE-2017-9353 SUSE bug 1042306 SUSE bug 1042324 SUSE bug 1042330 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. Moderate CVE-2017-9354 SUSE bug 1042307 SUSE bug 1042324 SUSE bug 1042330 SUSE bug 1042331 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. Low CVE-2017-9373 SUSE bug 1042801 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device. Low CVE-2017-9374 SUSE bug 1043073 SUSE bug 1043074 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. Low CVE-2017-9375 SUSE bug 1042800 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. Low CVE-2017-9403 SUSE bug 1042805 SUSE bug 1045688 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. Low CVE-2017-9404 SUSE bug 1042804 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-9405 SUSE bug 1042911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. Low CVE-2017-9406 SUSE bug 1042803 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. Moderate CVE-2017-9407 SUSE bug 1042824 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. Low CVE-2017-9408 SUSE bug 1042802 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. Low CVE-2017-9409 SUSE bug 1042948 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-9439 SUSE bug 1042826 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-9440 SUSE bug 1042812 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. Moderate CVE-2017-9445 SUSE bug 1045290 SUSE bug 1063249 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-9499 SUSE bug 1043291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-9500 SUSE bug 1043290 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. Moderate CVE-2017-9501 SUSE bug 1043289 SUSE bug 1053919 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). Important CVE-2017-9502 SUSE bug 1044243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. Low CVE-2017-9503 SUSE bug 1043296 SUSE bug 1043297 SUSE bug 1043312 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. Moderate CVE-2017-9524 SUSE bug 1043808 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. Moderate CVE-2017-9526 SUSE bug 1042326 SUSE bug 1043777 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Important CVE-2017-9611 SUSE bug 1050893 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. Important CVE-2017-9612 SUSE bug 1050891 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. Moderate CVE-2017-9617 SUSE bug 1044417 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file. Moderate CVE-2017-9670 SUSE bug 1044638 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. Low CVE-2017-9725 SUSE bug 1057481 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Important CVE-2017-9726 SUSE bug 1050889 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Important CVE-2017-9727 SUSE bug 1050888 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Important CVE-2017-9739 SUSE bug 1050887 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9742 SUSE bug 1044867 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9743 SUSE bug 1044870 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9744 SUSE bug 1044872 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9745 SUSE bug 1044885 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. Moderate CVE-2017-9746 SUSE bug 1030296 SUSE bug 1044891 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. Moderate CVE-2017-9747 SUSE bug 1030296 SUSE bug 1044897 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. Moderate CVE-2017-9748 SUSE bug 1030296 SUSE bug 1044901 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9749 SUSE bug 1044905 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9750 SUSE bug 1030296 SUSE bug 1044909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9751 SUSE bug 1044911 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution. Moderate CVE-2017-9752 SUSE bug 1044920 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9753 SUSE bug 1044921 SUSE bug 1044923 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Low CVE-2017-9754 SUSE bug 1044923 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Low CVE-2017-9755 SUSE bug 1030296 SUSE bug 1044925 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Moderate CVE-2017-9756 SUSE bug 1030296 SUSE bug 1044927 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. Moderate CVE-2017-9766 SUSE bug 1045341 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. Moderate CVE-2017-9775 SUSE bug 1045719 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. Moderate CVE-2017-9776 SUSE bug 1045721 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Moderate CVE-2017-9788 SUSE bug 1048576 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. Moderate CVE-2017-9789 SUSE bug 1048575 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. Moderate CVE-2017-9798 SUSE bug 1058058 SUSE bug 1060757 SUSE bug 1077582 SUSE bug 1078450 SUSE bug 1089997 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised. Moderate CVE-2017-9799 SUSE bug 1059463 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. Low CVE-2017-9831 SUSE bug 1045916 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. Low CVE-2017-9832 SUSE bug 1045917 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. Important CVE-2017-9835 SUSE bug 1050879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. Moderate CVE-2017-9865 SUSE bug 1045939 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. Moderate CVE-2017-9935 SUSE bug 1046077 SUSE bug 1074318 SUSE bug 1108606 SUSE bug 1110358 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. Moderate CVE-2017-9936 SUSE bug 1046073 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705. Moderate CVE-2017-9951 SUSE bug 1007870 SUSE bug 1056865 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. Low CVE-2017-9954 SUSE bug 1052061 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. Moderate CVE-2017-9955 SUSE bug 1046094 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. Moderate CVE-2017-9984 SUSE bug 1046599 SUSE bug 1087082 SUSE bug 187396 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. Moderate CVE-2017-9985 SUSE bug 1046601 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. Moderate CVE-2017-9986 SUSE bug 1046600 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400. Moderate CVE-2018-0202 SUSE bug 1083915 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. Important CVE-2018-0360 SUSE bug 1101410 SUSE bug 1103091 SUSE bug 1103092 SUSE bug 1103099 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. Moderate CVE-2018-0361 SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1103091 SUSE bug 1103092 SUSE bug 1103099 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. Important CVE-2018-0486 SUSE bug 1075975 SUSE bug 1083247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. Moderate CVE-2018-0489 SUSE bug 1083247 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Moderate CVE-2018-0495 SUSE bug 1097410 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. Important CVE-2018-0502 SUSE bug 1107296 SUSE bug 1194009 SUSE bug 1194012 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Moderate CVE-2018-0618 SUSE bug 1099510 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). Important CVE-2018-0732 SUSE bug 1077628 SUSE bug 1097158 SUSE bug 1099502 SUSE bug 1106692 SUSE bug 1108542 SUSE bug 1110163 SUSE bug 1112097 SUSE bug 1122198 SUSE bug 1148697 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Moderate CVE-2018-0733 SUSE bug 1087106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). Moderate CVE-2018-0734 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 SUSE bug 1122198 SUSE bug 1122212 SUSE bug 1126909 SUSE bug 1148697 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Moderate CVE-2018-0735 SUSE bug 1113534 SUSE bug 1113651 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). Moderate CVE-2018-0737 SUSE bug 1089039 SUSE bug 1089041 SUSE bug 1089044 SUSE bug 1089045 SUSE bug 1108542 SUSE bug 1123780 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). Important CVE-2018-0739 SUSE bug 1087102 SUSE bug 1089997 SUSE bug 1108542 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Important CVE-2018-1000001 SUSE bug 1074293 SUSE bug 1099047 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. Moderate CVE-2018-1000004 SUSE bug 1076017 SUSE bug 1091815 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. Moderate CVE-2018-1000005 SUSE bug 1076360 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. Moderate CVE-2018-1000007 SUSE bug 1077001 SUSE bug 1145903 SUSE bug 1185551 SUSE bug 1192797 SUSE bug 1198766 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. Moderate CVE-2018-1000024 SUSE bug 1077003 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. Important CVE-2018-1000026 SUSE bug 1079384 SUSE bug 1087082 SUSE bug 1096723 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. Moderate CVE-2018-1000027 SUSE bug 1077006 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Moderate CVE-2018-1000031 SUSE bug 1076531 SUSE bug 1080075 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Important CVE-2018-1000032 SUSE bug 1076531 SUSE bug 1080076 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Low CVE-2018-1000033 SUSE bug 1076531 SUSE bug 1080077 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. Low CVE-2018-1000034 SUSE bug 1076531 SUSE bug 1080079 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. Important CVE-2018-1000035 SUSE bug 1076531 SUSE bug 1080074 SUSE bug 1149684 SUSE bug 1159417 SUSE bug 1196768 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. Moderate CVE-2018-1000073 SUSE bug 1082007 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. Important CVE-2018-1000074 SUSE bug 1082008 SUSE bug 1175764 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. Low CVE-2018-1000075 SUSE bug 1082014 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. Moderate CVE-2018-1000076 SUSE bug 1082009 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. Moderate CVE-2018-1000077 SUSE bug 1082010 SUSE bug 1183937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. Moderate CVE-2018-1000078 SUSE bug 1082011 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. Moderate CVE-2018-1000079 SUSE bug 1082058 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. Moderate CVE-2018-1000085 SUSE bug 1082858 SUSE bug 1083915 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. Moderate CVE-2018-1000097 SUSE bug 1085004 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. Moderate CVE-2018-1000115 SUSE bug 1083903 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. Moderate CVE-2018-1000120 SUSE bug 1084521 SUSE bug 1101811 SUSE bug 1112526 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service Moderate CVE-2018-1000121 SUSE bug 1084524 SUSE bug 1085215 SUSE bug 1101811 SUSE bug 1112526 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage Moderate CVE-2018-1000122 SUSE bug 1084532 SUSE bug 1101811 SUSE bug 1112526 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. Moderate CVE-2018-1000127 SUSE bug 1085209 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. Moderate CVE-2018-1000135 SUSE bug 1086263 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. Critical CVE-2018-1000140 SUSE bug 1086730 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. Moderate CVE-2018-1000156 SUSE bug 1088420 SUSE bug 1093615 SUSE bug 1101128 SUSE bug 1142513 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. Moderate CVE-2018-1000161 SUSE bug 1088608 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. Moderate CVE-2018-1000168 SUSE bug 1088639 SUSE bug 1097401 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. Important CVE-2018-1000199 SUSE bug 1089895 SUSE bug 1090036 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked). Moderate CVE-2018-1000200 SUSE bug 1087082 SUSE bug 1090150 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. Moderate CVE-2018-1000201 SUSE bug 1122119 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit." Moderate CVE-2018-1000204 SUSE bug 1096728 SUSE bug 1105412 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. Important CVE-2018-1000300 SUSE bug 1092094 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. Moderate CVE-2018-1000301 SUSE bug 1092098 SUSE bug 1122464 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. Moderate CVE-2018-1000654 SUSE bug 1105435 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. Moderate CVE-2018-1000802 SUSE bug 1109663 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. Critical CVE-2018-1000805 SUSE bug 1111151 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. Important CVE-2018-1000807 SUSE bug 1111634 SUSE bug 1111635 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. Moderate CVE-2018-1000808 SUSE bug 1111634 SUSE bug 1111635 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.. Moderate CVE-2018-1000816 SUSE bug 1120791 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0. Important CVE-2018-1000872 SUSE bug 1120767 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. Moderate CVE-2018-1000876 SUSE bug 1120640 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. Moderate CVE-2018-1000877 SUSE bug 1120653 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. Moderate CVE-2018-1000878 SUSE bug 1120654 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. Moderate CVE-2018-1000880 SUSE bug 1120659 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval. Moderate CVE-2018-10074 SUSE bug 1089674 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. Moderate CVE-2018-10087 SUSE bug 1087082 SUSE bug 1089608 SUSE bug 1091815 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. Important CVE-2018-10115 SUSE bug 1091758 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. Moderate CVE-2018-10124 SUSE bug 1087082 SUSE bug 1089752 SUSE bug 1091815 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. Low CVE-2018-10126 SUSE bug 1090496 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. Moderate CVE-2018-10177 SUSE bug 1089781 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. Important CVE-2018-10194 SUSE bug 1090099 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. Moderate CVE-2018-10195 SUSE bug 1090051 SUSE bug 1149678 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file. Low CVE-2018-10196 SUSE bug 1093447 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. Moderate CVE-2018-10322 SUSE bug 1087082 SUSE bug 1090749 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. Moderate CVE-2018-10323 SUSE bug 1087082 SUSE bug 1090717 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. Low CVE-2018-10372 SUSE bug 1091015 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. Low CVE-2018-10373 SUSE bug 1090997 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. Moderate CVE-2018-10392 SUSE bug 1091070 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. Moderate CVE-2018-10393 SUSE bug 1091072 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. Moderate CVE-2018-10471 SUSE bug 1089635 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. Moderate CVE-2018-10472 SUSE bug 1089152 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. Moderate CVE-2018-1049 SUSE bug 1076308 SUSE bug 1140475 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. Moderate CVE-2018-1050 SUSE bug 1081741 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. Moderate CVE-2018-1052 SUSE bug 1077983 SUSE bug 1080253 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. Moderate CVE-2018-1053 SUSE bug 1077983 SUSE bug 1185814 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. Moderate CVE-2018-10534 SUSE bug 1091368 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. Moderate CVE-2018-10535 SUSE bug 1091365 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. Important CVE-2018-10536 SUSE bug 1091344 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. Important CVE-2018-10537 SUSE bug 1091343 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. Moderate CVE-2018-10538 SUSE bug 1091342 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. Moderate CVE-2018-10539 SUSE bug 1091341 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. Moderate CVE-2018-10540 SUSE bug 1091340 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). Important CVE-2018-1057 SUSE bug 1081024 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. Moderate CVE-2018-1058 SUSE bug 1081925 SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1185814 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. Moderate CVE-2018-1063 SUSE bug 1083624 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. Moderate CVE-2018-1064 SUSE bug 1076500 SUSE bug 1083625 SUSE bug 1087887 SUSE bug 1088147 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. Moderate CVE-2018-1065 SUSE bug 1083650 SUSE bug 1087082 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. Moderate CVE-2018-1066 SUSE bug 1083640 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-LTSS A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. Important CVE-2018-1068 SUSE bug 1085107 SUSE bug 1085114 SUSE bug 1087082 SUSE bug 1123903 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. Moderate CVE-2018-10733 SUSE bug 1092125 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. Moderate CVE-2018-10767 SUSE bug 1092123 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. Low CVE-2018-10772 SUSE bug 1092096 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. Low CVE-2018-10779 SUSE bug 1092480 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read. Low CVE-2018-10780 SUSE bug 1092475 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. Moderate CVE-2018-10804 SUSE bug 1095813 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Low CVE-2018-10805 SUSE bug 1095812 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. Important CVE-2018-10811 SUSE bug 1093536 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. Moderate CVE-2018-1083 SUSE bug 1087026 SUSE bug 1189668 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. Moderate CVE-2018-10839 SUSE bug 1110910 SUSE bug 1110924 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. Moderate CVE-2018-10844 SUSE bug 1105437 SUSE bug 1105459 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. Moderate CVE-2018-10845 SUSE bug 1105437 SUSE bug 1105459 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. Moderate CVE-2018-10846 SUSE bug 1105460 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. Moderate CVE-2018-10852 SUSE bug 1098377 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. Important CVE-2018-10853 SUSE bug 1097104 SUSE bug 1097108 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. Moderate CVE-2018-10855 SUSE bug 1097775 SUSE bug 1099808 SUSE bug 1109957 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. Moderate CVE-2018-10858 SUSE bug 1103411 SUSE bug 1110943 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. Moderate CVE-2018-1087 SUSE bug 1087088 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. Important CVE-2018-10873 SUSE bug 1104448 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. Moderate CVE-2018-10874 SUSE bug 1097775 SUSE bug 1099805 SUSE bug 1099808 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. Low CVE-2018-10876 SUSE bug 1099811 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. Moderate CVE-2018-10877 SUSE bug 1087082 SUSE bug 1099846 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. Moderate CVE-2018-10878 SUSE bug 1087082 SUSE bug 1099813 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. Moderate CVE-2018-10879 SUSE bug 1087082 SUSE bug 1099844 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. Moderate CVE-2018-10880 SUSE bug 1087082 SUSE bug 1099845 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Moderate CVE-2018-10881 SUSE bug 1087082 SUSE bug 1099864 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. Moderate CVE-2018-10882 SUSE bug 1087082 SUSE bug 1099849 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Moderate CVE-2018-10883 SUSE bug 1087082 SUSE bug 1099863 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. Moderate CVE-2018-10893 SUSE bug 1101295 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. Important CVE-2018-10902 SUSE bug 1105322 SUSE bug 1105323 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. Important CVE-2018-10903 SUSE bug 1101820 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. Moderate CVE-2018-1091 SUSE bug 1087231 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. Important CVE-2018-10915 SUSE bug 1104199 SUSE bug 1140876 SUSE bug 1185814 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Moderate CVE-2018-1092 SUSE bug 1087012 SUSE bug 1087082 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. Important CVE-2018-10925 SUSE bug 1104202 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. Moderate CVE-2018-1093 SUSE bug 1087082 SUSE bug 1087095 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw. Important CVE-2018-10938 SUSE bug 1106016 SUSE bug 1106191 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. Moderate CVE-2018-1094 SUSE bug 1087007 SUSE bug 1087082 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. Moderate CVE-2018-10940 SUSE bug 1087082 SUSE bug 1092903 SUSE bug 1107689 SUSE bug 1113751 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. Moderate CVE-2018-1095 SUSE bug 1087004 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. Moderate CVE-2018-10963 SUSE bug 1092949 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. Moderate CVE-2018-10981 SUSE bug 1090823 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. Important CVE-2018-10982 SUSE bug 1090822 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. Low CVE-2018-10998 SUSE bug 1093095 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. Important CVE-2018-1100 SUSE bug 1089030 SUSE bug 1189668 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. Moderate CVE-2018-11037 SUSE bug 1093475 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. Moderate CVE-2018-1106 SUSE bug 1086936 SUSE bug 1123722 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. Moderate CVE-2018-1108 SUSE bug 1087082 SUSE bug 1090818 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. Important CVE-2018-1111 SUSE bug 1093364 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. Moderate CVE-2018-1115 SUSE bug 1091610 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. Moderate CVE-2018-1118 SUSE bug 1087082 SUSE bug 1092472 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10184. Reason: This candidate is a reservation duplicate of CVE-2018-10184. Notes: All CVE users should reference CVE-2018-10184 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2018-1119 SUSE bug 1089837 SUSE bug 1092260 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). Moderate CVE-2018-1120 SUSE bug 1087082 SUSE bug 1092100 SUSE bug 1093158 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. Low CVE-2018-11212 SUSE bug 1122299 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. Moderate CVE-2018-1122 SUSE bug 1087082 SUSE bug 1092100 SUSE bug 1093158 SUSE bug 1123135 SUSE bug 1126909 SUSE bug 1128955 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). Moderate CVE-2018-1123 SUSE bug 1087082 SUSE bug 1092100 SUSE bug 1093158 SUSE bug 1123135 SUSE bug 1126909 SUSE bug 1128955 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. Moderate CVE-2018-11232 SUSE bug 1093846 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Moderate CVE-2018-11233 SUSE bug 1095218 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. Important CVE-2018-11235 SUSE bug 1095219 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. Important CVE-2018-11236 SUSE bug 1094161 SUSE bug 1118435 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. Moderate CVE-2018-11237 SUSE bug 1092877 SUSE bug 1094154 SUSE bug 1118435 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. Moderate CVE-2018-1124 SUSE bug 1087082 SUSE bug 1092100 SUSE bug 1093158 SUSE bug 1123135 SUSE bug 1126909 SUSE bug 1128955 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. Moderate CVE-2018-1125 SUSE bug 1087082 SUSE bug 1092100 SUSE bug 1093158 SUSE bug 1123135 SUSE bug 1126909 SUSE bug 1128955 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. Moderate CVE-2018-1126 SUSE bug 1087082 SUSE bug 1092100 SUSE bug 1093158 SUSE bug 1123135 SUSE bug 1126909 SUSE bug 1128955 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Important CVE-2018-1128 SUSE bug 1096748 SUSE bug 1114710 SUSE bug 1177843 SUSE bug 1177859 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. Important CVE-2018-1129 SUSE bug 1096748 SUSE bug 1114710 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. Moderate CVE-2018-1130 SUSE bug 1092904 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. Moderate CVE-2018-11354 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. Moderate CVE-2018-11355 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. Moderate CVE-2018-11356 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. Moderate CVE-2018-11357 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. Moderate CVE-2018-11358 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. Moderate CVE-2018-11359 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. Moderate CVE-2018-11360 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. Moderate CVE-2018-11361 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. Moderate CVE-2018-11362 SUSE bug 1094301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function. Moderate CVE-2018-11469 SUSE bug 1094846 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. Low CVE-2018-11624 SUSE bug 1096203 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. Low CVE-2018-11625 SUSE bug 1096200 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. Moderate CVE-2018-11627 SUSE bug 1095529 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088. Important CVE-2018-1172 SUSE bug 1090089 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Important CVE-2018-11763 SUSE bug 1109961 SUSE bug 1122212 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. Important CVE-2018-11779 SUSE bug 1143163 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places. Important CVE-2018-11805 SUSE bug 1118987 SUSE bug 1162197 SUSE bug 1162200 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. Moderate CVE-2018-11806 SUSE bug 1096223 SUSE bug 1096224 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. Moderate CVE-2018-11813 SUSE bug 1096209 SUSE bug 1172994 SUSE bug 1172995 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. Moderate CVE-2018-12015 SUSE bug 1096718 SUSE bug 1099497 SUSE bug 1099507 SUSE bug 1106717 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. Important CVE-2018-12020 SUSE bug 1096745 SUSE bug 1101134 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. Important CVE-2018-12086 SUSE bug 1111647 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Moderate CVE-2018-12099 SUSE bug 1096985 SUSE bug 1172450 SUSE bug 1174583 SUSE bug 1175951 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written. Important CVE-2018-12115 SUSE bug 1105019 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server. Moderate CVE-2018-12116 SUSE bug 1117630 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. Critical CVE-2018-12120 SUSE bug 1117625 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. Important CVE-2018-12121 SUSE bug 1117626 SUSE bug 1127532 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. Important CVE-2018-12122 SUSE bug 1117627 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. Moderate CVE-2018-12123 SUSE bug 1117629 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Moderate CVE-2018-12126 SUSE bug 1103186 SUSE bug 1111331 SUSE bug 1132686 SUSE bug 1135409 SUSE bug 1135524 SUSE bug 1137916 SUSE bug 1138534 SUSE bug 1141977 SUSE bug 1149725 SUSE bug 1149726 SUSE bug 1149729 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Moderate CVE-2018-12127 SUSE bug 1103186 SUSE bug 1111331 SUSE bug 1132686 SUSE bug 1135409 SUSE bug 1138534 SUSE bug 1141977 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Moderate CVE-2018-12130 SUSE bug 1103186 SUSE bug 1111331 SUSE bug 1132686 SUSE bug 1135409 SUSE bug 1137916 SUSE bug 1138534 SUSE bug 1141977 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Moderate CVE-2018-12207 SUSE bug 1117665 SUSE bug 1139073 SUSE bug 1152505 SUSE bug 1155812 SUSE bug 1155817 SUSE bug 1155945 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. Moderate CVE-2018-12232 SUSE bug 1087082 SUSE bug 1097593 SUSE bug 1125907 SUSE bug 1127757 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. Moderate CVE-2018-12327 SUSE bug 1098531 SUSE bug 1107887 SUSE bug 1111552 SUSE bug 1111853 SUSE bug 1155513 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-12359 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-12360 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-12362 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-12363 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-12364 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-12365 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-12366 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Moderate CVE-2018-12368 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Moderate CVE-2018-12376 SUSE bug 1107343 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Moderate CVE-2018-12377 SUSE bug 1107343 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Moderate CVE-2018-12378 SUSE bug 1107343 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. Moderate CVE-2018-12379 SUSE bug 1107343 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected.*. This vulnerability affects Firefox ESR < 60.2 and Firefox < 62. Moderate CVE-2018-12381 SUSE bug 1107343 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. Moderate CVE-2018-12383 SUSE bug 1107343 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. Moderate CVE-2018-12384 SUSE bug 1106873 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. Moderate CVE-2018-12385 SUSE bug 1109363 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Important CVE-2018-12386 SUSE bug 1110506 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Important CVE-2018-12387 SUSE bug 1110507 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. Important CVE-2018-12389 SUSE bug 1112852 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Important CVE-2018-12390 SUSE bug 1112852 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Important CVE-2018-12392 SUSE bug 1112852 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. Important CVE-2018-12393 SUSE bug 1112852 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Important CVE-2018-12395 SUSE bug 1112852 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Important CVE-2018-12396 SUSE bug 1112852 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. Important CVE-2018-12397 SUSE bug 1112852 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. Moderate CVE-2018-12404 SUSE bug 1119069 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Important CVE-2018-12405 SUSE bug 1112111 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. Important CVE-2018-12470 SUSE bug 1103810 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. Important CVE-2018-12471 SUSE bug 1103809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. Critical CVE-2018-12472 SUSE bug 1104076 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106. Important CVE-2018-12474 SUSE bug 1107507 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. Important CVE-2018-12539 SUSE bug 1101645 SUSE bug 1101656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. Moderate CVE-2018-12617 SUSE bug 1098735 SUSE bug 1098744 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster. Important CVE-2018-1279 SUSE bug 1119372 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. Important CVE-2018-1283 SUSE bug 1086814 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. Important CVE-2018-1288 SUSE bug 1102920 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability. Important CVE-2018-12891 SUSE bug 1097521 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line. Important CVE-2018-12892 SUSE bug 1097523 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. Important CVE-2018-12893 SUSE bug 1097522 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. Low CVE-2018-12896 SUSE bug 1099922 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Low CVE-2018-12910 SUSE bug 1100097 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17833. Reason: This candidate is a duplicate of CVE-2017-17833. Notes: All CVE users should reference CVE-2017-17833 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2018-12938 SUSE bug 1090638 SUSE bug 1099519 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. Important CVE-2018-1301 SUSE bug 1086817 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. Moderate CVE-2018-1302 SUSE bug 1086820 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. Important CVE-2018-1303 SUSE bug 1086813 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. Moderate CVE-2018-1304 SUSE bug 1082480 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Moderate CVE-2018-1305 SUSE bug 1082481 SUSE bug 1112097 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. Low CVE-2018-13053 SUSE bug 1099924 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. Moderate CVE-2018-13093 SUSE bug 1100001 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. Moderate CVE-2018-13094 SUSE bug 1087082 SUSE bug 1100000 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. Moderate CVE-2018-13095 SUSE bug 1099999 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. Moderate CVE-2018-1312 SUSE bug 1086775 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. Moderate CVE-2018-13139 SUSE bug 1100167 SUSE bug 1116993 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy. Moderate CVE-2018-1323 SUSE bug 1085220 SUSE bug 1114612 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. Important CVE-2018-13259 SUSE bug 1107294 SUSE bug 1194009 SUSE bug 1194012 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. Moderate CVE-2018-13405 SUSE bug 1087082 SUSE bug 1100416 SUSE bug 1129735 SUSE bug 1195161 SUSE bug 1198702 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. Moderate CVE-2018-13406 SUSE bug 1098016 SUSE bug 1100418 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. Low CVE-2018-13785 SUSE bug 1100687 SUSE bug 1112153 SUSE bug 1116574 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. Moderate CVE-2018-13796 SUSE bug 1101288 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. Critical CVE-2018-1417 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. Low CVE-2018-14339 SUSE bug 1101810 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. Low CVE-2018-14340 SUSE bug 1101804 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. Low CVE-2018-14341 SUSE bug 1101776 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. Low CVE-2018-14342 SUSE bug 1101777 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. Low CVE-2018-14343 SUSE bug 1101786 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. Low CVE-2018-14344 SUSE bug 1101788 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. Low CVE-2018-14367 SUSE bug 1101791 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. Low CVE-2018-14368 SUSE bug 1101794 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. Low CVE-2018-14369 SUSE bug 1101800 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. Low CVE-2018-14370 SUSE bug 1101802 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Low CVE-2018-14423 SUSE bug 1102016 SUSE bug 1140130 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. Moderate CVE-2018-14432 SUSE bug 1102151 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. Moderate CVE-2018-14526 SUSE bug 1104205 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. Moderate CVE-2018-14574 SUSE bug 1102680 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. Moderate CVE-2018-14617 SUSE bug 1102870 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. Moderate CVE-2018-14625 SUSE bug 1106615 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. Important CVE-2018-14633 SUSE bug 1107829 SUSE bug 1107832 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. Important CVE-2018-14645 SUSE bug 1108683 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. Moderate CVE-2018-14647 SUSE bug 1109847 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. Moderate CVE-2018-14678 SUSE bug 1102715 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). Moderate CVE-2018-14679 SUSE bug 1102922 SUSE bug 1103032 SUSE bug 1103040 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. Moderate CVE-2018-14680 SUSE bug 1102922 SUSE bug 1103032 SUSE bug 1103040 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. Moderate CVE-2018-14681 SUSE bug 1102922 SUSE bug 1103032 SUSE bug 1103040 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Moderate CVE-2018-14682 SUSE bug 1102922 SUSE bug 1103032 SUSE bug 1103040 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). Important CVE-2018-14734 SUSE bug 1103119 SUSE bug 1131390 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution Critical CVE-2018-15126 SUSE bug 1120114 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution Critical CVE-2018-15127 SUSE bug 1120117 SUSE bug 1123828 SUSE bug 1123832 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. Moderate CVE-2018-1517 SUSE bug 1101645 SUSE bug 1101656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file. Moderate CVE-2018-15378 SUSE bug 1110723 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. Moderate CVE-2018-15468 SUSE bug 1103276 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. Moderate CVE-2018-15473 SUSE bug 1105010 SUSE bug 1106163 SUSE bug 1123133 SUSE bug 1138392 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Moderate CVE-2018-15518 SUSE bug 1118595 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. Important CVE-2018-15572 SUSE bug 1102517 SUSE bug 1105296 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. Moderate CVE-2018-15594 SUSE bug 1105348 SUSE bug 1133319 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. Moderate CVE-2018-15686 SUSE bug 1113665 SUSE bug 1120323 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. Important CVE-2018-15688 SUSE bug 1113632 SUSE bug 1113668 SUSE bug 1113669 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Important CVE-2018-15727 SUSE bug 1106515 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. Moderate CVE-2018-15746 SUSE bug 1106222 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. Important CVE-2018-15908 SUSE bug 1105464 SUSE bug 1106171 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. Important CVE-2018-15909 SUSE bug 1105464 SUSE bug 1106172 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Important CVE-2018-15910 SUSE bug 1105464 SUSE bug 1106173 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. Important CVE-2018-15911 SUSE bug 1105464 SUSE bug 1106195 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1118455 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. Important CVE-2018-16056 SUSE bug 1106514 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. Important CVE-2018-16057 SUSE bug 1106514 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. Important CVE-2018-16058 SUSE bug 1106514 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. Moderate CVE-2018-16151 SUSE bug 1107874 SUSE bug 1109845 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. Moderate CVE-2018-16152 SUSE bug 1107874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. Important CVE-2018-16276 SUSE bug 1106095 SUSE bug 1115593 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. Moderate CVE-2018-16301 SUSE bug 1153098 SUSE bug 1153332 SUSE bug 1195825 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. Moderate CVE-2018-16375 SUSE bug 1106882 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. Moderate CVE-2018-16376 SUSE bug 1106881 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. Critical CVE-2018-16395 SUSE bug 1112530 SUSE bug 1136906 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. Moderate CVE-2018-16396 SUSE bug 1112532 SUSE bug 1136906 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. Low CVE-2018-16412 SUSE bug 1106989 SUSE bug 1106996 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. Low CVE-2018-16413 SUSE bug 1106989 SUSE bug 1106996 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. Moderate CVE-2018-16428 SUSE bug 1107121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). Moderate CVE-2018-16429 SUSE bug 1107116 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. Moderate CVE-2018-16435 SUSE bug 1108813 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Moderate CVE-2018-16468 SUSE bug 1113969 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. Moderate CVE-2018-16470 SUSE bug 1114831 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. Moderate CVE-2018-16471 SUSE bug 1114828 SUSE bug 1116600 SUSE bug 1122178 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. Moderate CVE-2018-16476 SUSE bug 1117632 SUSE bug 1129268 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. Important CVE-2018-16509 SUSE bug 1107410 SUSE bug 1108027 SUSE bug 1118318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. Important CVE-2018-16510 SUSE bug 1107411 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Important CVE-2018-16511 SUSE bug 1107426 SUSE bug 1111479 SUSE bug 1112229 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. Important CVE-2018-16513 SUSE bug 1107412 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. Moderate CVE-2018-16539 SUSE bug 1107422 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. Important CVE-2018-16540 SUSE bug 1107420 