Suse Linux Enterprise Desktop vulnerabilities

CVE-2023-32182 [MEDIUM] CWE-59 CVE-2023-32182: A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux En A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Perfor

CVE-2020-6424 [HIGH] CWE-416 CVE-2020-6424: Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6429 [HIGH] CWE-787 CVE-2020-6429: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6449 [HIGH] CWE-416 CVE-2020-6449: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6427 [HIGH] CWE-787 CVE-2020-6427: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6422 [HIGH] CWE-787 CVE-2020-6422: Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6428 [HIGH] CWE-787 CVE-2020-6428: Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potenti Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6426 [MEDIUM] CWE-787 CVE-2020-6426: Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-19655 [HIGH] CWE-787 CVE-2018-19655: A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-b A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.

CVE-2011-4190 [MEDIUM] CVE-2011-4190: The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH inte The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security se

CVE-2017-5753 [MEDIUM] CWE-203 CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2015-5707 [MEDIUM] CWE-190 CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

CVE-2015-3340 [LOW] CWE-200 CVE-2015-3340: Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service doma Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

CVE-2015-0491 [CRITICAL] CVE-2015-0491: Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459.

CVE-2015-0500 [MEDIUM] CVE-2015-0500: Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated user Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.

CVE-2015-0358 [CRITICAL] CVE-2015-0358: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039.

CVE-2015-0348 [CRITICAL] CWE-119 CVE-2015-0348: Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on W Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.

CVE-2015-0346 [CRITICAL] CVE-2015-0346: Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0. Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.

CVE-2015-0349 [CRITICAL] CVE-2015-0349: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039.

CVE-2015-0360 [CRITICAL] CVE-2015-0360: Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-20