Suse linux enterprise module for open buildservice development tools

This hub aggregates every CVE we track for Suse linux enterprise module for open buildservice development tools, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Suse linux enterprise module for open buildservice development tools.

• CVE-2021-3738In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our ...8.8Mar 2, 2022
• CVE-2021-23991If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an ...6.8Jun 24, 2021
• CVE-2021-23992Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user...4.3Jun 24, 2021
• CVE-2021-23994A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.8.8Jun 24, 2021
• CVE-2021-23995When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vuln...8.8Jun 24, 2021
• CVE-2021-23998Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and F...6.5Jun 24, 2021
• CVE-2021-23999If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This v...8.8Jun 24, 2021
• CVE-2021-24002When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. ...8.8Jun 24, 2021
• CVE-2021-29945The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffe...6.5Jun 24, 2021
• CVE-2021-29946Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefo...8.8Jun 24, 2021
• CVE-2021-29948Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affec...2.5Jun 24, 2021
• CVE-2021-3588memory contents disclosure in cli_feat_read_cb3.3Jun 10, 2021
• CVE-2021-29154BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/ne...7.8Apr 8, 2021
• CVE-2021-20229A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threa...4.3Feb 23, 2021
• CVE-2020-8625A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack8.1Feb 17, 2021