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Important CVE-2018-16541 SUSE bug 1107421 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1118455 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Important CVE-2018-16542 SUSE bug 1107413 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. Important CVE-2018-16543 SUSE bug 1107423 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Moderate CVE-2018-1656 SUSE bug 1101645 SUSE bug 1101656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193). Low CVE-2018-16585 SUSE bug 1107581 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. Moderate CVE-2018-16597 SUSE bug 1106512 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. Low CVE-2018-16644 SUSE bug 1107609 SUSE bug 1107612 SUSE bug 1117463 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. Moderate CVE-2018-16658 SUSE bug 1092903 SUSE bug 1107689 SUSE bug 1113751 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. Important CVE-2018-16802 SUSE bug 1107410 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117327 SUSE bug 1118455 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. Moderate CVE-2018-16839 SUSE bug 1112758 SUSE bug 1113029 SUSE bug 1131886 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. Moderate CVE-2018-16856 SUSE bug 1115710 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable. Moderate CVE-2018-16859 SUSE bug 1109957 SUSE bug 1116587 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. Moderate CVE-2018-16862 SUSE bug 1117186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. Important CVE-2018-16864 SUSE bug 1108912 SUSE bug 1120323 SUSE bug 1122265 SUSE bug 1188063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. Important CVE-2018-16865 SUSE bug 1108912 SUSE bug 1120323 SUSE bug 1122265 SUSE bug 1188063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. Moderate CVE-2018-16866 SUSE bug 1108912 SUSE bug 1120323 SUSE bug 1122265 SUSE bug 1126183 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Important CVE-2018-16871 SUSE bug 1137103 SUSE bug 1156320 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. Moderate CVE-2018-16872 SUSE bug 1119493 SUSE bug 1119494 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. Low CVE-2018-16876 SUSE bug 1109957 SUSE bug 1118896 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable. Moderate CVE-2018-16880 SUSE bug 1122767 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. Important CVE-2018-16881 SUSE bug 1123164 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions before 4.14.91 and before 4.19.13 are vulnerable. Important CVE-2018-16882 SUSE bug 1119934 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Important CVE-2018-16884 SUSE bug 1119946 SUSE bug 1119947 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Moderate CVE-2018-16890 SUSE bug 1123371 SUSE bug 1123378 SUSE bug 1141798 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes. Moderate CVE-2018-16984 SUSE bug 1109621 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. Important CVE-2018-17182 SUSE bug 1108399 SUSE bug 1110233 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Important CVE-2018-17183 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117331 SUSE bug 1118455 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. Important CVE-2018-17245 SUSE bug 1115060 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Moderate CVE-2018-17246 SUSE bug 1115069 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. Moderate CVE-2018-17358 SUSE bug 1109412 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. Moderate CVE-2018-17359 SUSE bug 1109413 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump. Moderate CVE-2018-17360 SUSE bug 1109414 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. Important CVE-2018-17407 SUSE bug 1109673 SUSE bug 1125938 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Important CVE-2018-17456 SUSE bug 1110949 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Important CVE-2018-17466 SUSE bug 1112111 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. Important CVE-2018-17540 SUSE bug 1107874 SUSE bug 1109845 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 InfluxDB 0.9.5 has Reflected XSS in the Write Data module. Moderate CVE-2018-17572 SUSE bug 1166190 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. Moderate CVE-2018-17795 SUSE bug 1046077 SUSE bug 1110358 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-. Important CVE-2018-17954 SUSE bug 1117080 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Moderate CVE-2018-17958 SUSE bug 1111006 SUSE bug 1111007 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Moderate CVE-2018-17961 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117331 SUSE bug 1118455 SUSE bug 1129180 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. Moderate CVE-2018-17962 SUSE bug 1111010 SUSE bug 1111011 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. Moderate CVE-2018-17963 SUSE bug 1111013 SUSE bug 1111014 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. Low CVE-2018-17972 SUSE bug 1110785 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters. Moderate CVE-2018-17985 SUSE bug 1116827 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes. Moderate CVE-2018-18021 SUSE bug 1110998 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. Important CVE-2018-18065 SUSE bug 1111122 SUSE bug 1126909 SUSE bug 1145864 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Moderate CVE-2018-18073 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117331 SUSE bug 1118455 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. Moderate CVE-2018-18074 SUSE bug 1111622 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. Important CVE-2018-18227 SUSE bug 1111647 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19. Moderate CVE-2018-18281 SUSE bug 1113769 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Important CVE-2018-18284 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117331 SUSE bug 1118455 SUSE bug 1144621 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking. Low CVE-2018-18309 SUSE bug 1111996 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Important CVE-2018-18311 SUSE bug 1114674 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Important CVE-2018-18335 SUSE bug 1118529 SUSE bug 1125330 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Important CVE-2018-18356 SUSE bug 1118529 SUSE bug 1125330 SUSE bug 1125396 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. Moderate CVE-2018-18386 SUSE bug 1094825 SUSE bug 1112039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. Moderate CVE-2018-18397 SUSE bug 1117656 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. Moderate CVE-2018-18483 SUSE bug 1112535 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. Moderate CVE-2018-18484 SUSE bug 1112534 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Important CVE-2018-18492 SUSE bug 1112111 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Important CVE-2018-18493 SUSE bug 1112111 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Important CVE-2018-18494 SUSE bug 1112111 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Important CVE-2018-18498 SUSE bug 1112111 SUSE bug 1119105 SUSE bug 1121207 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Important CVE-2018-18500 SUSE bug 1122983 SUSE bug 986639 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Important CVE-2018-18501 SUSE bug 1122983 SUSE bug 986639 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65. Important CVE-2018-18505 SUSE bug 1122983 SUSE bug 986639 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. Important CVE-2018-18506 SUSE bug 1122983 SUSE bug 1129821 SUSE bug 986639 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Moderate CVE-2018-18605 SUSE bug 1113255 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Low CVE-2018-18606 SUSE bug 1113252 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. Low CVE-2018-18607 SUSE bug 1113247 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Moderate CVE-2018-18623 SUSE bug 1172450 SUSE bug 1174583 SUSE bug 1175951 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Moderate CVE-2018-18624 SUSE bug 1172450 SUSE bug 1174583 SUSE bug 1175951 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Moderate CVE-2018-18625 SUSE bug 1172450 SUSE bug 1174583 SUSE bug 1175951 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. Moderate CVE-2018-18690 SUSE bug 1105025 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. Moderate CVE-2018-18710 SUSE bug 1113751 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. Moderate CVE-2018-18751 SUSE bug 1113719 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. Moderate CVE-2018-18849 SUSE bug 1114422 SUSE bug 1114423 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. Moderate CVE-2018-1890 SUSE bug 1128158 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. Moderate CVE-2018-19039 SUSE bug 1115960 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. Moderate CVE-2018-19364 SUSE bug 1116717 SUSE bug 1116726 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. Moderate CVE-2018-19407 SUSE bug 1116841 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. Important CVE-2018-19409 SUSE bug 1108027 SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117331 SUSE bug 1118455 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. Moderate CVE-2018-19432 SUSE bug 1116993 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Important CVE-2018-19475 SUSE bug 1117327 SUSE bug 1117331 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Important CVE-2018-19476 SUSE bug 1117313 SUSE bug 1117331 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Important CVE-2018-19477 SUSE bug 1117274 SUSE bug 1117331 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. Low CVE-2018-19489 SUSE bug 1117275 SUSE bug 1117279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. Moderate CVE-2018-19591 SUSE bug 1117603 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges Important CVE-2018-19636 SUSE bug 1063385 SUSE bug 1117751 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection Important CVE-2018-19637 SUSE bug 1063385 SUSE bug 1117776 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. Low CVE-2018-19638 SUSE bug 1063385 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root. Important CVE-2018-19639 SUSE bug 1063385 SUSE bug 1118460 SUSE bug 1118462 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine. Moderate CVE-2018-19640 SUSE bug 1063385 SUSE bug 1118463 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. Moderate CVE-2018-19665 SUSE bug 1117749 SUSE bug 1117756 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. Moderate CVE-2018-19758 SUSE bug 1117954 SUSE bug 1125575 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. Moderate CVE-2018-19788 SUSE bug 1118274 SUSE bug 1118277 SUSE bug 1119056 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. Moderate CVE-2018-19824 SUSE bug 1118152 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). Moderate CVE-2018-19854 SUSE bug 1118428 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. Moderate CVE-2018-19869 SUSE bug 1118599 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. Moderate CVE-2018-19870 SUSE bug 1118597 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Moderate CVE-2018-19871 SUSE bug 1118598 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Moderate CVE-2018-19872 SUSE bug 1130246 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Moderate CVE-2018-19873 SUSE bug 1118596 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. Low CVE-2018-19931 SUSE bug 1118830 SUSE bug 1118831 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Low CVE-2018-19932 SUSE bug 1118830 SUSE bug 1118831 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. Important CVE-2018-19961 SUSE bug 1115040 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. Important CVE-2018-19962 SUSE bug 1115040 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. Moderate CVE-2018-19965 SUSE bug 1115045 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595. Moderate CVE-2018-19966 SUSE bug 1115047 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. Moderate CVE-2018-19967 SUSE bug 1114988 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. Moderate CVE-2018-19985 SUSE bug 1120743 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution Important CVE-2018-20019 SUSE bug 1120118 SUSE bug 1123823 SUSE bug 1155442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution Important CVE-2018-20020 SUSE bug 1120116 SUSE bug 1155472 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM Moderate CVE-2018-20021 SUSE bug 1120122 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR Moderate CVE-2018-20022 SUSE bug 1120120 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR Moderate CVE-2018-20023 SUSE bug 1120119 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. Moderate CVE-2018-20024 SUSE bug 1120121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. Low CVE-2018-20030 SUSE bug 1120943 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. Moderate CVE-2018-20060 SUSE bug 1119376 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. Moderate CVE-2018-20102 SUSE bug 1119368 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. Important CVE-2018-20103 SUSE bug 1119419 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. Moderate CVE-2018-20169 SUSE bug 1119714 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. Moderate CVE-2018-20217 SUSE bug 1120489 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. Moderate CVE-2018-20346 SUSE bug 1119687 SUSE bug 1120335 SUSE bug 1131576 SUSE bug 1131918 SUSE bug 1131919 SUSE bug 1148893 SUSE bug 1169664 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. Moderate CVE-2018-20406 SUSE bug 1120644 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. Low CVE-2018-20467 SUSE bug 1120381 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). Low CVE-2018-20505 SUSE bug 1131560 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. Important CVE-2018-20506 SUSE bug 1131560 SUSE bug 1131576 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call. Low CVE-2018-20511 SUSE bug 1120388 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. Low CVE-2018-20532 SUSE bug 1120629 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. Low CVE-2018-20533 SUSE bug 1120630 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application. Low CVE-2018-20534 SUSE bug 1120631 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. Important CVE-2018-20615 SUSE bug 1121283 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. Moderate CVE-2018-20623 SUSE bug 1121035 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. Moderate CVE-2018-20651 SUSE bug 1121034 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Important CVE-2018-20669 SUSE bug 1122971 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size. Moderate CVE-2018-20671 SUSE bug 1121056 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. Important CVE-2018-20685 SUSE bug 1121571 SUSE bug 1123220 SUSE bug 1131109 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. Important CVE-2018-20748 SUSE bug 1120118 SUSE bug 1123823 SUSE bug 1155442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. Critical CVE-2018-20749 SUSE bug 1120117 SUSE bug 1123828 SUSE bug 1123832 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. Critical CVE-2018-20750 SUSE bug 1120117 SUSE bug 1123832 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. Important CVE-2018-20815 SUSE bug 1118900 SUSE bug 1130675 SUSE bug 1130680 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. Moderate CVE-2018-20836 SUSE bug 1134395 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Moderate CVE-2018-20845 SUSE bug 1140130 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). Moderate CVE-2018-20846 SUSE bug 1140205 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. Moderate CVE-2018-20847 SUSE bug 1140220 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. Moderate CVE-2018-20852 SUSE bug 1141853 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. Moderate CVE-2018-20855 SUSE bug 1143045 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. Important CVE-2018-20856 SUSE bug 1143048 SUSE bug 1156331 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. Moderate CVE-2018-20961 SUSE bug 1144823 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. Moderate CVE-2018-20976 SUSE bug 1146285 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. Moderate CVE-2018-21008 SUSE bug 1149591 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. Moderate CVE-2018-21009 SUSE bug 1149635 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. Important CVE-2018-21010 SUSE bug 1149789 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. Important CVE-2018-21247 SUSE bug 1173477 SUSE bug 1173874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. Critical CVE-2018-25009 SUSE bug 1185673 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. Critical CVE-2018-25010 SUSE bug 1185685 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Critical CVE-2018-25011 SUSE bug 1186247 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. Critical CVE-2018-25012 SUSE bug 1185690 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. Critical CVE-2018-25013 SUSE bug 1185654 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Critical CVE-2018-25014 SUSE bug 1186250 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. Important CVE-2018-25020 SUSE bug 1193575 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. Important CVE-2018-25032 SUSE bug 1197459 SUSE bug 1197893 SUSE bug 1198667 SUSE bug 1199104 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). Important CVE-2018-2562 SUSE bug 1076369 SUSE bug 1078431 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2018-2579 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). Moderate CVE-2018-2582 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2018-2588 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). Moderate CVE-2018-2599 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). Moderate CVE-2018-2602 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2018-2603 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Moderate CVE-2018-2612 SUSE bug 1076369 SUSE bug 1078431 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Moderate CVE-2018-2618 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2622 SUSE bug 1076369 SUSE bug 1078431 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). Moderate CVE-2018-2629 SUSE bug 1076366 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2018-2633 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). Moderate CVE-2018-2634 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Important CVE-2018-2637 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2018-2638 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2018-2639 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2640 SUSE bug 1076369 SUSE bug 1078431 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). Moderate CVE-2018-2641 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2018-2657 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Moderate CVE-2018-2663 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2665 SUSE bug 1076369 SUSE bug 1078431 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2668 SUSE bug 1076369 SUSE bug 1078431 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Moderate CVE-2018-2677 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). Moderate CVE-2018-2678 SUSE bug 1076366 SUSE bug 1082810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2018-2755 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2759 SUSE bug 1089987 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2761 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2766 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2018-2767 SUSE bug 1088681 SUSE bug 1101675 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2771 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2777 SUSE bug 1089987 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2781 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2782 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). Important CVE-2018-2783 SUSE bug 1090022 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2784 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Moderate CVE-2018-2786 SUSE bug 1089987 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Moderate CVE-2018-2787 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Moderate CVE-2018-2790 SUSE bug 1090023 SUSE bug 1093311 SUSE bug 1101637 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2018-2794 SUSE bug 1090024 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2018-2795 SUSE bug 1090025 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2018-2796 SUSE bug 1090026 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Low CVE-2018-2797 SUSE bug 1090027 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2018-2798 SUSE bug 1090028 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2018-2799 SUSE bug 1090029 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). Moderate CVE-2018-2800 SUSE bug 1090030 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2810 SUSE bug 1089987 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2018-2813 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Important CVE-2018-2814 SUSE bug 1090032 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Low CVE-2018-2815 SUSE bug 1090033 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2817 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-2819 SUSE bug 1089987 SUSE bug 1090518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Low CVE-2018-2825 SUSE bug 1090196 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Low CVE-2018-2826 SUSE bug 1090197 SUSE bug 1093311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Low CVE-2018-2938 SUSE bug 1101644 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). Low CVE-2018-2940 SUSE bug 1101645 SUSE bug 1101656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2952 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Low CVE-2018-2964 SUSE bug 1101645 SUSE bug 1101653 SUSE bug 1101656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Low CVE-2018-2973 SUSE bug 1101645 SUSE bug 1101656 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2018-3058 SUSE bug 1101676 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Moderate CVE-2018-3060 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3063 SUSE bug 1101677 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). Important CVE-2018-3064 SUSE bug 1103342 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). Low CVE-2018-3066 SUSE bug 1101678 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). Moderate CVE-2018-3136 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1116574 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Moderate CVE-2018-3139 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1116574 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3143 SUSE bug 1112421 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Moderate CVE-2018-3149 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1116574 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3156 SUSE bug 1112417 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3162 SUSE bug 1112415 SUSE bug 1116686 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Moderate CVE-2018-3169 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1116574 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3173 SUSE bug 1112386 SUSE bug 1116686 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H). Moderate CVE-2018-3174 SUSE bug 1112368 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). Moderate CVE-2018-3180 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1116574 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Moderate CVE-2018-3183 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1116574 SUSE bug 1120714 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Moderate CVE-2018-3185 SUSE bug 1112384 SUSE bug 1116686 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3200 SUSE bug 1112404 SUSE bug 1116686 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2018-3214 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1116574 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3251 SUSE bug 1112397 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3277 SUSE bug 1112391 SUSE bug 1116686 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3282 SUSE bug 1112432 SUSE bug 1116686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2018-3284 SUSE bug 1112377 SUSE bug 1116686 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. Moderate CVE-2018-3620 SUSE bug 1087078 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1090340 SUSE bug 1091107 SUSE bug 1099306 SUSE bug 1104894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Moderate CVE-2018-3639 SUSE bug 1074701 SUSE bug 1085235 SUSE bug 1085308 SUSE bug 1087078 SUSE bug 1087082 SUSE bug 1092631 SUSE bug 1092885 SUSE bug 1094912 SUSE bug 1100394 SUSE bug 1102640 SUSE bug 1105412 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1173489 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. Moderate CVE-2018-3640 SUSE bug 1074701 SUSE bug 1087078 SUSE bug 1087083 SUSE bug 1094912 SUSE bug 1100394 SUSE bug 1175912 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. Important CVE-2018-3646 SUSE bug 1087078 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1091107 SUSE bug 1099306 SUSE bug 1104365 SUSE bug 1104894 SUSE bug 1106548 SUSE bug 1113534 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Moderate CVE-2018-3665 SUSE bug 1087078 SUSE bug 1087082 SUSE bug 1087086 SUSE bug 1090338 SUSE bug 1095241 SUSE bug 1095242 SUSE bug 1096740 SUSE bug 1100091 SUSE bug 1100555 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Important CVE-2018-3693 SUSE bug 1087078 SUSE bug 1087084 SUSE bug 1101008 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. Moderate CVE-2018-3741 SUSE bug 1085967 SUSE bug 1086598 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Important CVE-2018-3760 SUSE bug 1098369 SUSE bug 1182167 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. Moderate CVE-2018-3817 SUSE bug 1090849 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. Moderate CVE-2018-3826 SUSE bug 1109085 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged. Moderate CVE-2018-3827 SUSE bug 1109078 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Moderate CVE-2018-3830 SUSE bug 1109087 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details. Moderate CVE-2018-3831 SUSE bug 1109077 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4191 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4197 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. Moderate CVE-2018-4207 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. Moderate CVE-2018-4208 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. Moderate CVE-2018-4209 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks. Moderate CVE-2018-4210 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. Moderate CVE-2018-4212 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks. Moderate CVE-2018-4213 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4261 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling. Important CVE-2018-4262 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4263 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4264 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4265 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4266 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4267 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4270 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4272 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4273 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Important CVE-2018-4278 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A type confusion issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. Important CVE-2018-4284 SUSE bug 1104169 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4299 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4306 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4309 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4312 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4314 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4315 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4316 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4317 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4318 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4319 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4323 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4328 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Important CVE-2018-4345 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4358 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4359 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. Moderate CVE-2018-4361 SUSE bug 1110279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4372 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4373 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4375 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4376 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4378 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4382 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4386 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4392 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. Important CVE-2018-4416 SUSE bug 1116998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Critical CVE-2018-4437 SUSE bug 1119553 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Critical CVE-2018-4438 SUSE bug 1119554 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Critical CVE-2018-4441 SUSE bug 1119555 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Critical CVE-2018-4442 SUSE bug 1119556 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Critical CVE-2018-4443 SUSE bug 1119557 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. Critical CVE-2018-4464 SUSE bug 1119553 SUSE bug 1119558 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file. Important CVE-2018-4868 SUSE bug 1074502 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5089 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. Important CVE-2018-5091 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5095 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. Important CVE-2018-5096 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5097 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5098 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5099 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5102 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5103 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Important CVE-2018-5104 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Moderate CVE-2018-5117 SUSE bug 1077291 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. Important CVE-2018-5124 SUSE bug 1078314 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Important CVE-2018-5125 SUSE bug 1085130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Important CVE-2018-5127 SUSE bug 1085130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. Important CVE-2018-5129 SUSE bug 1085130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Important CVE-2018-5130 SUSE bug 1085130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. Moderate CVE-2018-5131 SUSE bug 1085130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Moderate CVE-2018-5144 SUSE bug 1085130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. Important CVE-2018-5145 SUSE bug 1085130 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. Important CVE-2018-5146 SUSE bug 1085671 SUSE bug 1085687 SUSE bug 1180395 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. Important CVE-2018-5147 SUSE bug 1085671 SUSE bug 1085687 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. Important CVE-2018-5148 SUSE bug 1087059 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Important CVE-2018-5150 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60. Important CVE-2018-5151 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60. Important CVE-2018-5152 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60. Important CVE-2018-5153 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Important CVE-2018-5154 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Important CVE-2018-5155 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-5156 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Important CVE-2018-5157 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. Important CVE-2018-5158 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Important CVE-2018-5159 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60. Important CVE-2018-5160 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Important CVE-2018-5161 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Important CVE-2018-5162 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093151 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60. Important CVE-2018-5163 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60. Important CVE-2018-5164 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60. Important CVE-2018-5165 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60. Important CVE-2018-5166 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60. Important CVE-2018-5167 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Important CVE-2018-5168 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60. Important CVE-2018-5169 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Important CVE-2018-5170 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60. Important CVE-2018-5172 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60. Important CVE-2018-5173 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. Important CVE-2018-5174 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. Important CVE-2018-5175 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60. Important CVE-2018-5176 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60. Important CVE-2018-5177 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Important CVE-2018-5178 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. Important CVE-2018-5179 SUSE bug 1112111 SUSE bug 1119105 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60. Important CVE-2018-5180 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60. Important CVE-2018-5181 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60. Important CVE-2018-5182 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. Important CVE-2018-5183 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Important CVE-2018-5184 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093152 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Important CVE-2018-5185 SUSE bug 1092548 SUSE bug 1092611 SUSE bug 1093151 SUSE bug 1093969 SUSE bug 1093970 SUSE bug 1093971 SUSE bug 1093972 SUSE bug 1093973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Important CVE-2018-5188 SUSE bug 1098998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. Moderate CVE-2018-5244 SUSE bug 1073961 SUSE bug 1074966 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. Moderate CVE-2018-5246 SUSE bug 1074973 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. Moderate CVE-2018-5247 SUSE bug 1074969 SUSE bug 1074975 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. Moderate CVE-2018-5248 SUSE bug 1074968 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). Moderate CVE-2018-5332 SUSE bug 1075621 SUSE bug 1091815 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. Moderate CVE-2018-5333 SUSE bug 1075617 SUSE bug 1091815 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. Moderate CVE-2018-5334 SUSE bug 1075737 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. Moderate CVE-2018-5335 SUSE bug 1075738 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. Moderate CVE-2018-5336 SUSE bug 1075739 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. Moderate CVE-2018-5357 SUSE bug 1075821 SUSE bug 1095726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. Moderate CVE-2018-5358 SUSE bug 1075819 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. Moderate CVE-2018-5378 SUSE bug 1079798 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. Important CVE-2018-5379 SUSE bug 1079799 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. Moderate CVE-2018-5380 SUSE bug 1079800 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. Moderate CVE-2018-5381 SUSE bug 1079801 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Important CVE-2018-5383 SUSE bug 1104301 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. Moderate CVE-2018-5388 SUSE bug 1094462 SUSE bug 1101792 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Important CVE-2018-5390 SUSE bug 1087082 SUSE bug 1102340 SUSE bug 1102682 SUSE bug 1103097 SUSE bug 1103098 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Important CVE-2018-5391 SUSE bug 1087082 SUSE bug 1102340 SUSE bug 1103097 SUSE bug 1103098 SUSE bug 1108654 SUSE bug 1114071 SUSE bug 1121102 SUSE bug 1134140 SUSE bug 1181460 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. Moderate CVE-2018-5407 SUSE bug 1113534 SUSE bug 1116195 SUSE bug 1126909 SUSE bug 1148697 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of CVE-2018-15727. Notes: All CVE users should reference CVE-2018-15727 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Low CVE-2018-558213 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. Moderate CVE-2018-5683 SUSE bug 1076114 SUSE bug 1076116 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. Important CVE-2018-5685 SUSE bug 1075939 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. Important CVE-2018-5703 SUSE bug 1076200 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Moderate CVE-2018-5709 SUSE bug 1076229 SUSE bug 1132051 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. Moderate CVE-2018-5710 SUSE bug 1076211 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. Moderate CVE-2018-5711 SUSE bug 1076391 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Moderate CVE-2018-5727 SUSE bug 1076314 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. Moderate CVE-2018-5729 SUSE bug 1076211 SUSE bug 1083926 SUSE bug 1122468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. Moderate CVE-2018-5730 SUSE bug 1076211 SUSE bug 1083927 SUSE bug 1122468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0 Important CVE-2018-5732 SUSE bug 1083302 SUSE bug 1085417 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Moderate CVE-2018-5733 SUSE bug 1083303 SUSE bug 1085417 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2. Important CVE-2018-5734 SUSE bug 1085417 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected. Important CVE-2018-5735 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 SUSE bug 1033466 SUSE bug 1081545 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1. Moderate CVE-2018-5736 SUSE bug 1093448 SUSE bug 1093449 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1. Moderate CVE-2018-5737 SUSE bug 1093448 SUSE bug 1093449 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. Important CVE-2018-5740 SUSE bug 1104129 SUSE bug 1148887 SUSE bug 1177790 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. Moderate CVE-2018-5741 SUSE bug 1109160 SUSE bug 1171740 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743. Important CVE-2018-5743 SUSE bug 1133185 SUSE bug 1148887 SUSE bug 1157051 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Important CVE-2018-5744 SUSE bug 1126066 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. Moderate CVE-2018-5745 SUSE bug 1126068 SUSE bug 1148887 SUSE bug 1177790 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. Low CVE-2018-5748 SUSE bug 1076500 SUSE bug 1083625 SUSE bug 1087887 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. Moderate CVE-2018-5750 SUSE bug 1077892 SUSE bug 1087082 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Moderate CVE-2018-5764 SUSE bug 1076503 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. Moderate CVE-2018-5772 SUSE bug 1076579 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. Moderate CVE-2018-5784 SUSE bug 1081690 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Moderate CVE-2018-5785 SUSE bug 1076967 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. Moderate CVE-2018-5803 SUSE bug 1083900 SUSE bug 1087082 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. Moderate CVE-2018-5814 SUSE bug 1087082 SUSE bug 1096480 SUSE bug 1133319 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. Important CVE-2018-5848 SUSE bug 1087082 SUSE bug 1097356 SUSE bug 1105412 SUSE bug 1115339 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. Moderate CVE-2018-5950 SUSE bug 1077358 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. Low CVE-2018-5953 SUSE bug 1104131 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. Critical CVE-2018-5996 SUSE bug 1077724 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. Important CVE-2018-6003 SUSE bug 1076832 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Important CVE-2018-6126 SUSE bug 1095163 SUSE bug 1096449 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. Moderate CVE-2018-6188 SUSE bug 1077714 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. Moderate CVE-2018-6196 SUSE bug 1077559 SUSE bug 1189667 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. Moderate CVE-2018-6197 SUSE bug 1077559 SUSE bug 1077568 SUSE bug 1189667 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Moderate CVE-2018-6198 SUSE bug 1077559 SUSE bug 1077572 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. Critical CVE-2018-6307 SUSE bug 1120115 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Low CVE-2018-6323 SUSE bug 1077745 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. Moderate CVE-2018-6405 SUSE bug 1078433 SUSE bug 1095726 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. Moderate CVE-2018-6412 SUSE bug 1078500 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Moderate CVE-2018-6485 SUSE bug 1079036 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Moderate CVE-2018-6543 SUSE bug 1079103 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. Moderate CVE-2018-6551 SUSE bug 1079036 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. Low CVE-2018-6554 SUSE bug 1106509 SUSE bug 1106511 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. Moderate CVE-2018-6555 SUSE bug 1106509 SUSE bug 1106511 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Moderate CVE-2018-6616 SUSE bug 1079845 SUSE bug 1140359 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. Moderate CVE-2018-6759 SUSE bug 1079741 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. Low CVE-2018-6764 SUSE bug 1080042 SUSE bug 1088147 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. Moderate CVE-2018-6797 SUSE bug 1082234 SUSE bug 1106717 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. Important CVE-2018-6798 SUSE bug 1082233 SUSE bug 1106717 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. Moderate CVE-2018-6829 SUSE bug 1081684 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Moderate CVE-2018-6836 SUSE bug 1080229 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. Moderate CVE-2018-6872 SUSE bug 1080556 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. Low CVE-2018-6876 SUSE bug 1081305 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. Moderate CVE-2018-6913 SUSE bug 1082216 SUSE bug 1106717 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. Low CVE-2018-6914 SUSE bug 1087441 SUSE bug 1136906 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. Moderate CVE-2018-6927 SUSE bug 1080757 SUSE bug 1091815 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. Low CVE-2018-6930 SUSE bug 1081303 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. Moderate CVE-2018-6942 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. Important CVE-2018-6954 SUSE bug 1080919 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service. Moderate CVE-2018-7158 SUSE bug 1087459 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. Low CVE-2018-7159 SUSE bug 1087453 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. Moderate CVE-2018-7160 SUSE bug 1087463 SUSE bug 1182620 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation. Moderate CVE-2018-7161 SUSE bug 1097404 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation. Important CVE-2018-7162 SUSE bug 1097538 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour. Important CVE-2018-7164 SUSE bug 1097537 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information. Moderate CVE-2018-7166 SUSE bug 1105018 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable. Moderate CVE-2018-7167 SUSE bug 1097375 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. Moderate CVE-2018-7169 SUSE bug 1081294 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. Low CVE-2018-7170 SUSE bug 1082210 SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1155513 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. Moderate CVE-2018-7182 SUSE bug 1082210 SUSE bug 1083426 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. Moderate CVE-2018-7183 SUSE bug 1082210 SUSE bug 1083417 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. Low CVE-2018-7184 SUSE bug 1082210 SUSE bug 1083422 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. Low CVE-2018-7185 SUSE bug 1082210 SUSE bug 1083420 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. Moderate CVE-2018-7191 SUSE bug 1135603 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. Low CVE-2018-7208 SUSE bug 1081527 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters. Moderate CVE-2018-7212 SUSE bug 1165445 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Important CVE-2018-7225 SUSE bug 1081493 SUSE bug 1090647 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet. Moderate CVE-2018-7226 SUSE bug 1082799 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. Moderate CVE-2018-7253 SUSE bug 1081692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. Moderate CVE-2018-7254 SUSE bug 1081693 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. Moderate CVE-2018-7320 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. Moderate CVE-2018-7321 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. Moderate CVE-2018-7322 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. Moderate CVE-2018-7323 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. Moderate CVE-2018-7324 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. Moderate CVE-2018-7325 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. Moderate CVE-2018-7326 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. Moderate CVE-2018-7327 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. Moderate CVE-2018-7328 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. Moderate CVE-2018-7329 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. Moderate CVE-2018-7330 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. Moderate CVE-2018-7331 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. Moderate CVE-2018-7332 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. Moderate CVE-2018-7333 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. Moderate CVE-2018-7334 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. Moderate CVE-2018-7335 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. Moderate CVE-2018-7336 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. Moderate CVE-2018-7337 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue. Moderate CVE-2018-7408 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. Moderate CVE-2018-7409 SUSE bug 1082290 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. Moderate CVE-2018-7417 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. Moderate CVE-2018-7418 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. Moderate CVE-2018-7419 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. Moderate CVE-2018-7420 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. Moderate CVE-2018-7421 SUSE bug 1082692 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). Low CVE-2018-7443 SUSE bug 1075944 SUSE bug 1082792 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) Moderate CVE-2018-7456 SUSE bug 1074317 SUSE bug 1082825 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. Low CVE-2018-7470 SUSE bug 1082837 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. Moderate CVE-2018-7480 SUSE bug 1082863 SUSE bug 1084536 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. Moderate CVE-2018-7485 SUSE bug 1082484 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. Moderate CVE-2018-7492 SUSE bug 1082962 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Moderate CVE-2018-7536 SUSE bug 1083304 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. Moderate CVE-2018-7537 SUSE bug 1083305 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. Moderate CVE-2018-7540 SUSE bug 1080635 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Important CVE-2018-7541 SUSE bug 1080662 SUSE bug 1178658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. Important CVE-2018-7542 SUSE bug 1080634 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning. Low CVE-2018-7544 SUSE bug 1085803 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. Moderate CVE-2018-7548 SUSE bug 1082981 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. Moderate CVE-2018-7549 SUSE bug 1082991 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. Important CVE-2018-7550 SUSE bug 1083291 SUSE bug 1083292 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-LTSS The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. Important CVE-2018-7566 SUSE bug 1083483 SUSE bug 1083488 SUSE bug 1087082 SUSE bug 1091815 cpe:/o:suse:sles-ltss:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. Moderate CVE-2018-7568 SUSE bug 1086788 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. Moderate CVE-2018-7569 SUSE bug 1083532 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. Moderate CVE-2018-7570 SUSE bug 1083528 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. Moderate CVE-2018-7642 SUSE bug 1086786 SUSE bug 1128518 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. Moderate CVE-2018-7643 SUSE bug 1086784 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. Moderate CVE-2018-7648 SUSE bug 1083901 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. Important CVE-2018-7685 SUSE bug 1045735 SUSE bug 1088705 SUSE bug 1091624 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. Low CVE-2018-7728 SUSE bug 1085297 SUSE bug 1085585 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. Low CVE-2018-7729 SUSE bug 1085296 SUSE bug 1085585 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. Low CVE-2018-7730 SUSE bug 1085295 SUSE bug 1085585 SUSE bug 1103718 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. Low CVE-2018-7731 SUSE bug 1085294 SUSE bug 1085585 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. Important CVE-2018-7738 SUSE bug 1080740 SUSE bug 1084300 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. Moderate CVE-2018-7740 SUSE bug 1084353 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. Important CVE-2018-7750 SUSE bug 1085276 SUSE bug 1111151 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. Low CVE-2018-7755 SUSE bug 1084513 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. Moderate CVE-2018-7757 SUSE bug 1084536 SUSE bug 1087082 SUSE bug 1087209 SUSE bug 1091815 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. Moderate CVE-2018-7858 SUSE bug 1084604 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file. Moderate CVE-2018-7999 SUSE bug 1084850 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2. Important CVE-2018-8007 SUSE bug 1100973 SUSE bug 1104204 SUSE bug 1119720 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability. Moderate CVE-2018-8019 SUSE bug 1103348 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability. Important CVE-2018-8020 SUSE bug 1103347 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Moderate CVE-2018-8032 SUSE bug 1103658 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). Low CVE-2018-8043 SUSE bug 1084829 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. Moderate CVE-2018-8048 SUSE bug 1085967 SUSE bug 1086598 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Low CVE-2018-8086 SUSE bug 1085008 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. Moderate CVE-2018-8087 SUSE bug 1085053 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498. Low CVE-2018-8518 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Low CVE-2018-8523 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. Low CVE-2018-8740 SUSE bug 1085790 SUSE bug 1131919 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. Moderate CVE-2018-8769 SUSE bug 1085809 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). Important CVE-2018-8777 SUSE bug 1087436 SUSE bug 1136906 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. Moderate CVE-2018-8778 SUSE bug 1087433 SUSE bug 1136906 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. Low CVE-2018-8779 SUSE bug 1087440 SUSE bug 1136906 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. Low CVE-2018-8780 SUSE bug 1087437 SUSE bug 1136906 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. Important CVE-2018-8781 SUSE bug 1087082 SUSE bug 1090643 SUSE bug 1090646 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. Low CVE-2018-8804 SUSE bug 1086011 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. Moderate CVE-2018-8822 SUSE bug 1086162 SUSE bug 1091815 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. Moderate CVE-2018-8897 SUSE bug 1087078 SUSE bug 1087088 SUSE bug 1090368 SUSE bug 1090820 SUSE bug 1090869 SUSE bug 1092497 SUSE bug 1093522 SUSE bug 1100835 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. Moderate CVE-2018-8905 SUSE bug 1086408 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. Low CVE-2018-8945 SUSE bug 1086608 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker. Moderate CVE-2018-8956 SUSE bug 1171355 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. Low CVE-2018-8960 SUSE bug 1086782 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file. Low CVE-2018-8976 SUSE bug 1086810 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. Low CVE-2018-9055 SUSE bug 1087020 SUSE bug 1088278 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. Moderate CVE-2018-9056 SUSE bug 1087110 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. Moderate CVE-2018-9133 SUSE bug 1087820 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. Moderate CVE-2018-9135 SUSE bug 1087825 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. Moderate CVE-2018-9138 SUSE bug 1088016 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. Moderate CVE-2018-9144 SUSE bug 1087877 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file. Moderate CVE-2018-9145 SUSE bug 1087879 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. Low CVE-2018-9154 SUSE bug 1092115 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. Low CVE-2018-9234 SUSE bug 1088255 SUSE bug 1090647 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. Low CVE-2018-9252 SUSE bug 1088278 SUSE bug 1178702 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. Low CVE-2018-9305 SUSE bug 1088424 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17724. Reason: This candidate is a reservation duplicate of CVE-2017-17724. Notes: All CVE users should reference CVE-2017-17724 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Low CVE-2018-9306 SUSE bug 1088425 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. Moderate CVE-2018-9336 SUSE bug 1090647 SUSE bug 1090839 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. Important CVE-2018-9363 SUSE bug 1087082 SUSE bug 1105292 SUSE bug 1105293 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel. Moderate CVE-2018-9385 SUSE bug 1100491 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. Moderate CVE-2018-9516 SUSE bug 1108498 SUSE bug 1123161 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. Low CVE-2018-9517 SUSE bug 1108488 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel. Important CVE-2018-9568 SUSE bug 1118319 SUSE bug 1118320 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. Low CVE-2018-9918 SUSE bug 1089090 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. Low CVE-2018-9996 SUSE bug 1089050 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Important CVE-2019-0136 SUSE bug 1193157 SUSE bug 1199615 SUSE bug 1199616 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. Important CVE-2019-0154 SUSE bug 1135966 SUSE bug 1181720 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. Important CVE-2019-0155 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1173663 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. Moderate CVE-2019-0196 SUSE bug 1131237 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. Moderate CVE-2019-0197 SUSE bug 1131245 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. Important CVE-2019-0201 SUSE bug 1135773 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. Moderate CVE-2019-0202 SUSE bug 1142617 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. Important CVE-2019-0211 SUSE bug 1131233 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Moderate CVE-2019-0217 SUSE bug 1131239 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. Moderate CVE-2019-0220 SUSE bug 1131241 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. Moderate CVE-2019-0221 SUSE bug 1136085 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. Moderate CVE-2019-10081 SUSE bug 1145742 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. Moderate CVE-2019-10082 SUSE bug 1145741 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. Important CVE-2019-10086 SUSE bug 1146657 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. Important CVE-2019-10092 SUSE bug 1145740 SUSE bug 1182703 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. Moderate CVE-2019-10097 SUSE bug 1145739 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. Important CVE-2019-1010006 SUSE bug 1141619 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. Important CVE-2019-1010180 SUSE bug 1142772 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. Important CVE-2019-10125 SUSE bug 1130695 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Important CVE-2019-10126 SUSE bug 1136935 SUSE bug 1137944 SUSE bug 1156330 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. Moderate CVE-2019-10130 SUSE bug 1134689 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Moderate CVE-2019-10131 SUSE bug 1134075 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects. Important CVE-2019-10142 SUSE bug 1135955 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. Critical CVE-2019-10160 SUSE bug 1138459 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Important CVE-2019-10161 SUSE bug 1138301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. Important CVE-2019-10164 SUSE bug 1138034 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. Important CVE-2019-10167 SUSE bug 1138303 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. Important CVE-2019-10196 SUSE bug 1140751 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. Moderate CVE-2019-10206 SUSE bug 1142690 SUSE bug 1154232 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. Moderate CVE-2019-10207 SUSE bug 1123959 SUSE bug 1142857 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. Important CVE-2019-10208 SUSE bug 1145092 SUSE bug 1171566 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks. Moderate CVE-2019-10217 SUSE bug 1144453 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. Moderate CVE-2019-10218 SUSE bug 1144902 SUSE bug 1144903 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. Important CVE-2019-10220 SUSE bug 1144903 SUSE bug 1153108 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load. Moderate CVE-2019-10245 SUSE bug 1134718 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. Moderate CVE-2019-10638 SUSE bug 1140575 SUSE bug 1140577 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. Moderate CVE-2019-10639 SUSE bug 1140577 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. Low CVE-2019-10649 SUSE bug 1131154 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. Moderate CVE-2019-10650 SUSE bug 1131317 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected. Important CVE-2019-10876 SUSE bug 1131712 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. Important CVE-2019-10906 SUSE bug 1132323 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. Moderate CVE-2019-11005 SUSE bug 1132058 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. Moderate CVE-2019-11006 SUSE bug 1132061 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. Moderate CVE-2019-11007 SUSE bug 1132060 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. Moderate CVE-2019-11008 SUSE bug 1132054 SUSE bug 1133202 SUSE bug 1133203 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. Moderate CVE-2019-11009 SUSE bug 1132053 SUSE bug 1133202 SUSE bug 1133203 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. Moderate CVE-2019-11010 SUSE bug 1132055 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. Moderate CVE-2019-11070 SUSE bug 1132196 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Moderate CVE-2019-11091 SUSE bug 1103186 SUSE bug 1111331 SUSE bug 1132686 SUSE bug 1133319 SUSE bug 1135394 SUSE bug 1138534 SUSE bug 1141977 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Moderate CVE-2019-11135 SUSE bug 1139073 SUSE bug 1152497 SUSE bug 1152505 SUSE bug 1152506 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. Moderate CVE-2019-11139 SUSE bug 1141035 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. CVE-2019-11190 SUSE bug 1131543 SUSE bug 1132374 SUSE bug 1132472 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Moderate CVE-2019-11234 SUSE bug 1132664 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. Important CVE-2019-11235 SUSE bug 1132549 SUSE bug 1132664 SUSE bug 1144524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. Moderate CVE-2019-11236 SUSE bug 1129071 SUSE bug 1132663 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. Moderate CVE-2019-1125 SUSE bug 1139358 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. Moderate CVE-2019-11281 SUSE bug 1154481 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. Moderate CVE-2019-11291 SUSE bug 1157664 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error. Moderate CVE-2019-11323 SUSE bug 1134676 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. Critical CVE-2019-11365 SUSE bug 1133114 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. Moderate CVE-2019-11366 SUSE bug 1133145 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. Moderate CVE-2019-11459 SUSE bug 1133037 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. Moderate CVE-2019-11470 SUSE bug 1133205 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. Moderate CVE-2019-11472 SUSE bug 1133202 SUSE bug 1133203 SUSE bug 1133204 SUSE bug 1146213 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. Low CVE-2019-11473 SUSE bug 1133203 SUSE bug 1133204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. Low CVE-2019-11474 SUSE bug 1133202 SUSE bug 1133204 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. Important CVE-2019-11477 SUSE bug 1132686 SUSE bug 1137586 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. Important CVE-2019-11478 SUSE bug 1132686 SUSE bug 1137586 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. Important CVE-2019-11479 SUSE bug 1132686 SUSE bug 1137586 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Important CVE-2019-11486 SUSE bug 1133188 SUSE bug 1173667 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. Important CVE-2019-11487 SUSE bug 1133190 SUSE bug 1133191 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. Important CVE-2019-11500 SUSE bug 1145559 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. Important CVE-2019-11505 SUSE bug 1133501 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. Important CVE-2019-11596 SUSE bug 1133817 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. Moderate CVE-2019-11597 SUSE bug 1138464 SUSE bug 1146211 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. Moderate CVE-2019-11598 SUSE bug 1136732 SUSE bug 1179313 SUSE bug 1179336 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. Moderate CVE-2019-11599 SUSE bug 1131645 SUSE bug 1133738 SUSE bug 1157905 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. Important CVE-2019-11683 SUSE bug 1134021 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-11691 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-11692 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-11693 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-11694 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-11698 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. Important CVE-2019-11707 SUSE bug 1138614 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. Important CVE-2019-11708 SUSE bug 1138872 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11709 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. Important CVE-2019-11710 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11711 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11712 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11713 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. Important CVE-2019-11714 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11715 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the window object may miss this, allowing their sandboxes to be bypassed. This vulnerability affects Firefox < 68. Important CVE-2019-11716 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11717 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68. Important CVE-2019-11718 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11719 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. Important CVE-2019-11720 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68. Important CVE-2019-11721 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different "containers" for people who use the Firefox Multi-Account Containers Web Extension. This vulnerability affects Firefox < 68. Important CVE-2019-11723 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential vector for malicious attacks. This vulnerability affects Firefox < 68. Important CVE-2019-11724 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This vulnerability affects Firefox < 68. Important CVE-2019-11725 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. Moderate CVE-2019-11727 SUSE bug 1140868 SUSE bug 1141322 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68. Important CVE-2019-11728 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11729 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-11730 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2. Moderate CVE-2019-11733 SUSE bug 1145665 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Important CVE-2019-11735 SUSE bug 1149293 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access. <br>*Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Important CVE-2019-11736 SUSE bug 1149292 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Moderate CVE-2019-11738 SUSE bug 1149302 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Important CVE-2019-11740 SUSE bug 1149299 SUSE bug 1149323 SUSE bug 1149324 SUSE bug 1150940 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Important CVE-2019-11742 SUSE bug 1149303 SUSE bug 1149323 SUSE bug 1149324 SUSE bug 1150940 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Moderate CVE-2019-11743 SUSE bug 1149298 SUSE bug 1149323 SUSE bug 1149324 SUSE bug 1150940 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Some HTML elements, such as &lt;title&gt; and &lt;textarea&gt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Important CVE-2019-11744 SUSE bug 1149304 SUSE bug 1149323 SUSE bug 1149324 SUSE bug 1150940 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Important CVE-2019-11745 SUSE bug 1158328 SUSE bug 1158527 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Important CVE-2019-11746 SUSE bug 1149297 SUSE bug 1149323 SUSE bug 1149324 SUSE bug 1150940 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Low CVE-2019-11747 SUSE bug 1149301 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Moderate CVE-2019-11748 SUSE bug 1149291 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Moderate CVE-2019-11749 SUSE bug 1149290 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Moderate CVE-2019-11750 SUSE bug 1149289 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. Important CVE-2019-11751 SUSE bug 1149286 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. Important CVE-2019-11752 SUSE bug 1149296 SUSE bug 1149323 SUSE bug 1149324 SUSE bug 1150940 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. Important CVE-2019-11753 SUSE bug 1149295 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11757 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11758 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11759 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11760 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11761 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11762 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11763 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. Moderate CVE-2019-11764 SUSE bug 1154738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. Important CVE-2019-11771 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], int) method does not verify that the provided byte array is non-null nor that the provided index is in bounds when compiled by the JIT. This allows arbitrary writes to any 32-bit address or beyond the end of a byte array within Java code run under a SecurityManager. Important CVE-2019-11772 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. Important CVE-2019-11775 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. Low CVE-2019-11810 SUSE bug 1134399 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. Low CVE-2019-11811 SUSE bug 1134397 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Moderate CVE-2019-11815 SUSE bug 1134537 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. Moderate CVE-2019-11833 SUSE bug 1135281 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. Moderate CVE-2019-11884 SUSE bug 1134848 SUSE bug 1139868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. Low CVE-2019-12067 SUSE bug 1145642 SUSE bug 1145652 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. Moderate CVE-2019-12068 SUSE bug 1146873 SUSE bug 1146874 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. Low CVE-2019-12155 SUSE bug 1135902 SUSE bug 1135905 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link. Moderate CVE-2019-12308 SUSE bug 1136468 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”. Moderate CVE-2019-12380 SUSE bug 1136598 SUSE bug 1155298 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. Low CVE-2019-12382 SUSE bug 1136586 SUSE bug 1155298 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. Moderate CVE-2019-12387 SUSE bug 1137825 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. Moderate CVE-2019-12399 SUSE bug 1160854 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. Important CVE-2019-12418 SUSE bug 1159723 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. Important CVE-2019-12420 SUSE bug 1159133 SUSE bug 1186513 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. Important CVE-2019-12450 SUSE bug 1137001 SUSE bug 1139959 SUSE bug 1142126 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”. Moderate CVE-2019-12455 SUSE bug 1136946 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used. Important CVE-2019-12456 SUSE bug 1136922 SUSE bug 1136993 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow. Important CVE-2019-12519 SUSE bug 1169659 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI. Moderate CVE-2019-12520 SUSE bug 1169666 SUSE bug 1170423 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing. Important CVE-2019-12521 SUSE bug 1169659 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. Important CVE-2019-12523 SUSE bug 1156329 SUSE bug 1165586 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource. Moderate CVE-2019-12524 SUSE bug 1169666 SUSE bug 1170423 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1. Important CVE-2019-12525 SUSE bug 1141332 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap. Important CVE-2019-12526 SUSE bug 1156326 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. Moderate CVE-2019-12528 SUSE bug 1162689 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages. Moderate CVE-2019-12529 SUSE bug 1141329 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). Moderate CVE-2019-12614 SUSE bug 1137194 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. Important CVE-2019-12625 SUSE bug 1144504 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. Important CVE-2019-12735 SUSE bug 1137443 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. Important CVE-2019-12749 SUSE bug 1137832 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. Moderate CVE-2019-12781 SUSE bug 1124991 SUSE bug 1139945 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. Important CVE-2019-12817 SUSE bug 1138263 SUSE bug 1138264 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. Moderate CVE-2019-12818 SUSE bug 1138293 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service. Low CVE-2019-12819 SUSE bug 1138291 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. Moderate CVE-2019-12855 SUSE bug 1138461 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. Important CVE-2019-12900 SUSE bug 1139083 SUSE bug 1149458 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. Moderate CVE-2019-12972 SUSE bug 1140126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. Moderate CVE-2019-12973 SUSE bug 1140359 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. Moderate CVE-2019-12974 SUSE bug 1140111 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. Moderate CVE-2019-12975 SUSE bug 1140106 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. Moderate CVE-2019-12976 SUSE bug 1140110 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Moderate CVE-2019-12977 SUSE bug 1139884 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. Moderate CVE-2019-12978 SUSE bug 1139885 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. Moderate CVE-2019-12979 SUSE bug 1139886 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. Important CVE-2019-13012 SUSE bug 1139959 SUSE bug 1142126 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. Moderate CVE-2019-13117 SUSE bug 1140095 SUSE bug 1157028 SUSE bug 1160968 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Moderate CVE-2019-13133 SUSE bug 1140100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Moderate CVE-2019-13134 SUSE bug 1140102 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. Moderate CVE-2019-13135 SUSE bug 1140103 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Moderate CVE-2019-13136 SUSE bug 1140104 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. Moderate CVE-2019-13137 SUSE bug 1140105 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. Moderate CVE-2019-13164 SUSE bug 1140402 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable. Important CVE-2019-13173 SUSE bug 1140290 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. Important CVE-2019-13233 SUSE bug 1140454 SUSE bug 1144502 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Important CVE-2019-13272 SUSE bug 1140671 SUSE bug 1156321 SUSE bug 1198122 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. Moderate CVE-2019-13295 SUSE bug 1140664 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Moderate CVE-2019-13296 SUSE bug 1140665 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. Moderate CVE-2019-13297 SUSE bug 1140666 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Moderate CVE-2019-13298 SUSE bug 1140667 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Moderate CVE-2019-13299 SUSE bug 1140668 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. Moderate CVE-2019-13300 SUSE bug 1140669 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. Moderate CVE-2019-13301 SUSE bug 1140554 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Moderate CVE-2019-13302 SUSE bug 1140552 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Important CVE-2019-13303 SUSE bug 1140549 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. Important CVE-2019-13304 SUSE bug 1140547 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. Important CVE-2019-13305 SUSE bug 1140545 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. Moderate CVE-2019-13306 SUSE bug 1140543 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. Moderate CVE-2019-13307 SUSE bug 1140538 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. Moderate CVE-2019-13308 SUSE bug 1140534 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Low CVE-2019-13309 SUSE bug 1140501 SUSE bug 1140520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Low CVE-2019-13310 SUSE bug 1140501 SUSE bug 1140520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. Low CVE-2019-13311 SUSE bug 1140513 SUSE bug 1140554 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. Moderate CVE-2019-13345 SUSE bug 1140738 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. Moderate CVE-2019-13391 SUSE bug 1140673 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. Moderate CVE-2019-13454 SUSE bug 1141171 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. Moderate CVE-2019-13456 SUSE bug 1144524 SUSE bug 1166858 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. Moderate CVE-2019-1348 SUSE bug 1158785 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. Critical CVE-2019-1349 SUSE bug 1158785 SUSE bug 1158787 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. Critical CVE-2019-1350 SUSE bug 1158785 SUSE bug 1158788 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. Moderate CVE-2019-1351 SUSE bug 1158785 SUSE bug 1158789 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. Critical CVE-2019-1352 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158790 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. Important CVE-2019-1353 SUSE bug 1158785 SUSE bug 1158791 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. Moderate CVE-2019-1354 SUSE bug 1158785 SUSE bug 1158792 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. Moderate CVE-2019-13627 SUSE bug 1148987 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. Moderate CVE-2019-13631 SUSE bug 1142023 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Moderate CVE-2019-13722 SUSE bug 1158328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. Moderate CVE-2019-1387 SUSE bug 1158785 SUSE bug 1158793 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. Important CVE-2019-14232 SUSE bug 1142880 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. Important CVE-2019-14233 SUSE bug 1142882 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. Important CVE-2019-14234 SUSE bug 1142883 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. Moderate CVE-2019-14235 SUSE bug 1142885 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in proto_htx.c. Important CVE-2019-14241 SUSE bug 1142529 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. Moderate CVE-2019-14250 SUSE bug 1142649 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. Moderate CVE-2019-14283 SUSE bug 1143191 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. Moderate CVE-2019-14284 SUSE bug 1143189 SUSE bug 1143191 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. Important CVE-2019-14287 SUSE bug 1153674 SUSE bug 1156093 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. Moderate CVE-2019-14293 SUSE bug 1143571 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. Important CVE-2019-14378 SUSE bug 1143794 SUSE bug 1143797 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. Moderate CVE-2019-14444 SUSE bug 1143609 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. Moderate CVE-2019-14513 SUSE bug 1143944 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. Moderate CVE-2019-14559 SUSE bug 1163927 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. Low CVE-2019-14562 SUSE bug 1175476 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Moderate CVE-2019-14563 SUSE bug 1163959 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Important CVE-2019-14575 SUSE bug 1163969 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. Moderate CVE-2019-14584 SUSE bug 1177789 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. Moderate CVE-2019-14615 SUSE bug 1160195 SUSE bug 1165881 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. Moderate CVE-2019-14763 SUSE bug 1144918 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Important CVE-2019-14811 SUSE bug 1146882 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Important CVE-2019-14812 SUSE bug 1146882 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Important CVE-2019-14813 SUSE bug 1146882 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Important CVE-2019-14814 SUSE bug 1146512 SUSE bug 1173664 SUSE bug 1173665 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Important CVE-2019-14815 SUSE bug 1146514 SUSE bug 1173665 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Important CVE-2019-14816 SUSE bug 1146516 SUSE bug 1173666 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Important CVE-2019-14817 SUSE bug 1146882 SUSE bug 1146884 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. Moderate CVE-2019-14821 SUSE bug 1151350 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. Important CVE-2019-14822 SUSE bug 1150011 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. Moderate CVE-2019-14834 SUSE bug 1154849 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Important CVE-2019-14835 SUSE bug 1150112 SUSE bug 1151021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. Moderate CVE-2019-14853 SUSE bug 1153165 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. Moderate CVE-2019-14859 SUSE bug 1154217 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Moderate CVE-2019-14864 SUSE bug 1154830 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. Important CVE-2019-14869 SUSE bug 1156275 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. Important CVE-2019-14895 SUSE bug 1157042 SUSE bug 1157158 SUSE bug 1173100 SUSE bug 1173660 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. Important CVE-2019-14896 SUSE bug 1157157 SUSE bug 1160468 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. Important CVE-2019-14897 SUSE bug 1157155 SUSE bug 1160467 SUSE bug 1160468 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. Important CVE-2019-14901 SUSE bug 1157042 SUSE bug 1173661 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. Moderate CVE-2019-14980 SUSE bug 1146068 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. Moderate CVE-2019-14981 SUSE bug 1146065 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Moderate CVE-2019-15026 SUSE bug 1149110 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. Moderate CVE-2019-15030 SUSE bug 1149713 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. Moderate CVE-2019-15031 SUSE bug 1149713 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. Important CVE-2019-15034 SUSE bug 1166379 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. Important CVE-2019-15043 SUSE bug 1148383 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. Moderate CVE-2019-15090 SUSE bug 1146399 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Moderate CVE-2019-15098 SUSE bug 1146378 SUSE bug 1146543 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Moderate CVE-2019-15099 SUSE bug 1146368 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. Important CVE-2019-15117 SUSE bug 1145920 SUSE bug 1173934 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Moderate CVE-2019-15118 SUSE bug 1145922 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. Low CVE-2019-15139 SUSE bug 1146213 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. Low CVE-2019-15140 SUSE bug 1146212 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597. Low CVE-2019-15141 SUSE bug 1146211 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. Moderate CVE-2019-15165 SUSE bug 1153332 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. Moderate CVE-2019-15211 SUSE bug 1146519 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. Moderate CVE-2019-15212 SUSE bug 1146391 SUSE bug 1146519 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. Moderate CVE-2019-15213 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. Moderate CVE-2019-15214 SUSE bug 1146519 SUSE bug 1146550 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. Moderate CVE-2019-15215 SUSE bug 1146425 SUSE bug 1146519 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. Moderate CVE-2019-15216 SUSE bug 1146361 SUSE bug 1146519 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. Moderate CVE-2019-15217 SUSE bug 1146519 SUSE bug 1146547 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. Moderate CVE-2019-15218 SUSE bug 1146413 SUSE bug 1146519 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. Moderate CVE-2019-15219 SUSE bug 1146519 SUSE bug 1146524 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. Moderate CVE-2019-15220 SUSE bug 1146519 SUSE bug 1146526 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. Moderate CVE-2019-15221 SUSE bug 1146519 SUSE bug 1146529 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver. Moderate CVE-2019-15222 SUSE bug 1146519 SUSE bug 1146531 SUSE bug 1158381 SUSE bug 1158398 SUSE bug 1158834 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. Important CVE-2019-15224 SUSE bug 1146313 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. Important CVE-2019-15239 SUSE bug 1146589 SUSE bug 1156317 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15098. Reason: This candidate is a duplicate of CVE-2019-15098. Notes: All CVE users should reference CVE-2019-15098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2019-15290 SUSE bug 1146378 SUSE bug 1146519 SUSE bug 1146543 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. Moderate CVE-2019-15291 SUSE bug 1146519 SUSE bug 1146540 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. Important CVE-2019-15292 SUSE bug 1146678 SUSE bug 1173939 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). Moderate CVE-2019-1547 SUSE bug 1150003 SUSE bug 1154162 SUSE bug 1154166 SUSE bug 1161085 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Moderate CVE-2019-1549 SUSE bug 1150247 SUSE bug 1154162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Important CVE-2019-15504 SUSE bug 1147116 SUSE bug 1185852 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). Moderate CVE-2019-15505 SUSE bug 1147122 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). Moderate CVE-2019-1551 SUSE bug 1158809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). Low CVE-2019-1552 SUSE bug 1143552 SUSE bug 1154162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). Moderate CVE-2019-1559 SUSE bug 1127080 SUSE bug 1141798 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate Moderate CVE-2019-15604 SUSE bug 1163104 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed Important CVE-2019-15605 SUSE bug 1163102 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons Important CVE-2019-15606 SUSE bug 1163103 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). Moderate CVE-2019-1563 SUSE bug 1150250 SUSE bug 1154162 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. Moderate CVE-2019-15635 SUSE bug 1151804 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. Important CVE-2019-15666 SUSE bug 1148394 SUSE bug 1172140 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. Moderate CVE-2019-15681 SUSE bug 1155419 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Unknown. Important CVE-2019-15690 SUSE bug 1160471 SUSE bug 1170441 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. Important CVE-2019-15691 SUSE bug 1159856 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. Important CVE-2019-15692 SUSE bug 1160250 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. Important CVE-2019-15693 SUSE bug 1159858 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. Important CVE-2019-15694 SUSE bug 1160251 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. Important CVE-2019-15695 SUSE bug 1159860 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. Moderate CVE-2019-15753 SUSE bug 1148706 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow. Important CVE-2019-15794 SUSE bug 1158156 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. Moderate CVE-2019-15807 SUSE bug 1148938 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. Moderate CVE-2019-15845 SUSE bug 1152994 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. Moderate CVE-2019-15847 SUSE bug 1149145 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. Moderate CVE-2019-15890 SUSE bug 1149811 SUSE bug 1149813 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Moderate CVE-2019-15902 SUSE bug 1149376 SUSE bug 1155131 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. Moderate CVE-2019-15903 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 1154806 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. Important CVE-2019-15917 SUSE bug 1149539 SUSE bug 1156334 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. Important CVE-2019-15919 SUSE bug 1149552 SUSE bug 1172957 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak. Important CVE-2019-15920 SUSE bug 1149626 SUSE bug 1156335 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. Low CVE-2019-15921 SUSE bug 1149602 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. Moderate CVE-2019-15922 SUSE bug 1149607 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c. Moderate CVE-2019-15923 SUSE bug 1149609 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure. Low CVE-2019-15924 SUSE bug 1149612 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c. Important CVE-2019-15925 SUSE bug 1149532 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c. Moderate CVE-2019-15926 SUSE bug 1149527 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. Moderate CVE-2019-15927 SUSE bug 1149522 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. Important CVE-2019-15961 SUSE bug 1157763 SUSE bug 1180082 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. Moderate CVE-2019-16056 SUSE bug 1149955 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. Moderate CVE-2019-16088 SUSE bug 1150205 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value. Moderate CVE-2019-16089 SUSE bug 1150004 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. Moderate CVE-2019-16115 SUSE bug 1150039 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." Moderate CVE-2019-16168 SUSE bug 1150137 SUSE bug 1160968 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. Moderate CVE-2019-16201 SUSE bug 1152995 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id. Moderate CVE-2019-16229 SUSE bug 1150469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely. Moderate CVE-2019-16230 SUSE bug 1150466 SUSE bug 1150468 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Moderate CVE-2019-16231 SUSE bug 1150466 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Moderate CVE-2019-16232 SUSE bug 1150465 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Moderate CVE-2019-16233 SUSE bug 1150457 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Moderate CVE-2019-16234 SUSE bug 1150452 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. Moderate CVE-2019-16254 SUSE bug 1152992 SUSE bug 1165402 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Important CVE-2019-16255 SUSE bug 1152990 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. Moderate CVE-2019-16275 SUSE bug 1150934 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. Moderate CVE-2019-16413 SUSE bug 1151347 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Moderate CVE-2019-16708 SUSE bug 1151781 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Moderate CVE-2019-16709 SUSE bug 1151782 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Moderate CVE-2019-16710 SUSE bug 1151783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Moderate CVE-2019-16711 SUSE bug 1151784 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Moderate CVE-2019-16712 SUSE bug 1151785 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Moderate CVE-2019-16713 SUSE bug 1151786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. Important CVE-2019-16746 SUSE bug 1152107 SUSE bug 1173659 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2. Important CVE-2019-16770 SUSE bug 1158675 SUSE bug 1188527 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. Important CVE-2019-16775 SUSE bug 1159352 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. Important CVE-2019-16776 SUSE bug 1159352 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. Important CVE-2019-16777 SUSE bug 1159352 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. Moderate CVE-2019-16782 SUSE bug 1159548 SUSE bug 1183174 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0. Important CVE-2019-16785 SUSE bug 1161088 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0. Important CVE-2019-16786 SUSE bug 1161089 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. Important CVE-2019-16789 SUSE bug 1160790 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0. Moderate CVE-2019-16792 SUSE bug 1161670 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. Moderate CVE-2019-16865 SUSE bug 1153191 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which might allow attackers to obtain sensitive information from kernel stack memory, aka CID-df7e40425813. Important CVE-2019-16921 SUSE bug 1152516 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. Moderate CVE-2019-16927 SUSE bug 1154829 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. Moderate CVE-2019-16935 SUSE bug 1153238 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. Moderate CVE-2019-16995 SUSE bug 1152685 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Moderate CVE-2019-17005 SUSE bug 1158328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Moderate CVE-2019-17006 SUSE bug 1159819 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Moderate CVE-2019-17008 SUSE bug 1158328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Moderate CVE-2019-17009 SUSE bug 1158328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Moderate CVE-2019-17010 SUSE bug 1158328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Moderate CVE-2019-17011 SUSE bug 1158328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Moderate CVE-2019-17012 SUSE bug 1158328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Moderate CVE-2019-17015 SUSE bug 1160305 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Moderate CVE-2019-17016 SUSE bug 1160305 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Important CVE-2019-17017 SUSE bug 1160305 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Moderate CVE-2019-17021 SUSE bug 1160305 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape &lt; and &gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Moderate CVE-2019-17022 SUSE bug 1160305 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Moderate CVE-2019-17024 SUSE bug 1160305 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. Moderate CVE-2019-17026 SUSE bug 1160498 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. Moderate CVE-2019-17041 SUSE bug 1153451 SUSE bug 1198831 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. Moderate CVE-2019-17042 SUSE bug 1153459 SUSE bug 1198831 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. Moderate CVE-2019-17053 SUSE bug 1152789 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. Low CVE-2019-17054 SUSE bug 1152786 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. Moderate CVE-2019-17055 SUSE bug 1152782 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. Moderate CVE-2019-17056 SUSE bug 1152788 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. Moderate CVE-2019-17064 SUSE bug 1152783 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. Moderate CVE-2019-17075 SUSE bug 1152790 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. Important CVE-2019-17133 SUSE bug 1153158 SUSE bug 1153161 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. Moderate CVE-2019-17134 SUSE bug 1153304 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. Important CVE-2019-17185 SUSE bug 1166847 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. Important CVE-2019-17340 SUSE bug 1126140 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. Important CVE-2019-17341 SUSE bug 1126141 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. Important CVE-2019-17342 SUSE bug 1126192 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. Important CVE-2019-17343 SUSE bug 1126195 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. Important CVE-2019-17344 SUSE bug 1126196 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. Important CVE-2019-17346 SUSE bug 1126198 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). Important CVE-2019-17347 SUSE bug 1126201 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. Moderate CVE-2019-17348 SUSE bug 1127400 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. Moderate CVE-2019-17450 SUSE bug 1153770 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. Moderate CVE-2019-17451 SUSE bug 1153768 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. Moderate CVE-2019-17498 SUSE bug 1154862 SUSE bug 1171566 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. Low CVE-2019-17514 SUSE bug 1154297 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. Moderate CVE-2019-17540 SUSE bug 1153866 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. Moderate CVE-2019-17541 SUSE bug 1153867 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. Important CVE-2019-17546 SUSE bug 1154365 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. Moderate CVE-2019-17547 SUSE bug 1153868 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Low CVE-2019-17563 SUSE bug 1159729 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. Moderate CVE-2019-17569 SUSE bug 1164825 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Critical CVE-2019-17571 SUSE bug 1159646 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858." Important CVE-2019-17582 SUSE bug 1184178 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. Critical CVE-2019-17631 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. This allows whatever value happens to be in the return register at that time to be used as if it matches the method's declared return type. Moderate CVE-2019-17639 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. Moderate CVE-2019-17666 SUSE bug 1154372 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. Moderate CVE-2019-1787 SUSE bug 1130721 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device. Moderate CVE-2019-1788 SUSE bug 1130721 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. Moderate CVE-2019-1789 SUSE bug 1130721 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Important CVE-2019-18197 SUSE bug 1154609 SUSE bug 1157028 SUSE bug 1162833 SUSE bug 1169511 SUSE bug 1190108 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. Moderate CVE-2019-18198 SUSE bug 1154617 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Critical CVE-2019-18218 SUSE bug 1154661 SUSE bug 1190368 SUSE bug 1191838 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification). Moderate CVE-2019-18277 SUSE bug 1154980 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. Moderate CVE-2019-18282 SUSE bug 1161121 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. Moderate CVE-2019-18348 SUSE bug 1155094 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. Moderate CVE-2019-18388 SUSE bug 1159479 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. Important CVE-2019-18389 SUSE bug 1159482 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. Moderate CVE-2019-18390 SUSE bug 1159478 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. Important CVE-2019-18391 SUSE bug 1159486 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. Important CVE-2019-18397 SUSE bug 1156260 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability. Important CVE-2019-18420 SUSE bug 1154448 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability. Important CVE-2019-18421 SUSE bug 1154458 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Important CVE-2019-18424 SUSE bug 1154461 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. Important CVE-2019-18425 SUSE bug 1154456 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. Critical CVE-2019-18634 SUSE bug 1162202 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. Moderate CVE-2019-18660 SUSE bug 1157038 SUSE bug 1157923 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation. Moderate CVE-2019-18675 SUSE bug 1157804 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme. Important CVE-2019-18676 SUSE bug 1156329 SUSE bug 1165586 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. Important CVE-2019-18677 SUSE bug 1156328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon. Moderate CVE-2019-18678 SUSE bug 1156323 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. Moderate CVE-2019-18679 SUSE bug 1156324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0. Important CVE-2019-18680 SUSE bug 1155898 SUSE bug 1173867 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. Important CVE-2019-18683 SUSE bug 1155897 SUSE bug 1173868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. Low CVE-2019-18786 SUSE bug 1156043 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Low CVE-2019-18804 SUSE bug 1156188 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. Low CVE-2019-18805 SUSE bug 1156187 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. Moderate CVE-2019-18808 SUSE bug 1156259 SUSE bug 1189884 SUSE bug 1190534 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. Moderate CVE-2019-18809 SUSE bug 1156258 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. Moderate CVE-2019-18814 SUSE bug 1156256 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. Moderate CVE-2019-18853 SUSE bug 1156520 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. Moderate CVE-2019-18860 SUSE bug 1167373 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. Moderate CVE-2019-18874 SUSE bug 1156525 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 : Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1. Moderate CVE-2019-18900 SUSE bug 1158763 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1. Important CVE-2019-18901 SUSE bug 1160285 SUSE bug 1160895 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. Moderate CVE-2019-19037 SUSE bug 1157717 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures, aka CID-27d461333459. Moderate CVE-2019-19043 SUSE bug 1159375 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762. Moderate CVE-2019-19044 SUSE bug 1159370 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. Moderate CVE-2019-19045 SUSE bug 1161522 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 ** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. Moderate CVE-2019-19046 SUSE bug 1157304 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5. Moderate CVE-2019-19047 SUSE bug 1157715 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures, aka CID-e0b0cb938864. Important CVE-2019-19048 SUSE bug 1157720 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot. Moderate CVE-2019-19049 SUSE bug 1157173 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7. Moderate CVE-2019-19051 SUSE bug 1159024 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Moderate CVE-2019-19052 SUSE bug 1157324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. Important CVE-2019-19053 SUSE bug 1161520 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. Moderate CVE-2019-19054 SUSE bug 1161518 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 ** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. Important CVE-2019-19055 SUSE bug 1157319 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. Moderate CVE-2019-19056 SUSE bug 1157197 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. Moderate CVE-2019-19057 SUSE bug 1157193 SUSE bug 1157197 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. Moderate CVE-2019-19058 SUSE bug 1157145 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. Moderate CVE-2019-19060 SUSE bug 1157178 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. Moderate CVE-2019-19062 SUSE bug 1157333 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. Moderate CVE-2019-19063 SUSE bug 1157298 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 ** DISPUTED ** A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because "rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem)." Important CVE-2019-19065 SUSE bug 1157191 SUSE bug 1173961 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. Moderate CVE-2019-19066 SUSE bug 1157303 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading. Moderate CVE-2019-19067 SUSE bug 1157180 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. Moderate CVE-2019-19068 SUSE bug 1157307 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. Moderate CVE-2019-19069 SUSE bug 1157064 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 ** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began. Important CVE-2019-19070 SUSE bug 1157294 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c. Moderate CVE-2019-19071 SUSE bug 1157067 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. Moderate CVE-2019-19072 SUSE bug 1157069 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. Moderate CVE-2019-19073 SUSE bug 1157070 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. Moderate CVE-2019-19074 SUSE bug 1157143 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e. Low CVE-2019-19075 SUSE bug 1157162 SUSE bug 1173958 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted. Moderate CVE-2019-19076 SUSE bug 1157164 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14. Moderate CVE-2019-19077 SUSE bug 1157171 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2. Moderate CVE-2019-19078 SUSE bug 1157032 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a. Moderate CVE-2019-19080 SUSE bug 1157044 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a. Moderate CVE-2019-19081 SUSE bug 1157045 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad. Moderate CVE-2019-19082 SUSE bug 1157046 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1. Moderate CVE-2019-19083 SUSE bug 1157049 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) Moderate CVE-2019-19118 SUSE bug 1157705 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. Moderate CVE-2019-19191 SUSE bug 1154062 SUSE bug 1157471 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions. Moderate CVE-2019-19232 SUSE bug 1159618 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash. Important CVE-2019-19234 SUSE bug 1159616 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. Moderate CVE-2019-19241 SUSE bug 1159441 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. Moderate CVE-2019-19242 SUSE bug 1157817 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. Moderate CVE-2019-19244 SUSE bug 1157817 SUSE bug 1157818 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. Moderate CVE-2019-19252 SUSE bug 1157813 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. Moderate CVE-2019-19317 SUSE bug 1158812 SUSE bug 1196773 SUSE bug 1196775 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. Moderate CVE-2019-19319 SUSE bug 1158021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. Moderate CVE-2019-19330 SUSE bug 1157712 SUSE bug 1157978 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service. Moderate CVE-2019-19332 SUSE bug 1158827 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. Important CVE-2019-19378 SUSE bug 1158270 SUSE bug 1185853 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. Important CVE-2019-19447 SUSE bug 1158819 SUSE bug 1173869 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated). Important CVE-2019-19449 SUSE bug 1158821 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. Low CVE-2019-19462 SUSE bug 1158265 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. Moderate CVE-2019-19523 SUSE bug 1158381 SUSE bug 1158823 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. Low CVE-2019-19524 SUSE bug 1158381 SUSE bug 1158413 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. Moderate CVE-2019-19525 SUSE bug 1158381 SUSE bug 1158417 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. Moderate CVE-2019-19526 SUSE bug 1158381 SUSE bug 1158834 SUSE bug 1158893 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. Moderate CVE-2019-19527 SUSE bug 1158381 SUSE bug 1158834 SUSE bug 1158900 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. Moderate CVE-2019-19528 SUSE bug 1158381 SUSE bug 1158407 SUSE bug 1158834 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. Moderate CVE-2019-19530 SUSE bug 1158381 SUSE bug 1158410 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. Low CVE-2019-19531 SUSE bug 1158381 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. Moderate CVE-2019-19532 SUSE bug 1158381 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. Moderate CVE-2019-19533 SUSE bug 1158381 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. Low CVE-2019-19534 SUSE bug 1158381 SUSE bug 1158398 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. Moderate CVE-2019-19535 SUSE bug 1158381 SUSE bug 1158834 SUSE bug 1158903 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. Low CVE-2019-19536 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158834 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. Moderate CVE-2019-19537 SUSE bug 1158381 SUSE bug 1158834 SUSE bug 1158904 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. Moderate CVE-2019-19555 SUSE bug 1161698 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. Important CVE-2019-19577 SUSE bug 1158007 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. Important CVE-2019-19578 SUSE bug 1158005 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Moderate CVE-2019-19579 SUSE bug 1157888 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. Moderate CVE-2019-19580 SUSE bug 1158006 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable. Moderate CVE-2019-19581 SUSE bug 1158003 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. Moderate CVE-2019-19583 SUSE bug 1158004 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc. Low CVE-2019-19602 SUSE bug 1158887 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. Important CVE-2019-19603 SUSE bug 1158960 SUSE bug 1193078 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. Critical CVE-2019-19604 SUSE bug 1158785 SUSE bug 1158795 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. Moderate CVE-2019-19645 SUSE bug 1158958 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. Moderate CVE-2019-19646 SUSE bug 1158959 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) Moderate CVE-2019-19687 SUSE bug 1158875 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. Moderate CVE-2019-19746 SUSE bug 1159130 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. Moderate CVE-2019-19767 SUSE bug 1159297 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). Moderate CVE-2019-19768 SUSE bug 1159285 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. Moderate CVE-2019-19797 SUSE bug 1159293 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. Moderate CVE-2019-19807 SUSE bug 1159281 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this. Critical CVE-2019-19814 SUSE bug 1159437 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) Moderate CVE-2019-19844 SUSE bug 1159447 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Moderate CVE-2019-19880 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1162833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. Important CVE-2019-19906 SUSE bug 1159635 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. Important CVE-2019-19911 SUSE bug 1160192 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) Moderate CVE-2019-19922 SUSE bug 1159717 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). Moderate CVE-2019-19923 SUSE bug 1160309 SUSE bug 1162833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. Moderate CVE-2019-19924 SUSE bug 1159850 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Low CVE-2019-19925 SUSE bug 1159847 SUSE bug 1162833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. Important CVE-2019-19926 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1162833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. Moderate CVE-2019-19927 SUSE bug 1160147 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. Moderate CVE-2019-19947 SUSE bug 1159929 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Important CVE-2019-19948 SUSE bug 1159861 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Moderate CVE-2019-19949 SUSE bug 1160369 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. Moderate CVE-2019-19951 SUSE bug 1160321 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Important CVE-2019-19952 SUSE bug 1160426 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. Moderate CVE-2019-19953 SUSE bug 1160364 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. Moderate CVE-2019-19959 SUSE bug 1160438 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. Moderate CVE-2019-19965 SUSE bug 1159911 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. Low CVE-2019-19966 SUSE bug 1159841 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. Important CVE-2019-19977 SUSE bug 1160462 SUSE bug 1189097 SUSE bug 1190329 SUSE bug 1191840 SUSE bug 1192365 SUSE bug 1193380 SUSE bug 1193381 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). Important CVE-2019-20044 SUSE bug 1163882 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. Moderate CVE-2019-20054 SUSE bug 1159910 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Moderate CVE-2019-20096 SUSE bug 1159908 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. Important CVE-2019-20218 SUSE bug 1160439 SUSE bug 1189840 SUSE bug 1190372 SUSE bug 1192495 SUSE bug 1193078 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel Moderate CVE-2019-2024 SUSE bug 1129179 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. Moderate CVE-2019-20387 SUSE bug 1161510 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. Moderate CVE-2019-20422 SUSE bug 1161897 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. Moderate CVE-2019-20433 SUSE bug 1161982 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. Important CVE-2019-20477 SUSE bug 1164453 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. Important CVE-2019-20503 SUSE bug 1166238 SUSE bug 1167090 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 Important CVE-2019-2054 SUSE bug 1134561 SUSE bug 1181039 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. Important CVE-2019-20788 SUSE bug 1170441 SUSE bug 1173698 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. Moderate CVE-2019-20794 SUSE bug 1171737 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. Low CVE-2019-20806 SUSE bug 1172199 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). Moderate CVE-2019-20807 SUSE bug 1172225 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. Moderate CVE-2019-20808 SUSE bug 1172379 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. Low CVE-2019-20810 SUSE bug 1172458 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. Moderate CVE-2019-20811 SUSE bug 1172456 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. Moderate CVE-2019-20812 SUSE bug 1172453 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. Important CVE-2019-20838 SUSE bug 1172973 SUSE bug 1189526 SUSE bug 1193384 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. Important CVE-2019-20839 SUSE bug 1173477 SUSE bug 1173875 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. Important CVE-2019-20840 SUSE bug 1173477 SUSE bug 1173876 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. Moderate CVE-2019-20907 SUSE bug 1174091 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. Important CVE-2019-20908 SUSE bug 1173567 SUSE bug 1174187 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. Moderate CVE-2019-20916 SUSE bug 1176262 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. Important CVE-2019-20919 SUSE bug 1176764 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). Important CVE-2019-20933 SUSE bug 1178988 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. Important CVE-2019-20934 SUSE bug 1179663 SUSE bug 1179666 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Important CVE-2019-2182 SUSE bug 1150022 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338 Important CVE-2019-2201 SUSE bug 1156402 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.11; v3.6 versions prior to 3.6.14; v3.4 versions prior to 3.4.22. Moderate CVE-2019-2389 SUSE bug 1149102 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue affects: MongoDB Inc. MongoDB Server 4.0 prior to 4.0.11; 3.6 prior to 3.6.14; 3.4 prior to 3.4.22. Moderate CVE-2019-2390 SUSE bug 1149074 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Moderate CVE-2019-2422 SUSE bug 1122293 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2019-2426 SUSE bug 1134297 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). Moderate CVE-2019-2449 SUSE bug 1122292 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. Moderate CVE-2019-25017 SUSE bug 1131109 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. Moderate CVE-2019-25018 SUSE bug 1131109 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782. Moderate CVE-2019-25025 SUSE bug 1159548 SUSE bug 1183174 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). Important CVE-2019-25051 SUSE bug 1188576 SUSE bug 1189485 SUSE bug 1192363 SUSE bug 1193390 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2529 SUSE bug 1122198 SUSE bug 1136037 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2537 SUSE bug 1122198 SUSE bug 1136037 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2602 SUSE bug 1132728 SUSE bug 1134718 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2614 SUSE bug 1132826 SUSE bug 1136035 SUSE bug 1141798 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2627 SUSE bug 1132826 SUSE bug 1136035 SUSE bug 1141798 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2628 SUSE bug 1136035 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Moderate CVE-2019-2684 SUSE bug 1132732 SUSE bug 1134718 SUSE bug 1184734 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Moderate CVE-2019-2697 SUSE bug 1132734 SUSE bug 1134718 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Moderate CVE-2019-2698 SUSE bug 1132729 SUSE bug 1134718 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2737 SUSE bug 1132826 SUSE bug 1141798 SUSE bug 1156669 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Moderate CVE-2019-2739 SUSE bug 1132826 SUSE bug 1141798 SUSE bug 1156669 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2740 SUSE bug 1132826 SUSE bug 1141798 SUSE bug 1156669 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Moderate CVE-2019-2745 SUSE bug 1141784 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Moderate CVE-2019-2758 SUSE bug 1141798 SUSE bug 1156669 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2762 SUSE bug 1141782 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Moderate CVE-2019-2766 SUSE bug 1141789 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2769 SUSE bug 1141783 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). Moderate CVE-2019-2786 SUSE bug 1141787 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2019-2805 SUSE bug 1132826 SUSE bug 1141798 SUSE bug 1156669 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Moderate CVE-2019-2816 SUSE bug 1141785 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2842 SUSE bug 1141786 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2019-2894 SUSE bug 1152856 SUSE bug 1154212 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Moderate CVE-2019-2933 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Important CVE-2019-2938 SUSE bug 1154162 SUSE bug 1156669 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). Moderate CVE-2019-2945 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). Moderate CVE-2019-2949 SUSE bug 1154212 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Moderate CVE-2019-2958 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2962 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2964 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2973 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Important CVE-2019-2974 SUSE bug 1154162 SUSE bug 1156669 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). Moderate CVE-2019-2975 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2978 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2981 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2983 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2987 SUSE bug 1154212 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2988 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N). Moderate CVE-2019-2989 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2019-2992 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). Moderate CVE-2019-2996 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). Moderate CVE-2019-2999 SUSE bug 1154212 SUSE bug 1158442 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Moderate CVE-2019-3459 SUSE bug 1120758 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Moderate CVE-2019-3460 SUSE bug 1120758 SUSE bug 1155131 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. Low CVE-2019-3498 SUSE bug 1120932 SUSE bug 1139945 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary Moderate CVE-2019-3688 SUSE bug 1093414 SUSE bug 1149108 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system. Important CVE-2019-3689 SUSE bug 1150733 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges. Moderate CVE-2019-3690 SUSE bug 1148336 SUSE bug 1150734 SUSE bug 1157880 SUSE bug 1157883 SUSE bug 1160594 SUSE bug 1160764 SUSE bug 1163922 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. Important CVE-2019-3693 SUSE bug 1154328 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. Moderate CVE-2019-3701 SUSE bug 1120386 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. Important CVE-2019-3813 SUSE bug 1122706 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Important CVE-2019-3814 SUSE bug 1123022 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. Moderate CVE-2019-3819 SUSE bug 1123161 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. Important CVE-2019-3822 SUSE bug 1123377 SUSE bug 1141798 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. Moderate CVE-2019-3823 SUSE bug 1123378 SUSE bug 1126909 SUSE bug 1141798 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. Moderate CVE-2019-3828 SUSE bug 1126503 SUSE bug 1164137 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. Low CVE-2019-3830 SUSE bug 1125567 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Important CVE-2019-3835 SUSE bug 1129180 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption. Moderate CVE-2019-3837 SUSE bug 1131430 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Important CVE-2019-3838 SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032135 SUSE bug 1038835 SUSE bug 1050888 SUSE bug 1050889 SUSE bug 1106171 SUSE bug 1106172 SUSE bug 1106173 SUSE bug 1107422 SUSE bug 1107423 SUSE bug 1107581 SUSE bug 1111479 SUSE bug 1112229 SUSE bug 1114495 SUSE bug 1117022 SUSE bug 1117327 SUSE bug 1118318 SUSE bug 1129180 SUSE bug 1129186 SUSE bug 1136756 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. Important CVE-2019-3839 SUSE bug 1134156 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service. Moderate CVE-2019-3840 SUSE bug 1127458 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". Moderate CVE-2019-3842 SUSE bug 1132348 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Important CVE-2019-3846 SUSE bug 1136424 SUSE bug 1136446 SUSE bug 1156330 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Moderate CVE-2019-3855 SUSE bug 1128471 SUSE bug 1134329 SUSE bug 1135434 SUSE bug 1141850 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Moderate CVE-2019-3856 SUSE bug 1128472 SUSE bug 1135434 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Moderate CVE-2019-3857 SUSE bug 1128474 SUSE bug 1135434 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Moderate CVE-2019-3858 SUSE bug 1128476 SUSE bug 1135434 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Moderate CVE-2019-3859 SUSE bug 1128480 SUSE bug 1130103 SUSE bug 1135434 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Moderate CVE-2019-3860 SUSE bug 1128481 SUSE bug 1135434 SUSE bug 1136570 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Moderate CVE-2019-3861 SUSE bug 1128490 SUSE bug 1135434 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Moderate CVE-2019-3862 SUSE bug 1128492 SUSE bug 1135434 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. Moderate CVE-2019-3863 SUSE bug 1128493 SUSE bug 1130103 SUSE bug 1135434 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. Moderate CVE-2019-3880 SUSE bug 1131060 SUSE bug 1139519 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. Moderate CVE-2019-3881 SUSE bug 1143436 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Moderate CVE-2019-3882 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1133319 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. Moderate CVE-2019-3886 SUSE bug 1131595 SUSE bug 1133150 SUSE bug 1138301 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. Important CVE-2019-4473 SUSE bug 1147021 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. Important CVE-2019-4732 SUSE bug 1162972 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. Moderate CVE-2019-5008 SUSE bug 1133031 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. Important CVE-2019-5010 SUSE bug 1122191 SUSE bug 1126909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Important CVE-2019-5018 SUSE bug 1134622 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Moderate CVE-2019-5068 SUSE bug 1156015 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Important CVE-2019-5108 SUSE bug 1159912 SUSE bug 1159913 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. Moderate CVE-2019-5418 SUSE bug 1129272 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. Moderate CVE-2019-5419 SUSE bug 1129271 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. Important CVE-2019-5420 SUSE bug 1129268 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Important CVE-2019-5436 SUSE bug 1135170 SUSE bug 1149496 SUSE bug 1154162 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. Important CVE-2019-5477 SUSE bug 1146578 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Important CVE-2019-5482 SUSE bug 1149496 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. Moderate CVE-2019-5489 SUSE bug 1120843 SUSE bug 1120885 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1. CVE-2019-5737 SUSE bug 1127532 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default. CVE-2019-5739 SUSE bug 1127533 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Important CVE-2019-5785 SUSE bug 1125330 SUSE bug 1125396 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. Important CVE-2019-5953 SUSE bug 1131493 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. Moderate CVE-2019-6109 SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 SUSE bug 1138392 SUSE bug 1144902 SUSE bug 1144903 SUSE bug 1148884 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. Moderate CVE-2019-6110 SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). Moderate CVE-2019-6111 SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 SUSE bug 1123028 SUSE bug 1123220 SUSE bug 1131109 SUSE bug 1138392 SUSE bug 1144902 SUSE bug 1144903 SUSE bug 1148884 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Important CVE-2019-6116 SUSE bug 1122319 SUSE bug 1129186 SUSE bug 1134156 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. Low CVE-2019-6128 SUSE bug 1121626 SUSE bug 1153715 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. Moderate CVE-2019-6133 SUSE bug 1070943 SUSE bug 1121826 SUSE bug 1121872 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-6201 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6212 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6215 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6216 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6217 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6226 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6227 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2019-6229 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6233 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-6234 SUSE bug 1124937 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. Moderate CVE-2019-6251 SUSE bug 1121894 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Important CVE-2019-6454 SUSE bug 1125352 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. Moderate CVE-2019-6465 SUSE bug 1126069 SUSE bug 1148887 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. Important CVE-2019-6778 SUSE bug 1123156 SUSE bug 1123157 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Important CVE-2019-6974 SUSE bug 1124728 SUSE bug 1124729 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. Moderate CVE-2019-6975 SUSE bug 1124991 SUSE bug 1139945 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. Important CVE-2019-7164 SUSE bug 1124593 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Low CVE-2019-7175 SUSE bug 1128649 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Important CVE-2019-7221 SUSE bug 1124732 SUSE bug 1124734 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Low CVE-2019-7222 SUSE bug 1124735 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-7285 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. Moderate CVE-2019-7292 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. Important CVE-2019-7308 SUSE bug 1124055 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Moderate CVE-2019-7317 SUSE bug 1124211 SUSE bug 1135824 SUSE bug 1141780 SUSE bug 1147021 SUSE bug 1165297 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. Low CVE-2019-7395 SUSE bug 1124368 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. Low CVE-2019-7397 SUSE bug 1124366 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Low CVE-2019-7398 SUSE bug 1124365 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. Moderate CVE-2019-7524 SUSE bug 1130116 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Important CVE-2019-7548 SUSE bug 1124593 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Moderate CVE-2019-7608 SUSE bug 1130634 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Critical CVE-2019-7609 SUSE bug 1130633 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. Critical CVE-2019-7610 SUSE bug 1130632 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. Important CVE-2019-7611 SUSE bug 1130730 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system. Moderate CVE-2019-7616 SUSE bug 1143554 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding. Moderate CVE-2019-7620 SUSE bug 1155526 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting (XSS) flaw in the coordinate and region map visualizations. An attacker with the ability to create coordinate map visualizations could create a malicious visualization. If another Kibana user views that visualization or a dashboard containing the visualization it could execute JavaScript in the victim???s browser. Moderate CVE-2019-7621 SUSE bug 1159666 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. Important CVE-2019-8320 SUSE bug 1130627 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible. Important CVE-2019-8321 SUSE bug 1130623 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. Important CVE-2019-8322 SUSE bug 1130622 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur. Important CVE-2019-8323 SUSE bug 1130620 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check. Important CVE-2019-8324 SUSE bug 1130617 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.) Important CVE-2019-8325 SUSE bug 1130611 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. Important CVE-2019-8341 SUSE bug 1125815 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Important CVE-2019-8457 SUSE bug 1136976 SUSE bug 1154162 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. Moderate CVE-2019-8503 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8506 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. Moderate CVE-2019-8515 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8524 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8535 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8536 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8544 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2019-8551 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8558 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8559 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8563 SUSE bug 1132256 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state. Moderate CVE-2019-8564 SUSE bug 1132673 SUSE bug 1132828 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8595 SUSE bug 1135715 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory. Moderate CVE-2019-8607 SUSE bug 1135715 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8615 SUSE bug 1135715 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2019-8625 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8644 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2019-8649 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2019-8658 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8666 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8669 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8671 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8672 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8673 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2019-8674 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. Important CVE-2019-8675 SUSE bug 1146358 SUSE bug 1168422 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8676 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8677 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8678 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8679 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8680 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8681 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8683 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8684 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8686 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8687 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8688 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8689 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2019-8690 SUSE bug 1148931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. Important CVE-2019-8696 SUSE bug 1146358 SUSE bug 1146359 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8707 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8710 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2019-8719 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2019-8720 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8726 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8733 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8743 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2019-8763 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2019-8764 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8765 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8766 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. Moderate CVE-2019-8768 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. Moderate CVE-2019-8769 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. Moderate CVE-2019-8771 SUSE bug 1155321 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8782 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8783 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8808 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8811 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8812 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2019-8813 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8814 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8815 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8816 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8819 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8820 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8821 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8822 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8823 SUSE bug 1156318 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8835 SUSE bug 1161719 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8844 SUSE bug 1161719 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2019-8846 SUSE bug 1161719 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. Important CVE-2019-8912 SUSE bug 1125907 SUSE bug 1126284 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. Moderate CVE-2019-8934 SUSE bug 1118900 SUSE bug 1126455 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 NTP through 4.2.8p12 has a NULL Pointer Dereference. Moderate CVE-2019-8936 SUSE bug 1128525 SUSE bug 1148892 SUSE bug 1155513 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. Moderate CVE-2019-8953 SUSE bug 1126227 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. Important CVE-2019-8956 SUSE bug 1124136 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. Low CVE-2019-8980 SUSE bug 1126209 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. Moderate CVE-2019-9003 SUSE bug 1126704 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. Moderate CVE-2019-9074 SUSE bug 1126831 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. Important CVE-2019-9075 SUSE bug 1071544 SUSE bug 1126829 SUSE bug 1193110 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. Moderate CVE-2019-9077 SUSE bug 1126826 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. Important CVE-2019-9162 SUSE bug 1127324 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. Moderate CVE-2019-9169 SUSE bug 1127308 SUSE bug 1146392 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. Moderate CVE-2019-9213 SUSE bug 1128166 SUSE bug 1128378 SUSE bug 1129016 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 Important CVE-2019-9278 SUSE bug 1160770 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Moderate CVE-2019-9454 SUSE bug 1150023 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Moderate CVE-2019-9455 SUSE bug 1170345 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Moderate CVE-2019-9456 SUSE bug 1150025 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Important CVE-2019-9458 SUSE bug 1168295 SUSE bug 1173963 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. Moderate CVE-2019-9503 SUSE bug 1132673 SUSE bug 1132828 SUSE bug 1133319 SUSE bug 1156653 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Moderate CVE-2019-9506 SUSE bug 1137865 SUSE bug 1146042 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Important CVE-2019-9511 SUSE bug 1145579 SUSE bug 1146091 SUSE bug 1146182 SUSE bug 1193427 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Important CVE-2019-9512 SUSE bug 1145663 SUSE bug 1146099 SUSE bug 1146111 SUSE bug 1147142 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Important CVE-2019-9513 SUSE bug 1145580 SUSE bug 1146094 SUSE bug 1146184 SUSE bug 1193427 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Important CVE-2019-9515 SUSE bug 1145663 SUSE bug 1146100 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Important CVE-2019-9517 SUSE bug 1145575 SUSE bug 1146097 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Important CVE-2019-9518 SUSE bug 1145662 SUSE bug 1145663 SUSE bug 1146093 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. Low CVE-2019-9543 SUSE bug 1128100 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. Low CVE-2019-9545 SUSE bug 1128114 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. Important CVE-2019-9636 SUSE bug 1129346 SUSE bug 1135433 SUSE bug 1138459 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. Moderate CVE-2019-9674 SUSE bug 1162825 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. Moderate CVE-2019-9740 SUSE bug 1129071 SUSE bug 1130840 SUSE bug 1132663 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9788 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9790 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9791 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9792 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9793 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9794 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9795 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9796 SUSE bug 1129821 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-9800 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. Important CVE-2019-9801 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Important CVE-2019-9810 SUSE bug 1129821 SUSE bug 1130262 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Important CVE-2019-9811 SUSE bug 1140868 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69. Important CVE-2019-9812 SUSE bug 1149294 SUSE bug 1149323 SUSE bug 1149324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. Important CVE-2019-9813 SUSE bug 1129821 SUSE bug 1130262 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-9815 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-9816 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-9817 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-9818 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-9819 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. Moderate CVE-2019-9820 SUSE bug 1135824 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. Low CVE-2019-9824 SUSE bug 1118900 SUSE bug 1129622 SUSE bug 1129623 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. Moderate CVE-2019-9893 SUSE bug 1128828 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. Important CVE-2019-9924 SUSE bug 1130324 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. Important CVE-2019-9928 SUSE bug 1133375 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. Low CVE-2019-9936 SUSE bug 1130326 SUSE bug 1154162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. Low CVE-2019-9937 SUSE bug 1130325 SUSE bug 1154162 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. Moderate CVE-2019-9947 SUSE bug 1130840 SUSE bug 1136184 SUSE bug 1155094 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. Low CVE-2019-9948 SUSE bug 1130847 SUSE bug 1135433 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. Moderate CVE-2019-9956 SUSE bug 1130330 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 Moderate CVE-2020-0093 SUSE bug 1171847 SUSE bug 1172116 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 Moderate CVE-2020-0181 SUSE bug 1172802 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 Moderate CVE-2020-0198 SUSE bug 1172768 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 Moderate CVE-2020-0305 SUSE bug 1174462 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel Moderate CVE-2020-0404 SUSE bug 1176423 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A Important CVE-2020-0423 SUSE bug 1178200 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 Moderate CVE-2020-0427 SUSE bug 1176725 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152735806 Important CVE-2020-0429 SUSE bug 1176724 SUSE bug 1176931 SUSE bug 1188026 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 SUSE OpenStack Cloud 7 In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554 Important CVE-2020-0430 SUSE bug 1176723 SUSE bug 1178003 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 Important CVE-2020-0431 SUSE bug 1176722 SUSE bug 1176896 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 Important CVE-2020-0432 SUSE bug 1176721 SUSE bug 1177165 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299 Important CVE-2020-0433 SUSE bug 1176720 SUSE bug 1178066 SUSE bug 1187135 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14615. Reason: This candidate is a duplicate of CVE-2018-14615. Notes: All CVE users should reference CVE-2018-14615 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2020-0435 SUSE bug 1176719 SUSE bug 1196027 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel Moderate CVE-2020-0444 SUSE bug 1180027 SUSE bug 1180028 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731 Important CVE-2020-0452 SUSE bug 1178479 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel Important CVE-2020-0465 SUSE bug 1180029 SUSE bug 1180030 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel Important CVE-2020-0466 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1199255 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Important CVE-2020-0487 SUSE bug 1180112 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 Moderate CVE-2020-0499 SUSE bug 1180099 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-0543 SUSE bug 1154824 SUSE bug 1172205 SUSE bug 1172206 SUSE bug 1172207 SUSE bug 1172770 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-0548 SUSE bug 1156353 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-0549 SUSE bug 1156353 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access Moderate CVE-2020-0556 SUSE bug 1166751 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Important CVE-2020-0569 SUSE bug 1161167 SUSE bug 1162191 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Important CVE-2020-0570 SUSE bug 1161167 SUSE bug 1162191 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Moderate CVE-2020-0599 SUSE bug 1179693 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. Moderate CVE-2020-10018 SUSE bug 1165528 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. Low CVE-2020-10029 SUSE bug 1165784 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. Moderate CVE-2020-10135 SUSE bug 1171988 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. Moderate CVE-2020-10177 SUSE bug 1173413 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Important CVE-2020-10188 SUSE bug 1165787 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. Moderate CVE-2020-10251 SUSE bug 1166225 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. Moderate CVE-2020-10378 SUSE bug 1161670 SUSE bug 1173416 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. Moderate CVE-2020-10379 SUSE bug 1173417 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. Important CVE-2020-10531 SUSE bug 1166844 SUSE bug 1175778 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Moderate CVE-2020-10543 SUSE bug 1171863 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. Important CVE-2020-10663 SUSE bug 1167244 SUSE bug 1171517 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. Moderate CVE-2020-10690 SUSE bug 1170056 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. Moderate CVE-2020-10702 SUSE bug 1168681 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. Moderate CVE-2020-10711 SUSE bug 1171191 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-10713 SUSE bug 1168994 SUSE bug 1173456 SUSE bug 1173812 SUSE bug 1199353 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. Moderate CVE-2020-10717 SUSE bug 1171110 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. Moderate CVE-2020-10720 SUSE bug 1170778 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Low CVE-2020-10732 SUSE bug 1171220 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks. Moderate CVE-2020-10736 SUSE bug 1170021 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking. Low CVE-2020-10743 SUSE bug 1171909 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. Moderate CVE-2020-10744 SUSE bug 1171823 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. Important CVE-2020-10745 SUSE bug 1173160 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. Moderate CVE-2020-10751 SUSE bug 1171189 SUSE bug 1174963 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Moderate CVE-2020-10756 SUSE bug 1172380 SUSE bug 1184743 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Important CVE-2020-10757 SUSE bug 1172317 SUSE bug 1172437 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Important CVE-2020-10761 SUSE bug 1172710 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2020-10766 SUSE bug 1172781 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2020-10767 SUSE bug 1172782 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2020-10768 SUSE bug 1172783 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data. Low CVE-2020-10773 SUSE bug 1172999 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. Moderate CVE-2020-10781 SUSE bug 1173074 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Moderate CVE-2020-10878 SUSE bug 1171864 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Moderate CVE-2020-10931 SUSE bug 1167522 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. Moderate CVE-2020-10942 SUSE bug 1167629 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. Moderate CVE-2020-10994 SUSE bug 1173418 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. Moderate CVE-2020-11008 SUSE bug 1169936 SUSE bug 1170741 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. Moderate CVE-2020-11076 SUSE bug 1172175 SUSE bug 1172176 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. Moderate CVE-2020-11077 SUSE bug 1172175 SUSE bug 1172176 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. Moderate CVE-2020-11078 SUSE bug 1171998 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. Important CVE-2020-11080 SUSE bug 1172441 SUSE bug 1172442 SUSE bug 1181358 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Important CVE-2020-11100 SUSE bug 1168023 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Important CVE-2020-11102 SUSE bug 1168713 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. Moderate CVE-2020-11110 SUSE bug 1174583 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. Moderate CVE-2020-11494 SUSE bug 1168424 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. Important CVE-2020-11538 SUSE bug 1173420 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. Moderate CVE-2020-11608 SUSE bug 1168829 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93. Moderate CVE-2020-11609 SUSE bug 1168854 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. Important CVE-2020-11655 SUSE bug 1169126 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Moderate CVE-2020-11656 SUSE bug 1169111 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. Important CVE-2020-11668 SUSE bug 1168952 SUSE bug 1173942 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Moderate CVE-2020-11669 SUSE bug 1169390 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Important CVE-2020-11739 SUSE bug 1168142 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. Moderate CVE-2020-11740 SUSE bug 1168140 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out. Moderate CVE-2020-11741 SUSE bug 1168140 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. Moderate CVE-2020-11742 SUSE bug 1169392 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). Moderate CVE-2020-11793 SUSE bug 1169658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. Moderate CVE-2020-11868 SUSE bug 1169740 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. Moderate CVE-2020-11869 SUSE bug 1170537 SUSE bug 1188609 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). Important CVE-2020-11945 SUSE bug 1170313 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. Moderate CVE-2020-11947 SUSE bug 1180523 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. Important CVE-2020-11985 SUSE bug 1175072 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. Moderate CVE-2020-11993 SUSE bug 1175070 SUSE bug 1178074 SUSE bug 1180830 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana version < 6.7.3 is vulnerable for annotation popup XSS. Moderate CVE-2020-12052 SUSE bug 1170657 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. Moderate CVE-2020-12108 SUSE bug 1171363 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. Moderate CVE-2020-12114 SUSE bug 1171098 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. Moderate CVE-2020-12137 SUSE bug 1170558 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). Important CVE-2020-12243 SUSE bug 1170771 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. Important CVE-2020-12268 SUSE bug 1170603 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Critical CVE-2020-12321 SUSE bug 1178671 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Important CVE-2020-12351 SUSE bug 1177724 SUSE bug 1177729 SUSE bug 1178397 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Moderate CVE-2020-12352 SUSE bug 1177725 SUSE bug 1178398 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. Important CVE-2020-12362 SUSE bug 1181720 SUSE bug 1182033 SUSE bug 1190859 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Moderate CVE-2020-12363 SUSE bug 1181720 SUSE bug 1181735 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Important CVE-2020-12387 SUSE bug 1171186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Important CVE-2020-12388 SUSE bug 1171186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. Important CVE-2020-12389 SUSE bug 1171186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Important CVE-2020-12392 SUSE bug 1171186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Important CVE-2020-12393 SUSE bug 1171186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Important CVE-2020-12395 SUSE bug 1171186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Moderate CVE-2020-12399 SUSE bug 1171978 SUSE bug 1172402 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Moderate CVE-2020-12400 SUSE bug 1174763 SUSE bug 1175686 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Moderate CVE-2020-12401 SUSE bug 1174763 SUSE bug 1175686 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. Moderate CVE-2020-12402 SUSE bug 1173032 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. Moderate CVE-2020-12403 SUSE bug 1174763 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Important CVE-2020-12405 SUSE bug 1172402 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Important CVE-2020-12406 SUSE bug 1172402 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Important CVE-2020-12410 SUSE bug 1172402 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. Important CVE-2020-12415 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. Important CVE-2020-12416 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Important CVE-2020-12417 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Important CVE-2020-12418 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Important CVE-2020-12419 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Important CVE-2020-12420 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Important CVE-2020-12421 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. Important CVE-2020-12422 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating systems are unaffected.* This vulnerability affects Firefox < 78. Important CVE-2020-12423 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. Important CVE-2020-12424 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. Important CVE-2020-12425 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. Important CVE-2020-12426 SUSE bug 1173576 SUSE bug 1174230 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). Moderate CVE-2020-12458 SUSE bug 1170898 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. Moderate CVE-2020-12459 SUSE bug 1170898 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. Low CVE-2020-12464 SUSE bug 1170901 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." Moderate CVE-2020-12652 SUSE bug 1171218 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. Important CVE-2020-12653 SUSE bug 1171195 SUSE bug 1171254 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591. Important CVE-2020-12654 SUSE bug 1171202 SUSE bug 1171252 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. Moderate CVE-2020-12655 SUSE bug 1171217 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug. Low CVE-2020-12656 SUSE bug 1171219 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. Moderate CVE-2020-12657 SUSE bug 1171205 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. Moderate CVE-2020-12659 SUSE bug 1171214 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. Important CVE-2020-12673 SUSE bug 1174920 SUSE bug 1174922 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. Important CVE-2020-12674 SUSE bug 1174920 SUSE bug 1174923 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. Moderate CVE-2020-12723 SUSE bug 1171866 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. Moderate CVE-2020-12767 SUSE bug 1171475 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will. Moderate CVE-2020-12768 SUSE bug 1171736 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. Moderate CVE-2020-12769 SUSE bug 1171983 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. Moderate CVE-2020-12770 SUSE bug 1171420 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. Moderate CVE-2020-12771 SUSE bug 1171732 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. Moderate CVE-2020-12826 SUSE bug 1171727 SUSE bug 1171985 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. Moderate CVE-2020-12829 SUSE bug 1172385 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. Moderate CVE-2020-12861 SUSE bug 1172524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. Moderate CVE-2020-12862 SUSE bug 1172524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. Moderate CVE-2020-12863 SUSE bug 1172524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. Moderate CVE-2020-12864 SUSE bug 1172524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. Moderate CVE-2020-12865 SUSE bug 1172524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Moderate CVE-2020-12866 SUSE bug 1172524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. Moderate CVE-2020-12867 SUSE bug 1172524 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. Moderate CVE-2020-12912 SUSE bug 1178760 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. Critical CVE-2020-13112 SUSE bug 1172116 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. Important CVE-2020-13113 SUSE bug 1172105 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. Moderate CVE-2020-13114 SUSE bug 1172121 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. Moderate CVE-2020-13249 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. Low CVE-2020-13253 SUSE bug 1172033 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. Moderate CVE-2020-13254 SUSE bug 1172166 SUSE bug 1172167 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. Low CVE-2020-13361 SUSE bug 1172384 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Low CVE-2020-13362 SUSE bug 1172383 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault. Important CVE-2020-13379 SUSE bug 1172409 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. Moderate CVE-2020-13430 SUSE bug 1172128 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Moderate CVE-2020-13434 SUSE bug 1172115 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. Important CVE-2020-13435 SUSE bug 1172091 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. Important CVE-2020-13543 SUSE bug 1179451 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. Important CVE-2020-13558 SUSE bug 1182286 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. Important CVE-2020-13584 SUSE bug 1179122 SUSE bug 1179910 SUSE bug 1179911 SUSE bug 1179912 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. Moderate CVE-2020-13596 SUSE bug 1172166 SUSE bug 1172167 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Moderate CVE-2020-13630 SUSE bug 1172234 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Moderate CVE-2020-13631 SUSE bug 1172236 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Moderate CVE-2020-13632 SUSE bug 1172240 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. Moderate CVE-2020-13645 SUSE bug 1172460 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Moderate CVE-2020-13659 SUSE bug 1172386 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. Moderate CVE-2020-13753 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Moderate CVE-2020-13754 SUSE bug 1172382 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). Important CVE-2020-13757 SUSE bug 1172389 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Important CVE-2020-13765 SUSE bug 1172478 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Moderate CVE-2020-13791 SUSE bug 1172494 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Moderate CVE-2020-13800 SUSE bug 1172495 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. Moderate CVE-2020-13817 SUSE bug 1172651 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." Moderate CVE-2020-13844 SUSE bug 1172798 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). Moderate CVE-2020-13867 SUSE bug 1172743 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. Moderate CVE-2020-13871 SUSE bug 1172646 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. Moderate CVE-2020-13902 SUSE bug 1172642 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. Moderate CVE-2020-13934 SUSE bug 1174121 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. Important CVE-2020-13935 SUSE bug 1174117 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources. Moderate CVE-2020-13943 SUSE bug 1177582 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. Moderate CVE-2020-13956 SUSE bug 1177488 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. Moderate CVE-2020-13974 SUSE bug 1172775 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. Moderate CVE-2020-14019 SUSE bug 1173257 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list. Moderate CVE-2020-14059 SUSE bug 1173303 SUSE bug 1173304 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Important CVE-2020-14093 SUSE bug 1172906 SUSE bug 1172935 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected. Moderate CVE-2020-14145 SUSE bug 1173513 SUSE bug 1177569 SUSE bug 1189078 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11813. Reason: This candidate is a duplicate of CVE-2018-11813. Notes: All CVE users should reference [ID] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2020-14151 SUSE bug 1096209 SUSE bug 1172994 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Important CVE-2020-14154 SUSE bug 1172906 SUSE bug 1172935 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Moderate CVE-2020-14155 SUSE bug 1172974 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Moderate CVE-2020-14305 SUSE bug 1173346 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. Moderate CVE-2020-14308 SUSE bug 1168994 SUSE bug 1173812 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. Moderate CVE-2020-14309 SUSE bug 1168994 SUSE bug 1173812 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Moderate CVE-2020-14310 SUSE bug 1168994 SUSE bug 1173812 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Moderate CVE-2020-14311 SUSE bug 1168994 SUSE bug 1173812 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Moderate CVE-2020-14314 SUSE bug 1173798 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. Moderate CVE-2020-14318 SUSE bug 1173902 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. Moderate CVE-2020-14323 SUSE bug 1173994 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-14331 SUSE bug 1174205 SUSE bug 1174247 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. Important CVE-2020-14343 SUSE bug 1174514 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. Moderate CVE-2020-14344 SUSE bug 1174628 SUSE bug 1174638 SUSE bug 1175880 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-14345 SUSE bug 1174635 SUSE bug 1174638 SUSE bug 1174908 SUSE bug 1174910 SUSE bug 1174913 SUSE bug 1177596 SUSE bug 1181067 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-14346 SUSE bug 1174635 SUSE bug 1174638 SUSE bug 1174910 SUSE bug 1174913 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. Moderate CVE-2020-14347 SUSE bug 1174633 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. Important CVE-2020-14349 SUSE bug 1175193 SUSE bug 1176151 SUSE bug 1179499 SUSE bug 1179870 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. Important CVE-2020-14350 SUSE bug 1175194 SUSE bug 1176151 SUSE bug 1179115 SUSE bug 1179499 SUSE bug 1179870 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Moderate CVE-2020-14351 SUSE bug 1177086 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Moderate CVE-2020-14355 SUSE bug 1177158 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. Moderate CVE-2020-14356 SUSE bug 1175213 SUSE bug 1176392 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-14360 SUSE bug 1174908 SUSE bug 1177596 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-14361 SUSE bug 1174635 SUSE bug 1174638 SUSE bug 1174910 SUSE bug 1174913 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-14362 SUSE bug 1174635 SUSE bug 1174638 SUSE bug 1174910 SUSE bug 1174913 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. Important CVE-2020-14363 SUSE bug 1175239 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. Moderate CVE-2020-14364 SUSE bug 1175441 SUSE bug 1175534 SUSE bug 1176494 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. Moderate CVE-2020-14367 SUSE bug 1174911 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. Important CVE-2020-14372 SUSE bug 1175970 SUSE bug 1192833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. Moderate CVE-2020-14373 SUSE bug 1176133 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-14381 SUSE bug 1176011 SUSE bug 1176012 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. Important CVE-2020-14386 SUSE bug 1176069 SUSE bug 1176072 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Important CVE-2020-14390 SUSE bug 1176235 SUSE bug 1176253 SUSE bug 1176278 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. Important CVE-2020-14392 SUSE bug 1176412 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. Important CVE-2020-14393 SUSE bug 1176409 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Moderate CVE-2020-14397 SUSE bug 1173477 SUSE bug 1173700 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Moderate CVE-2020-14398 SUSE bug 1173477 SUSE bug 1173880 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed." Moderate CVE-2020-14399 SUSE bug 1173477 SUSE bug 1173743 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary. Moderate CVE-2020-14400 SUSE bug 1173477 SUSE bug 1173691 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Moderate CVE-2020-14401 SUSE bug 1173477 SUSE bug 1173694 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Moderate CVE-2020-14402 SUSE bug 1173477 SUSE bug 1173701 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Moderate CVE-2020-14403 SUSE bug 1173701 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. Moderate CVE-2020-14404 SUSE bug 1173701 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. Important CVE-2020-14409 SUSE bug 1181202 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. Important CVE-2020-14410 SUSE bug 1181201 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Moderate CVE-2020-14415 SUSE bug 1173109 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. Moderate CVE-2020-14416 SUSE bug 1162002 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. Important CVE-2020-14422 SUSE bug 1173274 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Moderate CVE-2020-14556 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2020-14577 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-14578 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-14579 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2020-14581 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Moderate CVE-2020-14583 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). Moderate CVE-2020-14593 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2020-14621 SUSE bug 1174157 SUSE bug 1175259 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. Critical CVE-2020-1472 SUSE bug 1176579 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-14765 SUSE bug 1178428 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-14776 SUSE bug 1178428 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-14779 SUSE bug 1177943 SUSE bug 1180063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2020-14781 SUSE bug 1177943 SUSE bug 1180063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2020-14782 SUSE bug 1177943 SUSE bug 1180063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-14789 SUSE bug 1178428 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). Moderate CVE-2020-14792 SUSE bug 1177943 SUSE bug 1180063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Moderate CVE-2020-14796 SUSE bug 1177943 SUSE bug 1180063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2020-14797 SUSE bug 1177943 SUSE bug 1180063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). Moderate CVE-2020-14798 SUSE bug 1177943 SUSE bug 1180063 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2020-14803 SUSE bug 1177943 SUSE bug 1181239 SUSE bug 1182186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-14812 SUSE bug 1178428 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Critical CVE-2020-14871 SUSE bug 1183542 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Important CVE-2020-14954 SUSE bug 1173197 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Moderate CVE-2020-15011 SUSE bug 1173369 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. Moderate CVE-2020-15025 SUSE bug 1173334 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. Important CVE-2020-15049 SUSE bug 1173455 SUSE bug 1174381 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. Low CVE-2020-15075 SUSE bug 1184190 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. Moderate CVE-2020-15095 SUSE bug 1173937 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. Important CVE-2020-15169 SUSE bug 1176421 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. Critical CVE-2020-15180 SUSE bug 1177472 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4. Important CVE-2020-15254 SUSE bug 1177872 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. Moderate CVE-2020-15304 SUSE bug 1173466 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. Low CVE-2020-15305 SUSE bug 1173467 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. Low CVE-2020-15306 SUSE bug 1173469 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Moderate CVE-2020-15358 SUSE bug 1173641 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. Important CVE-2020-15365 SUSE bug 1173517 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. Moderate CVE-2020-15389 SUSE bug 1173578 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. Moderate CVE-2020-15393 SUSE bug 1173514 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Moderate CVE-2020-15436 SUSE bug 1179141 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. Moderate CVE-2020-15437 SUSE bug 1179140 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Moderate CVE-2020-15469 SUSE bug 1173612 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. Moderate CVE-2020-15523 SUSE bug 1173745 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible. Important CVE-2020-15565 SUSE bug 1173378 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable. Moderate CVE-2020-15567 SUSE bug 1173380 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Important CVE-2020-15652 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Important CVE-2020-15653 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Important CVE-2020-15654 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Important CVE-2020-15655 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Important CVE-2020-15656 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Important CVE-2020-15657 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. Important CVE-2020-15658 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Important CVE-2020-15659 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. Important CVE-2020-15663 SUSE bug 1175686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80. Important CVE-2020-15664 SUSE bug 1175686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. Important CVE-2020-15670 SUSE bug 1175686 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Important CVE-2020-15673 SUSE bug 1176756 SUSE bug 1176899 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. Important CVE-2020-15674 SUSE bug 1176756 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. Important CVE-2020-15675 SUSE bug 1176756 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Important CVE-2020-15676 SUSE bug 1176756 SUSE bug 1176899 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Important CVE-2020-15677 SUSE bug 1176756 SUSE bug 1176899 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. Important CVE-2020-15678 SUSE bug 1176756 SUSE bug 1176899 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. Important CVE-2020-15680 SUSE bug 1177872 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. Important CVE-2020-15681 SUSE bug 1177872 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. Important CVE-2020-15682 SUSE bug 1177872 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. Important CVE-2020-15683 SUSE bug 1177872 SUSE bug 1177977 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Important CVE-2020-15705 SUSE bug 1174421 SUSE bug 1182890 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. Moderate CVE-2020-15706 SUSE bug 1174463 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. Important CVE-2020-15707 SUSE bug 1174570 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. Important CVE-2020-15708 SUSE bug 1174955 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. Important CVE-2020-15780 SUSE bug 1173573 SUSE bug 1174186 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. Important CVE-2020-15801 SUSE bug 1174241 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream. Critical CVE-2020-15810 SUSE bug 1175664 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches. Critical CVE-2020-15811 SUSE bug 1175665 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154. Important CVE-2020-15852 SUSE bug 1174063 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Moderate CVE-2020-15859 SUSE bug 1174373 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Important CVE-2020-15862 SUSE bug 1174961 SUSE bug 1193875 SUSE bug 1196341 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. Important CVE-2020-15863 SUSE bug 1174386 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. Important CVE-2020-15888 SUSE bug 1174367 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. Critical CVE-2020-15889 SUSE bug 1174371 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Important CVE-2020-15900 SUSE bug 1174415 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. Low CVE-2020-15945 SUSE bug 1174540 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Important CVE-2020-15969 SUSE bug 1177408 SUSE bug 1177872 SUSE bug 1177977 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Important CVE-2020-15999 SUSE bug 1177914 SUSE bug 1177936 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Moderate CVE-2020-16012 SUSE bug 1178824 SUSE bug 1178894 SUSE bug 1178923 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Important CVE-2020-16042 SUSE bug 1179576 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. Important CVE-2020-16044 SUSE bug 1180623 SUSE bug 1181137 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. Moderate CVE-2020-16092 SUSE bug 1174641 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Important CVE-2020-16119 SUSE bug 1177471 SUSE bug 1177742 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11. Moderate CVE-2020-16120 SUSE bug 1177470 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. Important CVE-2020-16125 SUSE bug 1140851 SUSE bug 1178150 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. Low CVE-2020-16126 SUSE bug 1178425 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. Low CVE-2020-16127 SUSE bug 1178424 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. Moderate CVE-2020-16166 SUSE bug 1174757 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. Moderate CVE-2020-16590 SUSE bug 1179898 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. Moderate CVE-2020-16591 SUSE bug 1179899 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. Moderate CVE-2020-16592 SUSE bug 1179900 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. Moderate CVE-2020-16593 SUSE bug 1179901 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2020-16598 SUSE bug 1179902 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. Moderate CVE-2020-16599 SUSE bug 1179903 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Important CVE-2020-1711 SUSE bug 1166240 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. Important CVE-2020-1712 SUSE bug 1162108 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. Moderate CVE-2020-1720 SUSE bug 1163985 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. Moderate CVE-2020-1733 SUSE bug 1164140 SUSE bug 1171823 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. Important CVE-2020-17376 SUSE bug 1175484 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Moderate CVE-2020-17380 SUSE bug 1175144 SUSE bug 1182282 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality. Moderate CVE-2020-1746 SUSE bug 1165393 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. Important CVE-2020-1747 SUSE bug 1165439 SUSE bug 1174514 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) Low CVE-2020-17489 SUSE bug 1175155 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Important CVE-2020-1749 SUSE bug 1165629 SUSE bug 1165631 SUSE bug 1177511 SUSE bug 1177513 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. Important CVE-2020-17507 SUSE bug 1176315 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. Important CVE-2020-1752 SUSE bug 1167631 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. Important CVE-2020-17527 SUSE bug 1179602 SUSE bug 1180830 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. Moderate CVE-2020-1753 SUSE bug 1166389 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. Critical CVE-2020-18032 SUSE bug 1185833 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". Moderate CVE-2020-19131 SUSE bug 1190312 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. Moderate CVE-2020-1927 SUSE bug 1145738 SUSE bug 1168407 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges. Important CVE-2020-1930 SUSE bug 1162197 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. Important CVE-2020-1931 SUSE bug 1162197 SUSE bug 1162200 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Moderate CVE-2020-1934 SUSE bug 1168404 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. Moderate CVE-2020-1935 SUSE bug 1164860 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. Important CVE-2020-1938 SUSE bug 1164692 SUSE bug 1169066 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. Important CVE-2020-1946 SUSE bug 1184221 SUSE bug 1186513 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue. Moderate CVE-2020-1955 SUSE bug 1171890 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Moderate CVE-2020-19667 SUSE bug 1179103 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). Important CVE-2020-1967 SUSE bug 1169407 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v). Moderate CVE-2020-1968 SUSE bug 1176331 SUSE bug 1177243 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). Important CVE-2020-1971 SUSE bug 1179491 SUSE bug 1196179 SUSE bug 1199303 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. Important CVE-2020-1983 SUSE bug 1170940 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. Moderate CVE-2020-21529 SUSE bug 1190618 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. Moderate CVE-2020-21530 SUSE bug 1190615 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. Moderate CVE-2020-21531 SUSE bug 1190617 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. Important CVE-2020-21532 SUSE bug 1190616 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. Important CVE-2020-21533 SUSE bug 1190612 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. Important CVE-2020-21534 SUSE bug 1190611 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. Moderate CVE-2020-21535 SUSE bug 1190607 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. Moderate CVE-2020-21674 SUSE bug 1177934 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. Important CVE-2020-21680 SUSE bug 1189343 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. Important CVE-2020-21681 SUSE bug 1189345 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. Important CVE-2020-21682 SUSE bug 1189346 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. Important CVE-2020-21683 SUSE bug 1189325 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. Moderate CVE-2020-24303 SUSE bug 1178243 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. Important CVE-2020-24330 SUSE bug 1164472 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). Important CVE-2020-24331 SUSE bug 1164472 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. Important CVE-2020-24332 SUSE bug 1164472 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. Moderate CVE-2020-24342 SUSE bug 1175339 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Low CVE-2020-24352 SUSE bug 1175370 SUSE bug 1188609 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. Moderate CVE-2020-24369 SUSE bug 1175447 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Moderate CVE-2020-24370 SUSE bug 1175448 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. Moderate CVE-2020-24371 SUSE bug 1175449 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). Important CVE-2020-24386 SUSE bug 1180405 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. Important CVE-2020-24394 SUSE bug 1175518 SUSE bug 1175992 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. Important CVE-2020-24489 SUSE bug 1179839 SUSE bug 1192359 SUSE bug 1199300 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. Important CVE-2020-24490 SUSE bug 1177726 SUSE bug 1177727 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-24511 SUSE bug 1179836 SUSE bug 1192360 SUSE bug 1199300 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Low CVE-2020-24512 SUSE bug 1179837 SUSE bug 1192360 SUSE bug 1199300 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-24513 SUSE bug 1179833 SUSE bug 1192360 SUSE bug 1199300 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. Moderate CVE-2020-24583 SUSE bug 1175784 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. Moderate CVE-2020-24584 SUSE bug 1175784 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. Moderate CVE-2020-24586 SUSE bug 1185859 SUSE bug 1192868 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. Moderate CVE-2020-24587 SUSE bug 1185859 SUSE bug 1185862 SUSE bug 1192868 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. Moderate CVE-2020-24588 SUSE bug 1185861 SUSE bug 1192868 SUSE bug 1199701 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. Important CVE-2020-24606 SUSE bug 1175671 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate is a duplicate of CVE-2020-0570. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2020-0570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2020-24741 SUSE bug 1189408 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. Moderate CVE-2020-25084 SUSE bug 1176673 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. Important CVE-2020-25097 SUSE bug 1183436 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. Moderate CVE-2020-25211 SUSE bug 1176395 SUSE bug 1192356 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. Important CVE-2020-25212 SUSE bug 1176381 SUSE bug 1176382 SUSE bug 1177027 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. Important CVE-2020-25219 SUSE bug 1176410 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743. Important CVE-2020-25221 SUSE bug 1176286 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. Moderate CVE-2020-25284 SUSE bug 1176482 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. Moderate CVE-2020-25285 SUSE bug 1176485 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does. Important CVE-2020-25595 SUSE bug 1176344 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability. Moderate CVE-2020-25596 SUSE bug 1176345 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable. Moderate CVE-2020-25597 SUSE bug 1176346 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable. Important CVE-2020-25599 SUSE bug 1176349 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable. Important CVE-2020-25600 SUSE bug 1176348 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics. Moderate CVE-2020-25601 SUSE bug 1176350 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering. Important CVE-2020-25603 SUSE bug 1176347 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability. Moderate CVE-2020-25604 SUSE bug 1176343 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. Moderate CVE-2020-25613 SUSE bug 1177125 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. Low CVE-2020-25623 SUSE bug 1177354 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. Moderate CVE-2020-25624 SUSE bug 1176682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. Low CVE-2020-25625 SUSE bug 1176684 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25632 SUSE bug 1176711 SUSE bug 1192833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25637 SUSE bug 1174955 SUSE bug 1177155 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Moderate CVE-2020-25639 SUSE bug 1176846 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Moderate CVE-2020-25641 SUSE bug 1177121 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25643 SUSE bug 1177206 SUSE bug 1177226 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. Important CVE-2020-25645 SUSE bug 1177511 SUSE bug 1177513 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25647 SUSE bug 1177883 SUSE bug 1192833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. Important CVE-2020-25648 SUSE bug 1177917 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions. Moderate CVE-2020-25650 SUSE bug 1177780 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. Moderate CVE-2020-25651 SUSE bug 1177781 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior. Moderate CVE-2020-25652 SUSE bug 1177782 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior. Important CVE-2020-25653 SUSE bug 1177783 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. Moderate CVE-2020-25656 SUSE bug 1177766 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. Moderate CVE-2020-25659 SUSE bug 1178168 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. Important CVE-2020-25660 SUSE bug 1177843 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-25661 SUSE bug 1178397 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. Moderate CVE-2020-25662 SUSE bug 1178398 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-25663 SUSE bug 1179200 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68. Important CVE-2020-25664 SUSE bug 1179202 SUSE bug 1179346 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68. Moderate CVE-2020-25665 SUSE bug 1179208 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-25666 SUSE bug 1179212 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-25667 SUSE bug 1179218 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. Important CVE-2020-25668 SUSE bug 1178123 SUSE bug 1178622 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. Moderate CVE-2020-25669 SUSE bug 1178182 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Important CVE-2020-25670 SUSE bug 1178181 SUSE bug 1194680 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Important CVE-2020-25671 SUSE bug 1178181 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Important CVE-2020-25672 SUSE bug 1178181 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Important CVE-2020-25673 SUSE bug 1178181 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. Important CVE-2020-25674 SUSE bug 1179223 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-25675 SUSE bug 1179240 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-25676 SUSE bug 1179244 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality. Important CVE-2020-25677 SUSE bug 1177843 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25681 SUSE bug 1177077 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25682 SUSE bug 1177077 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Important CVE-2020-25683 SUSE bug 1177077 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. Important CVE-2020-25684 SUSE bug 1177077 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. Important CVE-2020-25685 SUSE bug 1177077 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. Important CVE-2020-25686 SUSE bug 1177077 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Important CVE-2020-25687 SUSE bug 1177077 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. Important CVE-2020-25692 SUSE bug 1178387 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Moderate CVE-2020-25694 SUSE bug 1178667 SUSE bug 1179870 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25695 SUSE bug 1178666 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25696 SUSE bug 1178668 SUSE bug 1179870 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Moderate CVE-2020-25704 SUSE bug 1178393 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version Important CVE-2020-25705 SUSE bug 1175721 SUSE bug 1178782 SUSE bug 1178783 SUSE bug 1191790 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. Moderate CVE-2020-25708 SUSE bug 1178682 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. Moderate CVE-2020-25709 SUSE bug 1178909 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. Moderate CVE-2020-25710 SUSE bug 1178909 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-25712 SUSE bug 1174908 SUSE bug 1177596 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Important CVE-2020-25717 SUSE bug 1192284 SUSE bug 1192505 SUSE bug 1192601 SUSE bug 1192849 SUSE bug 1193011 SUSE bug 1194049 SUSE bug 1194307 SUSE bug 1195815 SUSE bug 1196344 SUSE bug 1196717 SUSE bug 1196920 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Low CVE-2020-25723 SUSE bug 1178934 SUSE bug 1178935 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. Moderate CVE-2020-25725 SUSE bug 1179026 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-2574 SUSE bug 1161085 SUSE bug 1162388 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2583 SUSE bug 1160968 SUSE bug 1162972 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. Moderate CVE-2020-25862 SUSE bug 1176909 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. Moderate CVE-2020-25863 SUSE bug 1176908 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. Moderate CVE-2020-25866 SUSE bug 1176910 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2020-2590 SUSE bug 1160968 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Moderate CVE-2020-2593 SUSE bug 1160968 SUSE bug 1162972 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). Moderate CVE-2020-2601 SUSE bug 1160968 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Important CVE-2020-2604 SUSE bug 1160968 SUSE bug 1162972 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. Moderate CVE-2020-26088 SUSE bug 1176990 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. Moderate CVE-2020-26116 SUSE bug 1177120 SUSE bug 1177211 SUSE bug 1192361 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. Critical CVE-2020-26117 SUSE bug 1176733 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. Moderate CVE-2020-26137 SUSE bug 1177120 SUSE bug 1177211 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. Moderate CVE-2020-26139 SUSE bug 1186062 SUSE bug 1192868 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. Moderate CVE-2020-26141 SUSE bug 1185987 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. Moderate CVE-2020-26145 SUSE bug 1185860 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Moderate CVE-2020-26147 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Important CVE-2020-26154 SUSE bug 1177143 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4. Moderate CVE-2020-26247 SUSE bug 1180507 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Low CVE-2020-26418 SUSE bug 1179930 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. Moderate CVE-2020-26419 SUSE bug 1179931 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file Moderate CVE-2020-26422 SUSE bug 1180232 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2654 SUSE bug 1160968 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. Moderate CVE-2020-26555 SUSE bug 1179610 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. Moderate CVE-2020-26556 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time). Moderate CVE-2020-26557 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. Moderate CVE-2020-26558 SUSE bug 1179610 SUSE bug 1186463 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. Moderate CVE-2020-26559 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. Moderate CVE-2020-26560 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. Moderate CVE-2020-26575 SUSE bug 1177406 SUSE bug 1178290 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2659 SUSE bug 1160968 SUSE bug 1162972 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. Important CVE-2020-26682 SUSE bug 1177862 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. Important CVE-2020-26950 SUSE bug 1177872 SUSE bug 1178588 SUSE bug 1178611 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Important CVE-2020-26951 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. Important CVE-2020-26952 SUSE bug 1178824 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26953 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26956 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26958 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26959 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26960 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26961 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83. Important CVE-2020-26962 SUSE bug 1178824 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Repeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox < 83. Important CVE-2020-26963 SUSE bug 1178824 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26965 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26966 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83. Important CVE-2020-26967 SUSE bug 1178824 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Moderate CVE-2020-26968 SUSE bug 1178824 SUSE bug 1178894 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83. Important CVE-2020-26969 SUSE bug 1178824 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Important CVE-2020-26971 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Important CVE-2020-26973 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Important CVE-2020-26974 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. Important CVE-2020-26976 SUSE bug 1180039 SUSE bug 1181414 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Important CVE-2020-26978 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-119770583 Moderate CVE-2020-27068 SUSE bug 1180086 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9. Moderate CVE-2020-27152 SUSE bug 1177785 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. Moderate CVE-2020-27153 SUSE bug 1177895 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. Low CVE-2020-27194 SUSE bug 1177889 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. Critical CVE-2020-27221 SUSE bug 1182186 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. Moderate CVE-2020-2732 SUSE bug 1163971 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-2752 SUSE bug 1171550 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2754 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2755 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2756 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Moderate CVE-2020-27560 SUSE bug 1178067 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2757 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). Moderate CVE-2020-2760 SUSE bug 1171550 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. Low CVE-2020-27616 SUSE bug 1178400 SUSE bug 1188609 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. Moderate CVE-2020-27617 SUSE bug 1178174 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Important CVE-2020-27619 SUSE bug 1178009 SUSE bug 1180254 SUSE bug 1193386 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Low CVE-2020-27661 SUSE bug 1178069 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. Important CVE-2020-27670 SUSE bug 1177414 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. Important CVE-2020-27671 SUSE bug 1177413 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. Important CVE-2020-27672 SUSE bug 1177412 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. Moderate CVE-2020-27673 SUSE bug 1177411 SUSE bug 1184583 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. Moderate CVE-2020-27674 SUSE bug 1177409 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. Moderate CVE-2020-27675 SUSE bug 1177410 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2773 SUSE bug 1169511 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-27749 SUSE bug 1179264 SUSE bug 1192833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Important CVE-2020-27750 SUSE bug 1179260 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27751 SUSE bug 1179269 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27752 SUSE bug 1179202 SUSE bug 1179346 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27753 SUSE bug 1179397 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. Moderate CVE-2020-27754 SUSE bug 1179313 SUSE bug 1179336 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27755 SUSE bug 1179345 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0. Important CVE-2020-27756 SUSE bug 1179221 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. Moderate CVE-2020-27757 SUSE bug 1179268 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Moderate CVE-2020-27758 SUSE bug 1179276 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. Moderate CVE-2020-27759 SUSE bug 1179313 SUSE bug 1179321 SUSE bug 1179336 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Important CVE-2020-27760 SUSE bug 1179281 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. Moderate CVE-2020-27761 SUSE bug 1179315 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Moderate CVE-2020-27762 SUSE bug 1179278 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Moderate CVE-2020-27763 SUSE bug 1179312 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. Moderate CVE-2020-27764 SUSE bug 1179317 SUSE bug 1179333 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27765 SUSE bug 1179311 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. Moderate CVE-2020-27766 SUSE bug 1179333 SUSE bug 1179361 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27767 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179322 SUSE bug 1179346 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27768 SUSE bug 1179339 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. Moderate CVE-2020-27769 SUSE bug 1179321 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. Moderate CVE-2020-27770 SUSE bug 1179343 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27771 SUSE bug 1179327 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27772 SUSE bug 1179347 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27773 SUSE bug 1179285 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27774 SUSE bug 1179317 SUSE bug 1179333 SUSE bug 1179361 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27775 SUSE bug 1179338 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Moderate CVE-2020-27776 SUSE bug 1179333 SUSE bug 1179362 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Moderate CVE-2020-27777 SUSE bug 1179107 SUSE bug 1179419 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2020-27779 SUSE bug 1179265 SUSE bug 1192833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. Critical CVE-2020-27780 SUSE bug 1179166 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-27786 SUSE bug 1179601 SUSE bug 1179616 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2781 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. Moderate CVE-2020-27814 SUSE bug 1179594 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-27815 SUSE bug 1179454 SUSE bug 1179458 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-27823 SUSE bug 1180457 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. Important CVE-2020-27825 SUSE bug 1179960 SUSE bug 1179961 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Important CVE-2020-27827 SUSE bug 1181345 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. Important CVE-2020-27828 SUSE bug 1179748 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. Moderate CVE-2020-27829 SUSE bug 1181697 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash. Moderate CVE-2020-27830 SUSE bug 1179656 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. Moderate CVE-2020-27835 SUSE bug 1179878 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. Low CVE-2020-27837 SUSE bug 1180206 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability. Important CVE-2020-27840 SUSE bug 1183572 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. Moderate CVE-2020-27841 SUSE bug 1180042 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. Moderate CVE-2020-27843 SUSE bug 1180044 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-27844 SUSE bug 1180045 SUSE bug 1182960 SUSE bug 1183514 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. Moderate CVE-2020-27845 SUSE bug 1180046 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2020-27918 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Moderate CVE-2020-2800 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Moderate CVE-2020-2803 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. Moderate CVE-2020-28030 SUSE bug 1178291 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Moderate CVE-2020-2805 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-2812 SUSE bug 1171550 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Moderate CVE-2020-2814 SUSE bug 1171550 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. Important CVE-2020-28196 SUSE bug 1178512 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2020-2830 SUSE bug 1169511 SUSE bug 1172277 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. Moderate CVE-2020-28368 SUSE bug 1178591 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. Important CVE-2020-28374 SUSE bug 1178372 SUSE bug 1178684 SUSE bug 1180676 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. Important CVE-2020-28493 SUSE bug 1181944 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. Moderate CVE-2020-28588 SUSE bug 1182806 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. Moderate CVE-2020-28896 SUSE bug 1179035 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. Moderate CVE-2020-28915 SUSE bug 1178886 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Moderate CVE-2020-28916 SUSE bug 1178683 SUSE bug 1179468 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. Moderate CVE-2020-28941 SUSE bug 1178740 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. Moderate CVE-2020-28974 SUSE bug 1178589 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Moderate CVE-2020-29129 SUSE bug 1179466 SUSE bug 1179467 SUSE bug 1179477 SUSE bug 1179484 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Moderate CVE-2020-29130 SUSE bug 1178658 SUSE bug 1179467 SUSE bug 1179477 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. Important CVE-2020-29361 SUSE bug 1180064 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. Important CVE-2020-29362 SUSE bug 1180065 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. Important CVE-2020-29363 SUSE bug 1180066 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. Important CVE-2020-29368 SUSE bug 1179428 SUSE bug 1179660 SUSE bug 1179664 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. Important CVE-2020-29369 SUSE bug 1173504 SUSE bug 1179432 SUSE bug 1179646 SUSE bug 1182109 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. Important CVE-2020-29370 SUSE bug 1179435 SUSE bug 1179648 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. Moderate CVE-2020-29371 SUSE bug 1179429 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. Low CVE-2020-29372 SUSE bug 1179433 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. Important CVE-2020-29373 SUSE bug 1179434 SUSE bug 1179779 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. Moderate CVE-2020-29385 SUSE bug 1180393 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. Moderate CVE-2020-29443 SUSE bug 1181108 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. Important CVE-2020-29479 SUSE bug 1179511 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest administrator can also use the special watches, which will cause a notification every time a domain is created and destroyed. Data may include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g., existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests. This information allows some insight into overall system configuration (including the number and general nature of other guests), and configuration of other guests (including the number and general nature of other guests' devices). This information might be commercially interesting or might make other attacks easier. There is not believed to be exposure of sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and guest filesystems, cryptographic keys, or within-guest data. Moderate CVE-2020-29480 SUSE bug 1178658 SUSE bug 1179496 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable. Moderate CVE-2020-29481 SUSE bug 1176349 SUSE bug 1178658 SUSE bug 1179498 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit that is applied solely to the relative or absolute path specified by the client. Therefore, a guest can create paths in its own namespace which are too long for management tools to access. Depending on the toolstack in use, a malicious guest administrator might cause some management tools and debugging operations to fail. For example, a guest administrator can cause "xenstore-ls -r" to fail. However, a guest administrator cannot prevent the host administrator from tearing down the domain. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. Moderate CVE-2020-29482 SUSE bug 1179500 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS. Moderate CVE-2020-29483 SUSE bug 1178658 SUSE bug 1179502 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected. Moderate CVE-2020-29484 SUSE bug 1178658 SUSE bug 1179501 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. Systems using the C Xenstored implementation are not vulnerable. Moderate CVE-2020-29485 SUSE bug 1179504 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. Moderate CVE-2020-29486 SUSE bug 1179510 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable. Moderate CVE-2020-29487 SUSE bug 1179512 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. Moderate CVE-2020-29534 SUSE bug 1179598 SUSE bug 1180564 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability. Moderate CVE-2020-29566 SUSE bug 1178658 SUSE bug 1179506 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability. Moderate CVE-2020-29567 SUSE bug 1179513 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. Moderate CVE-2020-29568 SUSE bug 1179508 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. Important CVE-2020-29569 SUSE bug 1179509 SUSE bug 1180008 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Moderate CVE-2020-29570 SUSE bug 1179514 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable. Moderate CVE-2020-29571 SUSE bug 1179516 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. Important CVE-2020-29623 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. Moderate CVE-2020-29651 SUSE bug 1179805 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Important CVE-2020-29660 SUSE bug 1179745 SUSE bug 1179877 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Important CVE-2020-29661 SUSE bug 1179745 SUSE bug 1179877 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Moderate CVE-2020-3123 SUSE bug 1162921 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Important CVE-2020-3327 SUSE bug 1171980 SUSE bug 1174250 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Important CVE-2020-3341 SUSE bug 1171981 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working. Moderate CVE-2020-3350 SUSE bug 1174250 SUSE bug 1174255 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Important CVE-2020-3481 SUSE bug 1174250 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Important CVE-2020-35111 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Important CVE-2020-35112 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. Important CVE-2020-35113 SUSE bug 1180039 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. Moderate CVE-2020-35448 SUSE bug 1184794 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow Important CVE-2020-35452 SUSE bug 1186922 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-35492 SUSE bug 1180436 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. Moderate CVE-2020-35493 SUSE bug 1180451 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. Moderate CVE-2020-35494 SUSE bug 1180452 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. Moderate CVE-2020-35496 SUSE bug 1180454 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Important CVE-2020-35498 SUSE bug 1181742 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. Moderate CVE-2020-35499 SUSE bug 1180460 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem Moderate CVE-2020-35501 SUSE bug 1182435 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Moderate CVE-2020-35503 SUSE bug 1180432 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Moderate CVE-2020-35504 SUSE bug 1180433 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Moderate CVE-2020-35505 SUSE bug 1180434 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. Moderate CVE-2020-35506 SUSE bug 1180435 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. Moderate CVE-2020-35507 SUSE bug 1180461 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Moderate CVE-2020-35508 SUSE bug 1180529 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. Moderate CVE-2020-35513 SUSE bug 1181362 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. Moderate CVE-2020-35517 SUSE bug 1182126 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2020-35519 SUSE bug 1183696 SUSE bug 1184953 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. Moderate CVE-2020-35521 SUSE bug 1182808 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. Moderate CVE-2020-35522 SUSE bug 1182809 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Moderate CVE-2020-35523 SUSE bug 1182811 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Moderate CVE-2020-35524 SUSE bug 1182812 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. Important CVE-2020-35653 SUSE bug 1180834 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. Important CVE-2020-35654 SUSE bug 1180833 SUSE bug 1183103 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. Important CVE-2020-35655 SUSE bug 1180832 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django's similar ASGIHandler, available from Django 3.0. Moderate CVE-2020-35681 SUSE bug 1180462 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects. Moderate CVE-2020-35702 SUSE bug 1180397 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. Moderate CVE-2020-35733 SUSE bug 1181073 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. Important CVE-2020-35738 SUSE bug 1180414 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. Important CVE-2020-36158 SUSE bug 1180559 SUSE bug 1180562 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). Moderate CVE-2020-36221 SUSE bug 1182420 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. Moderate CVE-2020-36222 SUSE bug 1182419 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). Moderate CVE-2020-36223 SUSE bug 1182418 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. Moderate CVE-2020-36224 SUSE bug 1182417 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. Important CVE-2020-36225 SUSE bug 1182416 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. Moderate CVE-2020-36226 SUSE bug 1182415 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. Important CVE-2020-36227 SUSE bug 1182413 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. Important CVE-2020-36228 SUSE bug 1182412 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. Important CVE-2020-36229 SUSE bug 1182408 SUSE bug 1182411 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. Moderate CVE-2020-36230 SUSE bug 1182408 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. Important CVE-2020-36242 SUSE bug 1182066 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. Low CVE-2020-36312 SUSE bug 1184509 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. Moderate CVE-2020-36313 SUSE bug 1184504 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. Important CVE-2020-36322 SUSE bug 1184211 SUSE bug 1184952 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. Important CVE-2020-36327 SUSE bug 1185842 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Critical CVE-2020-36328 SUSE bug 1185688 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Moderate CVE-2020-36329 SUSE bug 1185652 SUSE bug 1187486 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. Important CVE-2020-36330 SUSE bug 1185691 SUSE bug 1187486 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Critical CVE-2020-36331 SUSE bug 1185686 SUSE bug 1187486 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. Important CVE-2020-36332 SUSE bug 1185674 SUSE bug 1187486 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. Important CVE-2020-36385 SUSE bug 1187050 SUSE bug 1187052 SUSE bug 1196174 SUSE bug 1196810 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. Moderate CVE-2020-36386 SUSE bug 1187038 SUSE bug 1192868 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150 Important CVE-2020-3702 SUSE bug 1191193 SUSE bug 1191529 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service. Moderate CVE-2020-3862 SUSE bug 1163809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. Moderate CVE-2020-3864 SUSE bug 1163809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-3865 SUSE bug 1163809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2020-3867 SUSE bug 1163809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-3868 SUSE bug 1163809 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. Moderate CVE-2020-3885 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. Moderate CVE-2020-3894 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-3895 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. Moderate CVE-2020-3897 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. Important CVE-2020-3898 SUSE bug 1168422 SUSE bug 1170671 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. Moderate CVE-2020-3899 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-3900 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-3901 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. Moderate CVE-2020-3902 SUSE bug 1170643 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well. Important CVE-2020-4044 SUSE bug 1173580 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1. Moderate CVE-2020-4054 SUSE bug 1173255 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible. Moderate CVE-2020-5236 SUSE bug 1162656 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. Moderate CVE-2020-5247 SUSE bug 1165402 SUSE bug 1165524 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. Important CVE-2020-5260 SUSE bug 1168930 SUSE bug 1169936 SUSE bug 1170741 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. Moderate CVE-2020-5267 SUSE bug 1167240 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. Important CVE-2020-5311 SUSE bug 1160151 SUSE bug 1173420 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. Important CVE-2020-5312 SUSE bug 1160152 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. Important CVE-2020-5313 SUSE bug 1160153 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. Moderate CVE-2020-5390 SUSE bug 1160851 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. Moderate CVE-2020-5419 SUSE bug 1175985 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Moderate CVE-2020-6463 SUSE bug 1171975 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Important CVE-2020-6514 SUSE bug 1174189 SUSE bug 1174538 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. Important CVE-2020-6796 SUSE bug 1163368 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. Important CVE-2020-6797 SUSE bug 1163368 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. Important CVE-2020-6798 SUSE bug 1163368 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. Important CVE-2020-6799 SUSE bug 1163368 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. Important CVE-2020-6800 SUSE bug 1163368 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Important CVE-2020-6805 SUSE bug 1166238 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Important CVE-2020-6806 SUSE bug 1166238 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Important CVE-2020-6807 SUSE bug 1166238 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Important CVE-2020-6811 SUSE bug 1166238 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Important CVE-2020-6812 SUSE bug 1166238 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Important CVE-2020-6814 SUSE bug 1166238 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. Important CVE-2020-6819 SUSE bug 1168630 SUSE bug 1168874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. Important CVE-2020-6820 SUSE bug 1168630 SUSE bug 1168874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. Important CVE-2020-6821 SUSE bug 1168630 SUSE bug 1168874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. Important CVE-2020-6822 SUSE bug 1168630 SUSE bug 1168874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. Important CVE-2020-6825 SUSE bug 1168630 SUSE bug 1168874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. Important CVE-2020-6827 SUSE bug 1168874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. Important CVE-2020-6828 SUSE bug 1168874 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. Moderate CVE-2020-6829 SUSE bug 1174763 SUSE bug 1175686 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Important CVE-2020-6831 SUSE bug 1171186 SUSE bug 1171247 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. Important CVE-2020-6851 SUSE bug 1160782 SUSE bug 1162090 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. Moderate CVE-2020-7009 SUSE bug 1168277 SUSE bug 1172508 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. Moderate CVE-2020-7012 SUSE bug 1172569 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. Moderate CVE-2020-7013 SUSE bug 1172568 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. Moderate CVE-2020-7014 SUSE bug 1172508 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization. Low CVE-2020-7015 SUSE bug 1172567 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead to the Kibana process consuming large amounts of CPU and becoming unresponsive. Moderate CVE-2020-7016 SUSE bug 1174586 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization could obtain sensitive information or perform destructive actions on behalf of Kibana users who view the region map visualization. Important CVE-2020-7017 SUSE bug 1044849 SUSE bug 1174584 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. Moderate CVE-2020-7019 SUSE bug 1175473 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details. Low CVE-2020-7021 SUSE bug 1182124 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. Important CVE-2020-7039 SUSE bug 1161066 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. Moderate CVE-2020-7053 SUSE bug 1160966 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Moderate CVE-2020-7211 SUSE bug 1161180 SUSE bug 1161181 SUSE bug 1178658 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). Important CVE-2020-7212 SUSE bug 1166069 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. Important CVE-2020-7221 SUSE bug 1160285 SUSE bug 1160868 SUSE bug 1160895 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL. Important CVE-2020-7471 SUSE bug 1161919 SUSE bug 1161920 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. Important CVE-2020-7598 SUSE bug 1166916 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true Important CVE-2020-7774 SUSE bug 1184450 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects: MongoDB Inc. MongoDB Server 4.2 versions prior to 4.2.3; 4.0 versions prior to 4.0.15; 4.3 versions prior to 4.3.3; 3.6 versions prior to 3.6.18. Low CVE-2020-7921 SUSE bug 1171353 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. Moderate CVE-2020-8013 SUSE bug 1163922 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1. Important CVE-2020-8022 SUSE bug 1172405 SUSE bug 1172562 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SECURITY, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to escalate privileges from user ldap to root. This issue affects: SUSE Enterprise Storage 5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Debuginfo 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Debuginfo 11-SP4 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Point of Sale 11-SP3 openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 11-SECURITY openldap2-client-openssl1 versions prior to 2.4.26-0.74.13.1. SUSE Linux Enterprise Server 11-SP4-LTSS openldap2 versions prior to 2.4.26-0.74.13.1,. SUSE Linux Enterprise Server 12-SP2-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP2-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-BCL openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP3-LTSS openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP4 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 12-SP5 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.31.1. SUSE Linux Enterprise Server for SAP 12-SP2 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 12-SP3 openldap2 versions prior to 2.4.41-18.71.2. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.31.1. SUSE OpenStack Cloud 7 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud 8 openldap2 versions prior to 2.4.41-18.71.2. SUSE OpenStack Cloud Crowbar 8 openldap2 versions prior to 2.4.41-18.71.2. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.12.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.3.1. Important CVE-2020-8023 SUSE bug 1172698 SUSE bug 1190347 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624. Moderate CVE-2020-8025 SUSE bug 1171883 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. Important CVE-2020-8032 SUSE bug 1180669 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. Moderate CVE-2020-8036 SUSE bug 1178460 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Moderate CVE-2020-8037 SUSE bug 1178466 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. Important CVE-2020-8112 SUSE bug 1162090 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE OpenStack Cloud 7 There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. Moderate CVE-2020-8151 SUSE bug 1171560 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. Moderate CVE-2020-8161 SUSE bug 1172037 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. Moderate CVE-2020-8162 SUSE bug 1172163 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. Important CVE-2020-8163 SUSE bug 1173144 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. Important CVE-2020-8164 SUSE bug 1172177 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. Critical CVE-2020-8165 SUSE bug 1172186 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. Moderate CVE-2020-8166 SUSE bug 1172182 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. Moderate CVE-2020-8167 SUSE bug 1172184 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. Important CVE-2020-8172 SUSE bug 1172441 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Critical CVE-2020-8174 SUSE bug 1172443 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. Important CVE-2020-8177 SUSE bug 1173027 SUSE bug 1186108 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. Moderate CVE-2020-8184 SUSE bug 1173351 SUSE bug 1177352 SUSE bug 1193081 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. Moderate CVE-2020-8185 SUSE bug 1173564 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. Moderate CVE-2020-8201 SUSE bug 1176605 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. Important CVE-2020-8251 SUSE bug 1176604 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. Important CVE-2020-8252 SUSE bug 1176589 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware. Moderate CVE-2020-8264 SUSE bug 1177521 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. Important CVE-2020-8265 SUSE bug 1180553 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. Important CVE-2020-8277 SUSE bug 1178882 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Moderate CVE-2020-8286 SUSE bug 1179593 SUSE bug 1186108 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. Moderate CVE-2020-8287 SUSE bug 1180554 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. Moderate CVE-2020-8315 SUSE bug 1173935 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7 fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. Moderate CVE-2020-8428 SUSE bug 1162109 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. Important CVE-2020-8449 SUSE bug 1162687 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Important CVE-2020-8450 SUSE bug 1162687 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. Moderate CVE-2020-8492 SUSE bug 1162367 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. Important CVE-2020-8517 SUSE bug 1162691 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Important CVE-2020-8597 SUSE bug 1162610 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. Important CVE-2020-8608 SUSE bug 1163018 SUSE bug 1163019 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:sles:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. Important CVE-2020-8616 SUSE bug 1109160 SUSE bug 1171740 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. Important CVE-2020-8617 SUSE bug 1109160 SUSE bug 1171740 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. Important CVE-2020-8622 SUSE bug 1175443 SUSE bug 1188888 SUSE bug 1191120 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch Important CVE-2020-8625 SUSE bug 1182246 SUSE bug 1182483 SUSE bug 1192708 SUSE bug 1196172 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. Moderate CVE-2020-8647 SUSE bug 1162929 SUSE bug 1164078 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Moderate CVE-2020-8648 SUSE bug 1162928 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Moderate CVE-2020-8649 SUSE bug 1162929 SUSE bug 1162931 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-8694 SUSE bug 1170415 SUSE bug 1170446 SUSE bug 1178591 SUSE bug 1178700 SUSE bug 1179661 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Moderate CVE-2020-8695 SUSE bug 1170415 SUSE bug 1170446 SUSE bug 1178591 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-8696 SUSE bug 1173592 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2020-8698 SUSE bug 1173594 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file") Important CVE-2020-8834 SUSE bug 1168276 SUSE bug 1173945 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) Important CVE-2020-8835 SUSE bug 1167722 SUSE bug 1173755 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug. Low CVE-2020-8991 SUSE bug 1164126 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. Low CVE-2020-8992 SUSE bug 1164069 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. Moderate CVE-2020-9327 SUSE bug 1164719 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. Moderate CVE-2020-9383 SUSE bug 1165111 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. Important CVE-2020-9402 SUSE bug 1165022 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. Important CVE-2020-9484 SUSE bug 1171928 SUSE bug 1182909 SUSE bug 1195255 SUSE bug 1196395 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Important CVE-2020-9490 SUSE bug 1175071 SUSE bug 1178074 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-9802 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-9803 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2020-9805 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-9806 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-9807 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. Important CVE-2020-9843 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. Important CVE-2020-9850 SUSE bug 1173998 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. Moderate CVE-2020-9862 SUSE bug 1174662 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Moderate CVE-2020-9893 SUSE bug 1174662 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Moderate CVE-2020-9894 SUSE bug 1174662 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Moderate CVE-2020-9895 SUSE bug 1174662 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Moderate CVE-2020-9915 SUSE bug 1174662 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. Moderate CVE-2020-9925 SUSE bug 1174662 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2020-9947 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Moderate CVE-2020-9948 SUSE bug 1179122 SUSE bug 1179910 SUSE bug 1179911 SUSE bug 1179912 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2020-9951 SUSE bug 1179122 SUSE bug 1179910 SUSE bug 1179911 SUSE bug 1179912 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. Important CVE-2020-9952 SUSE bug 1179122 SUSE bug 1179910 SUSE bug 1179911 SUSE bug 1179912 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. Important CVE-2020-9983 SUSE bug 1179122 SUSE bug 1179910 SUSE bug 1179911 SUSE bug 1179912 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Moderate CVE-2021-0089 SUSE bug 1186433 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. Moderate CVE-2021-0127 SUSE bug 1195779 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Moderate CVE-2021-0129 SUSE bug 1186463 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2021-0145 SUSE bug 1195780 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Important CVE-2021-0146 SUSE bug 1192615 SUSE bug 1193500 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 Important CVE-2021-0326 SUSE bug 1181777 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. Important CVE-2021-0342 SUSE bug 1180812 SUSE bug 1180859 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel Important CVE-2021-0512 SUSE bug 1187595 SUSE bug 1187597 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 Important CVE-2021-0605 SUSE bug 1187601 SUSE bug 1187687 SUSE bug 1188381 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel Important CVE-2021-0920 SUSE bug 1193731 SUSE bug 1194463 SUSE bug 1195939 SUSE bug 1199255 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel Important CVE-2021-0935 SUSE bug 1192032 SUSE bug 1192042 SUSE bug 1196722 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition. Important CVE-2021-1252 SUSE bug 1184532 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. Important CVE-2021-1404 SUSE bug 1184533 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Important CVE-2021-1405 SUSE bug 1184534 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. Important CVE-2021-1765 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-1788 SUSE bug 1184155 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-1789 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. Important CVE-2021-1799 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Important CVE-2021-1801 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-1817 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. Important CVE-2021-1820 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. Important CVE-2021-1825 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2021-1826 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-1844 SUSE bug 1184155 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2021-1870 SUSE bug 1184262 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2021-1871 SUSE bug 1184155 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected. Moderate CVE-2021-20177 SUSE bug 1180765 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2021-20178 SUSE bug 1180816 SUSE bug 1186493 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2021-20180 SUSE bug 1180942 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Important CVE-2021-20181 SUSE bug 1182137 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. Moderate CVE-2021-20194 SUSE bug 1181637 SUSE bug 1182010 SUSE bug 1182330 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Low CVE-2021-20196 SUSE bug 1181361 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Moderate CVE-2021-20197 SUSE bug 1181452 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection. Moderate CVE-2021-20201 SUSE bug 1181686 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Low CVE-2021-20203 SUSE bug 1181639 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. Moderate CVE-2021-20205 SUSE bug 1183362 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. Moderate CVE-2021-20208 SUSE bug 1183239 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability. Moderate CVE-2021-20219 SUSE bug 1184397 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Moderate CVE-2021-20221 SUSE bug 1181933 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-20225 SUSE bug 1182262 SUSE bug 1192833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. Important CVE-2021-20226 SUSE bug 1180564 SUSE bug 1181846 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. Low CVE-2021-20227 SUSE bug 1181261 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2021-20229 SUSE bug 1182039 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality. Important CVE-2021-20230 SUSE bug 1177580 SUSE bug 1182529 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Important CVE-2021-20231 SUSE bug 1183457 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Important CVE-2021-20232 SUSE bug 1183456 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-20233 SUSE bug 1182263 SUSE bug 1183135 SUSE bug 1192833 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2021-20239 SUSE bug 1182010 SUSE bug 1182330 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-20240 SUSE bug 1182410 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20241 SUSE bug 1182335 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Moderate CVE-2021-20248 SUSE bug 1183547 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. Important CVE-2021-20254 SUSE bug 1184677 SUSE bug 1185886 SUSE bug 1189860 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Low CVE-2021-20255 SUSE bug 1182651 SUSE bug 1182654 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Low CVE-2021-20257 SUSE bug 1182577 SUSE bug 1182846 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20265 SUSE bug 1183089 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2021-20268 SUSE bug 1183077 SUSE bug 1183095 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. Important CVE-2021-20277 SUSE bug 1183574 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20284 SUSE bug 1183511 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. Moderate CVE-2021-20294 SUSE bug 1184519 SUSE bug 1196680 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20296 SUSE bug 1184354 SUSE bug 1184355 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20297 SUSE bug 1184433 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2021-20298 SUSE bug 1188460 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20299 SUSE bug 1188459 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20300 SUSE bug 1188458 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-20302 SUSE bug 1188462 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. Moderate CVE-2021-20303 SUSE bug 1188457 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2021-20304 SUSE bug 1188461 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2021-20305 SUSE bug 1183835 SUSE bug 1184401 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Important CVE-2021-20322 SUSE bug 1191790 SUSE bug 1191813 SUSE bug 1193290 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library. Moderate CVE-2021-21240 SUSE bug 1182053 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. Important CVE-2021-21300 SUSE bug 1183026 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process. Important CVE-2021-21419 SUSE bug 1185836 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Moderate CVE-2021-2161 SUSE bug 1185056 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). Moderate CVE-2021-2163 SUSE bug 1185055 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. Important CVE-2021-21775 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. Important CVE-2021-21779 SUSE bug 1188293 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Important CVE-2021-21806 SUSE bug 1188294 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2 Moderate CVE-2021-22132 SUSE bug 1182183 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view. Low CVE-2021-22134 SUSE bug 1183068 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view. Low CVE-2021-22135 SUSE bug 1184886 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out. Moderate CVE-2021-22136 SUSE bug 1184860 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. Low CVE-2021-22137 SUSE bug 1184885 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data. Low CVE-2021-22138 SUSE bug 1186055 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users. Moderate CVE-2021-22139 SUSE bug 1185776 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2021-22142 SUSE bug 1186867 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node. Moderate CVE-2021-22144 SUSE bug 1188880 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details. Important CVE-2021-22145 SUSE bug 1188596 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view. Moderate CVE-2021-22147 SUSE bug 1189168 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file Moderate CVE-2021-22173 SUSE bug 1181598 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file Moderate CVE-2021-22174 SUSE bug 1181599 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. Important CVE-2021-22191 SUSE bug 1183353 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space Important CVE-2021-22555 SUSE bug 1188116 SUSE bug 1188117 SUSE bug 1188411 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website. Moderate CVE-2021-22881 SUSE bug 1182160 SUSE bug 1185772 SUSE bug 1189627 SUSE bug 1193764 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. Important CVE-2021-22883 SUSE bug 1182619 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. Moderate CVE-2021-22884 SUSE bug 1182620 SUSE bug 1188549 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Important CVE-2021-22885 SUSE bug 1185715 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. Moderate CVE-2021-22890 SUSE bug 1183934 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. Moderate CVE-2021-22902 SUSE bug 1185771 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`. Moderate CVE-2021-22903 SUSE bug 1185772 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). Moderate CVE-2021-22918 SUSE bug 1187973 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. Moderate CVE-2021-22921 SUSE bug 1187975 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Critical CVE-2021-22930 SUSE bug 1188917 SUSE bug 1189368 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. Important CVE-2021-22931 SUSE bug 1189370 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. Moderate CVE-2021-22939 SUSE bug 1189369 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Critical CVE-2021-22940 SUSE bug 1189368 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. Moderate CVE-2021-22942 SUSE bug 1189627 SUSE bug 1193764 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. Important CVE-2021-23134 SUSE bug 1186060 SUSE bug 1186061 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. Important CVE-2021-23214 SUSE bug 1192516 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. Important CVE-2021-23222 SUSE bug 1192516 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. Moderate CVE-2021-23239 SUSE bug 1171722 SUSE bug 1180684 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. Important CVE-2021-23240 SUSE bug 1171722 SUSE bug 1180685 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. Moderate CVE-2021-23336 SUSE bug 1182179 SUSE bug 1182379 SUSE bug 1182433 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. Moderate CVE-2021-23362 SUSE bug 1187977 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Moderate CVE-2021-2341 SUSE bug 1188564 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). Moderate CVE-2021-2369 SUSE bug 1188565 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). Moderate CVE-2021-23839 SUSE bug 1182332 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). Moderate CVE-2021-23840 SUSE bug 1182333 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). Moderate CVE-2021-23841 SUSE bug 1182331 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Important CVE-2021-2388 SUSE bug 1188566 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Important CVE-2021-23953 SUSE bug 1181414 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Important CVE-2021-23954 SUSE bug 1181414 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Important CVE-2021-23960 SUSE bug 1181414 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. Important CVE-2021-23961 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Important CVE-2021-23964 SUSE bug 1181414 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Moderate CVE-2021-23968 SUSE bug 1182614 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Moderate CVE-2021-23969 SUSE bug 1182614 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Moderate CVE-2021-23973 SUSE bug 1182614 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Moderate CVE-2021-23978 SUSE bug 1182614 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Important CVE-2021-23981 SUSE bug 1183942 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Important CVE-2021-23982 SUSE bug 1183942 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Important CVE-2021-23984 SUSE bug 1183942 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Important CVE-2021-23987 SUSE bug 1183942 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Important CVE-2021-23994 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Important CVE-2021-23995 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Important CVE-2021-23998 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Important CVE-2021-23999 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Important CVE-2021-24002 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Low CVE-2021-2432 SUSE bug 1188568 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. Important CVE-2021-25122 SUSE bug 1182912 SUSE bug 1188549 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. Moderate CVE-2021-25214 SUSE bug 1185345 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. Moderate CVE-2021-25215 SUSE bug 1185345 SUSE bug 1189848 SUSE bug 1196172 SUSE bug 1199298 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security. Moderate CVE-2021-25216 SUSE bug 1185345 SUSE bug 1189848 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. Important CVE-2021-25217 SUSE bug 1186382 SUSE bug 1189843 SUSE bug 1189858 SUSE bug 1199299 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. Critical CVE-2021-25287 SUSE bug 1185805 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. Important CVE-2021-25288 SUSE bug 1185803 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. Critical CVE-2021-25289 SUSE bug 1183103 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. Important CVE-2021-25290 SUSE bug 1183105 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. Important CVE-2021-25291 SUSE bug 1183106 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. Important CVE-2021-25293 SUSE bug 1183102 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions. Moderate CVE-2021-25317 SUSE bug 1184161 SUSE bug 1192358 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. Moderate CVE-2021-25321 SUSE bug 1186240 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. Important CVE-2021-25329 SUSE bug 1182909 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. Moderate CVE-2021-26401 SUSE bug 1191580 SUSE bug 1196901 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service Important CVE-2021-26690 SUSE bug 1186923 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow Important CVE-2021-26691 SUSE bug 1187017 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. Important CVE-2021-26708 SUSE bug 1181806 SUSE bug 1183298 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. Important CVE-2021-26930 SUSE bug 1181843 SUSE bug 1182294 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. Moderate CVE-2021-26931 SUSE bug 1181753 SUSE bug 1183022 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. Moderate CVE-2021-26932 SUSE bug 1181747 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. Moderate CVE-2021-26933 SUSE bug 1181756 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. Important CVE-2021-26934 SUSE bug 1181755 SUSE bug 1185892 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. Important CVE-2021-26937 SUSE bug 1182092 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. Important CVE-2021-27135 SUSE bug 1182091 SUSE bug 1189857 SUSE bug 1190262 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important CVE-2021-27212 SUSE bug 1182279 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. Moderate CVE-2021-27218 SUSE bug 1182328 SUSE bug 1182362 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Moderate CVE-2021-27219 SUSE bug 1182362 SUSE bug 1194015 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. Important CVE-2021-27290 SUSE bug 1187976 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. Important CVE-2021-27358 SUSE bug 1183803 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. Important CVE-2021-27363 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183120 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. Important CVE-2021-27364 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. Important CVE-2021-27365 SUSE bug 1182712 SUSE bug 1182715 SUSE bug 1183491 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. Important CVE-2021-27379 SUSE bug 1182431 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. Moderate CVE-2021-27645 SUSE bug 1182733 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Important CVE-2021-27803 SUSE bug 1182805 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. Moderate CVE-2021-27919 SUSE bug 1183334 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. Moderate CVE-2021-27922 SUSE bug 1183108 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. Moderate CVE-2021-27923 SUSE bug 1183107 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access. Moderate CVE-2021-27962 SUSE bug 1184371 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. Moderate CVE-2021-28038 SUSE bug 1183022 SUSE bug 1183069 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. Moderate CVE-2021-28039 SUSE bug 1183035 SUSE bug 1183071 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. Important CVE-2021-28041 SUSE bug 1183137 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have. Moderate CVE-2021-28146 SUSE bug 1183811 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have. Moderate CVE-2021-28147 SUSE bug 1183809 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance. Important CVE-2021-28148 SUSE bug 1183813 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An unlimited recursion in DxeCore in EDK II. Moderate CVE-2021-28210 SUSE bug 1183579 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Moderate CVE-2021-28211 SUSE bug 1183578 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. Moderate CVE-2021-28363 SUSE bug 1183630 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Important CVE-2021-28375 SUSE bug 1183596 SUSE bug 1184955 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. Moderate CVE-2021-28658 SUSE bug 1184148 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. Important CVE-2021-28660 SUSE bug 1183593 SUSE bug 1183658 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load. Important CVE-2021-28675 SUSE bug 1185804 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load. Moderate CVE-2021-28676 SUSE bug 1185786 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening. Important CVE-2021-28677 SUSE bug 1185785 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data. Important CVE-2021-28678 SUSE bug 1185784 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. Moderate CVE-2021-28690 SUSE bug 1186434 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded. Moderate CVE-2021-28692 SUSE bug 1186429 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). Important CVE-2021-28694 SUSE bug 1189373 SUSE bug 1189980 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). Important CVE-2021-28695 SUSE bug 1189373 SUSE bug 1189980 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). Important CVE-2021-28696 SUSE bug 1189373 SUSE bug 1189980 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. Important CVE-2021-28697 SUSE bug 1189376 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of "cooperating" guests may, however, cause the effects to be more severe. Moderate CVE-2021-28698 SUSE bug 1189378 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. Important CVE-2021-28701 SUSE bug 1189632 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). Moderate CVE-2021-28704 SUSE bug 1192557 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) Moderate CVE-2021-28705 SUSE bug 1192559 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound. Moderate CVE-2021-28706 SUSE bug 1192554 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). Moderate CVE-2021-28707 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). Moderate CVE-2021-28708 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) Moderate CVE-2021-28709 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Moderate CVE-2021-28711 SUSE bug 1193440 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Moderate CVE-2021-28712 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Moderate CVE-2021-28713 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) Moderate CVE-2021-28715 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. Moderate CVE-2021-28950 SUSE bug 1184194 SUSE bug 1184211 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. Moderate CVE-2021-28951 SUSE bug 1184195 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) Important CVE-2021-28952 SUSE bug 1184197 SUSE bug 1184199 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. Moderate CVE-2021-28972 SUSE bug 1184198 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Important CVE-2021-29154 SUSE bug 1184391 SUSE bug 1184710 SUSE bug 1186408 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. Moderate CVE-2021-29264 SUSE bug 1184168 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. Moderate CVE-2021-29265 SUSE bug 1184167 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. Low CVE-2021-29338 SUSE bug 1184774 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. Low CVE-2021-29646 SUSE bug 1184191 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. Moderate CVE-2021-29647 SUSE bug 1184192 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. Moderate CVE-2021-29648 SUSE bug 1184200 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. Moderate CVE-2021-29649 SUSE bug 1184205 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. Moderate CVE-2021-29650 SUSE bug 1184208 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Important CVE-2021-29945 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Important CVE-2021-29946 SUSE bug 1184960 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. Moderate CVE-2021-29951 SUSE bug 1185633 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Moderate CVE-2021-29964 SUSE bug 1186696 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Moderate CVE-2021-29967 SUSE bug 1186696 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. Important CVE-2021-29970 SUSE bug 1188275 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. Important CVE-2021-29976 SUSE bug 1188275 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Important CVE-2021-29980 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. Moderate CVE-2021-29981 SUSE bug 1189631 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Moderate CVE-2021-29982 SUSE bug 1189630 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91. Low CVE-2021-29983 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Important CVE-2021-29984 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Important CVE-2021-29985 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Important CVE-2021-29986 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. Moderate CVE-2021-29987 SUSE bug 1189629 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Important CVE-2021-29988 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. Important CVE-2021-29989 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. Moderate CVE-2021-29990 SUSE bug 1189628 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. Important CVE-2021-29991 SUSE bug 1189547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Moderate CVE-2021-30002 SUSE bug 1184120 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. Moderate CVE-2021-30004 SUSE bug 1184348 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987. Low CVE-2021-30178 SUSE bug 1184499 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. Critical CVE-2021-30498 SUSE bug 1184752 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. Critical CVE-2021-30499 SUSE bug 1184751 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Important CVE-2021-30547 SUSE bug 1187141 SUSE bug 1188275 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' Moderate CVE-2021-30641 SUSE bug 1187174 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2021-30661 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30663 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2021-30665 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2021-30666 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. Important CVE-2021-30682 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2021-30689 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers. Important CVE-2021-30720 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30734 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2021-30744 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30749 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30758 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2021-30761 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2021-30762 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30795 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. Important CVE-2021-30797 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30799 SUSE bug 1188697 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30809 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30818 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS. Important CVE-2021-30823 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory. Important CVE-2021-30836 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30846 SUSE bug 1192063 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. Important CVE-2021-30848 SUSE bug 1192063 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30849 SUSE bug 1192063 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. Important CVE-2021-30851 SUSE bug 1192063 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Important CVE-2021-30858 SUSE bug 1190701 SUSE bug 1191298 SUSE bug 1191301 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history. Important CVE-2021-30884 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. Important CVE-2021-30887 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior . Important CVE-2021-30888 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30889 SUSE bug 1194019 SUSE bug 1194135 SUSE bug 1194138 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. Important CVE-2021-30890 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin. Important CVE-2021-30897 SUSE bug 1194019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30934 SUSE bug 1195064 SUSE bug 1196393 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30936 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30951 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30952 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30953 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30954 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2021-30984 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session. Important CVE-2021-31535 SUSE bug 1182506 SUSE bug 1191879 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. Moderate CVE-2021-31542 SUSE bug 1185623 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Important CVE-2021-3156 SUSE bug 1180684 SUSE bug 1181090 SUSE bug 1181506 SUSE bug 1181657 SUSE bug 1183936 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released. Important CVE-2021-31618 SUSE bug 1186924 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. Moderate CVE-2021-3177 SUSE bug 1181126 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. Important CVE-2021-31799 SUSE bug 1190375 SUSE bug 1196771 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). Important CVE-2021-31810 SUSE bug 1188161 SUSE bug 1193383 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. Important CVE-2021-3185 SUSE bug 1181255 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Moderate CVE-2021-31916 SUSE bug 1192781 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service Important CVE-2021-3200 SUSE bug 1186229 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-32027 SUSE bug 1185924 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality. Moderate CVE-2021-32028 SUSE bug 1185925 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." Important CVE-2021-32066 SUSE bug 1188160 SUSE bug 1196771 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. Moderate CVE-2021-32280 SUSE bug 1192019 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. Important CVE-2021-32399 SUSE bug 1184611 SUSE bug 1185898 SUSE bug 1185899 SUSE bug 1196174 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Critical CVE-2021-3246 SUSE bug 1188540 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences. Important CVE-2021-32491 SUSE bug 1185900 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences. Important CVE-2021-32492 SUSE bug 1185904 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences. Important CVE-2021-32493 SUSE bug 1185905 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. Moderate CVE-2021-3272 SUSE bug 1181483 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. Moderate CVE-2021-3281 SUSE bug 1181379 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. Critical CVE-2021-32810 SUSE bug 1191332 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. Moderate CVE-2021-33033 SUSE bug 1186109 SUSE bug 1186283 SUSE bug 1188876 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. Important CVE-2021-33034 SUSE bug 1186111 SUSE bug 1186285 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host. Moderate CVE-2021-3308 SUSE bug 1181254 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. Moderate CVE-2021-33098 SUSE bug 1192877 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. Moderate CVE-2021-33120 SUSE bug 1195781 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. Moderate CVE-2021-33203 SUSE bug 1186608 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. Important CVE-2021-3345 SUSE bug 1181632 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE OpenStack Cloud 7 An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. Important CVE-2021-3347 SUSE bug 1181349 SUSE bug 1181553 SUSE bug 1190859 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:sles-espos:12:sp2 cpe:/o:suse:sles-ltss:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. Moderate CVE-2021-3348 SUSE bug 1181504 SUSE bug 1181645 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. Important CVE-2021-33503 SUSE bug 1187045 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Important CVE-2021-33560 SUSE bug 1187212 SUSE bug 1189854 SUSE bug 1199664 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . Important CVE-2021-33571 SUSE bug 1186611 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. Moderate CVE-2021-33574 SUSE bug 1186489 SUSE bug 1189426 SUSE bug 1192788 SUSE bug 1196766 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. Important CVE-2021-33657 SUSE bug 1198001 SUSE bug 1199105 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Important CVE-2021-33909 SUSE bug 1188062 SUSE bug 1188063 SUSE bug 1188257 SUSE bug 1190859 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. Moderate CVE-2021-33910 SUSE bug 1188062 SUSE bug 1188063 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. Low CVE-2021-3392 SUSE bug 1189236 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. Low CVE-2021-3393 SUSE bug 1182040 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2021-3408 SUSE bug 1182263 SUSE bug 1183135 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. Moderate CVE-2021-3409 SUSE bug 1182282 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Moderate CVE-2021-3411 SUSE bug 1182498 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. Low CVE-2021-3416 SUSE bug 1182968 SUSE bug 1186473 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. Moderate CVE-2021-3418 SUSE bug 1182890 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Moderate CVE-2021-3419 SUSE bug 1182968 SUSE bug 1182975 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. Moderate CVE-2021-3426 SUSE bug 1183374 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. Important CVE-2021-3444 SUSE bug 1184170 SUSE bug 1184171 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. Moderate CVE-2021-3448 SUSE bug 1183709 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). Important CVE-2021-3449 SUSE bug 1183852 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). Important CVE-2021-3450 SUSE bug 1183851 SUSE bug 1188549 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Important CVE-2021-34552 SUSE bug 1188574 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. Moderate CVE-2021-34556 SUSE bug 1188983 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. Important CVE-2021-3466 SUSE bug 1184398 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. Moderate CVE-2021-3468 SUSE bug 1184521 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. Moderate CVE-2021-34693 SUSE bug 1187452 SUSE bug 1192868 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-3472 SUSE bug 1180128 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. Moderate CVE-2021-3474 SUSE bug 1184174 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. Moderate CVE-2021-3476 SUSE bug 1184172 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. Moderate CVE-2021-3478 SUSE bug 1184352 SUSE bug 1184354 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. Important CVE-2021-3479 SUSE bug 1184354 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Important CVE-2021-34798 SUSE bug 1190669 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected Moderate CVE-2021-3483 SUSE bug 1184393 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. Moderate CVE-2021-3487 SUSE bug 1184620 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2021-34981 SUSE bug 1191961 SUSE bug 1192595 SUSE bug 1196722 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. Important CVE-2021-3500 SUSE bug 1186253 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. Critical CVE-2021-35042 SUSE bug 1187785 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. Moderate CVE-2021-3516 SUSE bug 1185409 SUSE bug 1191860 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Important CVE-2021-3517 SUSE bug 1185410 SUSE bug 1191860 SUSE bug 1194438 SUSE bug 1196383 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. Moderate CVE-2021-3518 SUSE bug 1185408 SUSE bug 1191860 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. Low CVE-2021-3527 SUSE bug 1186012 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Important CVE-2021-3537 SUSE bug 1185698 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Important CVE-2021-3542 SUSE bug 1184673 SUSE bug 1186063 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. Moderate CVE-2021-35477 SUSE bug 1188985 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). Moderate CVE-2021-35550 SUSE bug 1191901 SUSE bug 1193314 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2021-35556 SUSE bug 1191910 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2021-35559 SUSE bug 1191911 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). Important CVE-2021-35560 SUSE bug 1191902 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2021-35561 SUSE bug 1191912 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2021-35564 SUSE bug 1191913 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2021-35565 SUSE bug 1191909 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). Moderate CVE-2021-35567 SUSE bug 1191903 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2021-35578 SUSE bug 1191904 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2021-35586 SUSE bug 1191914 SUSE bug 1194928 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). Low CVE-2021-35588 SUSE bug 1191905 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-3560 SUSE bug 1186497 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Low CVE-2021-35603 SUSE bug 1191906 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. Moderate CVE-2021-3561 SUSE bug 1186329 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. Moderate CVE-2021-3564 SUSE bug 1186207 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability. Important CVE-2021-3567 SUSE bug 1186617 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. Important CVE-2021-3570 SUSE bug 1187646 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. Important CVE-2021-3580 SUSE bug 1187060 SUSE bug 1187892 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. Moderate CVE-2021-3583 SUSE bug 1188061 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Low CVE-2021-3592 SUSE bug 1187364 SUSE bug 1187369 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Low CVE-2021-3593 SUSE bug 1187365 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Low CVE-2021-3594 SUSE bug 1187367 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. Moderate CVE-2021-35942 SUSE bug 1187911 SUSE bug 1192788 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. Low CVE-2021-3595 SUSE bug 1187366 SUSE bug 1187376 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Moderate CVE-2021-3598 SUSE bug 1187310 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. Important CVE-2021-3605 SUSE bug 1187395 SUSE bug 1191176 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Important CVE-2021-3609 SUSE bug 1187215 SUSE bug 1188323 SUSE bug 1188720 SUSE bug 1190276 SUSE bug 1196810 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. Moderate CVE-2021-3611 SUSE bug 1187529 SUSE bug 1193914 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. Moderate CVE-2021-3620 SUSE bug 1187725 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28. Important CVE-2021-3630 SUSE bug 1187869 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. Moderate CVE-2021-36386 SUSE bug 1188875 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. Important CVE-2021-3640 SUSE bug 1188172 SUSE bug 1188613 SUSE bug 1191530 SUSE bug 1196810 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. Important CVE-2021-3653 SUSE bug 1189399 SUSE bug 1189420 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. Moderate CVE-2021-3655 SUSE bug 1188563 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2021-3659 SUSE bug 1188876 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE OpenStack Cloud 7 A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. Important CVE-2021-3672 SUSE bug 1188881 SUSE bug 1193099 cpe:/o:suse:sles-bcl:12:sp2 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. Moderate CVE-2021-3679 SUSE bug 1189057 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. Moderate CVE-2021-3682 SUSE bug 1189145 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). Moderate CVE-2021-3712 SUSE bug 1189521 SUSE bug 1190129 SUSE bug 1191640 SUSE bug 1192100 SUSE bug 1192787 SUSE bug 1194948 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2021-3715 SUSE bug 1190349 SUSE bug 1190350 SUSE bug 1196722 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. Moderate CVE-2021-37159 SUSE bug 1188601 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A security issue was found in Linux kernel’s OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount. Moderate CVE-2021-3732 SUSE bug 1189706 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2021-3752 SUSE bug 1190023 SUSE bug 1190432 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. Moderate CVE-2021-3753 SUSE bug 1190025 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. Important CVE-2021-37576 SUSE bug 1188838 SUSE bug 1188842 SUSE bug 1190276 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. Moderate CVE-2021-3760 SUSE bug 1190067 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. Moderate CVE-2021-37600 SUSE bug 1188921 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Moderate CVE-2021-3772 SUSE bug 1190351 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2021-3781 SUSE bug 1190381 SUSE bug 1191712 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. Important CVE-2021-38160 SUSE bug 1190117 SUSE bug 1190118 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. Important CVE-2021-38185 SUSE bug 1189206 SUSE bug 1189486 SUSE bug 1192364 SUSE bug 1193391 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. Important CVE-2021-38198 SUSE bug 1189262 SUSE bug 1189278 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. Moderate CVE-2021-38204 SUSE bug 1189291 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. Moderate CVE-2021-38492 SUSE bug 1190269 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. Moderate CVE-2021-38495 SUSE bug 1190269 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. Moderate CVE-2021-38496 SUSE bug 1191332 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Moderate CVE-2021-38497 SUSE bug 1191332 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Moderate CVE-2021-38498 SUSE bug 1191332 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. Moderate CVE-2021-38500 SUSE bug 1191332 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Moderate CVE-2021-38501 SUSE bug 1191332 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38503 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38504 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38505 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38506 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38507 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38508 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38509 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Important CVE-2021-38510 SUSE bug 1192250 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Moderate CVE-2021-38598 SUSE bug 1189615 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Moderate CVE-2021-3896 SUSE bug 1191958 cpe:/o:suse:sles-bcl:12:sp2 SUSE OpenStack Cloud 7 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve. Important CVE-2021-39240 SUSE bug 1189549 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, such as in the "GET /admin? HTTP/1.1 /static/images HTTP/1.1" example. Important CVE-2021-39241 SUSE bug 1189366 cpe:/o:suse:suse-openstack-cloud:7 SUSE OpenStack Cloud 7 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled. Important CVE-2021-39242 SUSE bug 1189548 cpe:/o:suse:suse-openstack-cloud:7 SUSE Linux Enterprise Server 12 SP2-BCL ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. Important CVE-2021-39275 SUSE bug 1190666 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel Moderate CVE-2021-39648 SUSE bug 1193861 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel Low CVE-2021-39657 SUSE bug 1193864 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2021-3999 SUSE bug 1194640 SUSE bug 1196024 SUSE bug 1196389 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. Moderate CVE-2021-4002 SUSE bug 1192946 SUSE bug 1192973 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-4008 SUSE bug 1193030 SUSE bug 1194308 SUSE bug 1196656 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-4009 SUSE bug 1190487 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Important CVE-2021-4011 SUSE bug 1190489 SUSE bug 1196656 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. Important CVE-2021-4034 SUSE bug 1194568 SUSE bug 1195125 SUSE bug 1195136 SUSE bug 1195246 SUSE bug 1195265 SUSE bug 1195278 SUSE bug 1195528 SUSE bug 1195541 SUSE bug 1196165 SUSE bug 1196388 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Important CVE-2021-40438 SUSE bug 1190703 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Moderate CVE-2021-40490 SUSE bug 1190159 SUSE bug 1192775 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. Important CVE-2021-4083 SUSE bug 1193727 SUSE bug 1194460 SUSE bug 1196722 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. Low CVE-2021-41035 SUSE bug 1192052 SUSE bug 1194232 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. Moderate CVE-2021-4104 SUSE bug 1193662 SUSE bug 1193978 SUSE bug 1194016 SUSE bug 1194842 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2021-4140 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. Moderate CVE-2021-4149 SUSE bug 1194001 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2021-4155 SUSE bug 1194272 SUSE bug 1199255 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. Moderate CVE-2021-4156 SUSE bug 1194006 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Important CVE-2021-41617 SUSE bug 1190975 SUSE bug 1193460 SUSE bug 1193497 SUSE bug 1196721 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Moderate CVE-2021-4197 SUSE bug 1194302 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. Important CVE-2021-41991 SUSE bug 1191367 SUSE bug 1191435 SUSE bug 1192640 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. Important CVE-2021-42008 SUSE bug 1191315 SUSE bug 1191660 SUSE bug 1196722 SUSE bug 1196810 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. Important CVE-2021-4202 SUSE bug 1194529 SUSE bug 1194533 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Important CVE-2021-42739 SUSE bug 1184673 SUSE bug 1192036 SUSE bug 1196722 SUSE bug 1196914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. Important CVE-2021-42762 SUSE bug 1191937 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. Moderate CVE-2021-42779 SUSE bug 1191992 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. Low CVE-2021-42780 SUSE bug 1192005 SUSE bug 1196716 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. Important CVE-2021-42781 SUSE bug 1192000 SUSE bug 1192635 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. Important CVE-2021-42782 SUSE bug 1191957 SUSE bug 1192635 SUSE bug 1192643 SUSE bug 1192786 SUSE bug 1193388 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. Moderate CVE-2021-43389 SUSE bug 1191958 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. Important CVE-2021-43527 SUSE bug 1193170 SUSE bug 1193331 SUSE bug 1193378 SUSE bug 1194288 SUSE bug 1199301 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43536 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43537 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43538 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43539 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43541 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43542 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43543 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43545 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Important CVE-2021-43546 SUSE bug 1193485 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). Moderate CVE-2021-43976 SUSE bug 1192847 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. Critical CVE-2021-44142 SUSE bug 1194859 SUSE bug 1195611 SUSE bug 1196455 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Important CVE-2021-44224 SUSE bug 1193943 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. Moderate CVE-2021-44790 SUSE bug 1193942 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. Moderate CVE-2021-45079 SUSE bug 1194471 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. Moderate CVE-2021-45095 SUSE bug 1193867 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. Important CVE-2021-45417 SUSE bug 1194735 SUSE bug 1196390 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. Important CVE-2021-45444 SUSE bug 1196435 SUSE bug 1199097 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. Moderate CVE-2021-45481 SUSE bug 1194138 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889. Moderate CVE-2021-45482 SUSE bug 1194136 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889. Moderate CVE-2021-45483 SUSE bug 1194135 SUSE bug 1195064 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. Low CVE-2021-45485 SUSE bug 1194094 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. Low CVE-2021-45486 SUSE bug 1194087 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. Moderate CVE-2021-45868 SUSE bug 1197366 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). Moderate CVE-2021-45960 SUSE bug 1194251 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. Important CVE-2021-46143 SUSE bug 1194362 SUSE bug 1195327 SUSE bug 1196387 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Moderate CVE-2022-0001 SUSE bug 1191580 SUSE bug 1196901 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Moderate CVE-2022-0002 SUSE bug 1191580 SUSE bug 1196901 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-0135 SUSE bug 1195389 SUSE bug 1196396 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Important CVE-2022-0330 SUSE bug 1194880 SUSE bug 1195950 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Important CVE-2022-0492 SUSE bug 1195543 SUSE bug 1195908 SUSE bug 1196612 SUSE bug 1196776 SUSE bug 1198615 SUSE bug 1199255 SUSE bug 1199615 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. Important CVE-2022-0547 SUSE bug 1197341 SUSE bug 1199103 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. Moderate CVE-2022-0617 SUSE bug 1196079 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). Important CVE-2022-0778 SUSE bug 1196877 SUSE bug 1197328 SUSE bug 1197340 SUSE bug 1199100 SUSE bug 1199254 SUSE bug 1199303 SUSE bug 1199339 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-0850 SUSE bug 1196761 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-0934 SUSE bug 1197872 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-1016 SUSE bug 1197335 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Important CVE-2022-1048 SUSE bug 1197331 SUSE bug 1197597 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-1097 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. Moderate CVE-2022-1122 SUSE bug 1197738 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-1196 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-1271 SUSE bug 1198062 SUSE bug 1198812 SUSE bug 1199107 SUSE bug 1199108 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. Important CVE-2022-1304 SUSE bug 1198446 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. Important CVE-2022-20698 SUSE bug 1194731 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Moderate CVE-2022-21151 SUSE bug 1199423 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2022-21248 SUSE bug 1194926 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21271 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21277 SUSE bug 1194930 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2022-21282 SUSE bug 1194933 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21283 SUSE bug 1194937 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2022-21291 SUSE bug 1194925 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21293 SUSE bug 1194935 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21294 SUSE bug 1194934 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Moderate CVE-2022-21296 SUSE bug 1194932 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21299 SUSE bug 1194931 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Moderate CVE-2022-21305 SUSE bug 1194939 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21340 SUSE bug 1194940 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21341 SUSE bug 1194941 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21349 SUSE bug 1196500 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21360 SUSE bug 1194929 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21365 SUSE bug 1194928 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Moderate CVE-2022-21366 SUSE bug 1194927 SUSE bug 1197126 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. Important CVE-2022-22589 SUSE bug 1195735 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. Important CVE-2022-22590 SUSE bug 1195735 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Important CVE-2022-22592 SUSE bug 1195735 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. Important CVE-2022-22594 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Important CVE-2022-22620 SUSE bug 1196133 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-22624 SUSE bug 1198290 SUSE bug 1199111 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-22628 SUSE bug 1198290 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-22629 SUSE bug 1198290 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-22637 SUSE bug 1198290 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Moderate CVE-2022-22719 SUSE bug 1197091 SUSE bug 1198430 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Important CVE-2022-22720 SUSE bug 1197095 SUSE bug 1198430 SUSE bug 1198998 SUSE bug 1199102 SUSE bug 1199495 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Important CVE-2022-22721 SUSE bug 1197096 SUSE bug 1198430 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22737 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22738 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22739 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22740 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22741 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22742 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22743 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22744 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22745 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22746 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22747 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22748 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22751 SUSE bug 1194547 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22753 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22754 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22756 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22759 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22760 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22761 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22763 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-22764 SUSE bug 1195682 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Important CVE-2022-22822 SUSE bug 1194474 SUSE bug 1195327 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Important CVE-2022-22823 SUSE bug 1194476 SUSE bug 1195327 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Important CVE-2022-22824 SUSE bug 1194477 SUSE bug 1195327 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Important CVE-2022-22825 SUSE bug 1194478 SUSE bug 1195327 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Important CVE-2022-22826 SUSE bug 1194479 SUSE bug 1195327 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Important CVE-2022-22827 SUSE bug 1194480 SUSE bug 1195327 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. Moderate CVE-2022-22844 SUSE bug 1194539 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. Moderate CVE-2022-23034 SUSE bug 1194581 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid. Moderate CVE-2022-23035 SUSE bug 1194588 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Important CVE-2022-23036 SUSE bug 1196488 SUSE bug 1199099 SUSE bug 1199141 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Important CVE-2022-23037 SUSE bug 1199099 SUSE bug 1199141 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Important CVE-2022-23038 SUSE bug 1199099 SUSE bug 1199141 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Important CVE-2022-23039 SUSE bug 1199099 SUSE bug 1199141 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Important CVE-2022-23040 SUSE bug 1199099 SUSE bug 1199141 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Important CVE-2022-23041 SUSE bug 1199099 SUSE bug 1199141 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 Important CVE-2022-23042 SUSE bug 1199099 SUSE bug 1199141 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. Moderate CVE-2022-23218 SUSE bug 1194770 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. Moderate CVE-2022-23219 SUSE bug 1194768 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. Moderate CVE-2022-23302 SUSE bug 1194842 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. Important CVE-2022-23305 SUSE bug 1194843 SUSE bug 1196392 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. Important CVE-2022-23307 SUSE bug 1194844 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Important CVE-2022-23308 SUSE bug 1196490 SUSE bug 1199098 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Important CVE-2022-23437 SUSE bug 1195108 SUSE bug 1196394 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Important CVE-2022-23852 SUSE bug 1195054 SUSE bug 1196480 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Important CVE-2022-23943 SUSE bug 1197098 SUSE bug 1198430 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Important CVE-2022-23990 SUSE bug 1195217 SUSE bug 1196480 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. Important CVE-2022-24407 SUSE bug 1196036 SUSE bug 1198600 SUSE bug 1199112 SUSE bug 1199494 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. Moderate CVE-2022-24448 SUSE bug 1195612 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. Moderate CVE-2022-24713 SUSE bug 1196972 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. Important CVE-2022-24765 SUSE bug 1198234 SUSE bug 1199109 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Important CVE-2022-25235 SUSE bug 1196026 SUSE bug 1197217 SUSE bug 1198587 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Important CVE-2022-25236 SUSE bug 1196025 SUSE bug 1196784 SUSE bug 1197217 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Moderate CVE-2022-25313 SUSE bug 1196168 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Important CVE-2022-25314 SUSE bug 1196169 SUSE bug 1197217 SUSE bug 1198587 SUSE bug 1199096 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Important CVE-2022-25315 SUSE bug 1196171 SUSE bug 1197217 SUSE bug 1198587 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak. Moderate CVE-2022-26356 SUSE bug 1197423 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. Moderate CVE-2022-26357 SUSE bug 1197425 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. Moderate CVE-2022-26358 SUSE bug 1197426 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. Moderate CVE-2022-26359 SUSE bug 1197426 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. Moderate CVE-2022-26360 SUSE bug 1197426 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. Moderate CVE-2022-26361 SUSE bug 1197426 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-26381 SUSE bug 1196900 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-26383 SUSE bug 1196900 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-26384 SUSE bug 1196900 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-26386 SUSE bug 1196900 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-26387 SUSE bug 1196900 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-26485 SUSE bug 1196809 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-26486 SUSE bug 1196809 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. Moderate CVE-2022-26490 SUSE bug 1196830 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. Moderate CVE-2022-26966 SUSE bug 1196836 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Moderate CVE-2022-27239 SUSE bug 1197216 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Moderate CVE-2022-27781 SUSE bug 1199223 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-27782 SUSE bug 1199224 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-28281 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-28282 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-28285 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-28286 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-28289 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. Critical CVE-2022-29155 SUSE bug 1199240 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-29909 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-29911 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-29912 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-29914 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-29916 cpe:/o:suse:sles-bcl:12:sp2 SUSE Linux Enterprise Server 12 SP2-BCL ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Important CVE-2022-29917 cpe:/o:suse:sles-bcl:12:sp2