Common Problems

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:0913-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-4048 Upstream summary: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-RU-2026:1001-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-31812 Upstream summary: Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:2030-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-5171 CVE-2021-30474 CVE-2021-30475 CVE-2021-30473 CVE-2020-0470 CVE-2020-36129 CVE-2020-36130 CVE-2020-36131  +1 more Upstream summary: Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2014:1137-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-3618 CVE-2017-16844 Upstream summary: Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-IU-2021:741-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-12825 CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 Upstream summary: libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. Table of contents Symptom […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2017:2871-1 (see also SUSE bugzilla) Related CVEs: CVE-2017-13089 CVE-2017-13090 CVE-2019-5953 CVE-2024-10524 CVE-2021-31879 CVE-2024-38428 CVE-2010-2252 CVE-2014-4877  +5 more Upstream summary: The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2014:0870-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-0107 Upstream summary: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-SR:2009:020 (see also SUSE bugzilla) Related CVEs: CVE-2009-3627 Upstream summary: The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-FU-2022:0444-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-20060 CVE-2019-9740 CVE-2016-9015 CVE-2019-11236 CVE-2019-11324 Upstream summary: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:108-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-4122 CVE-2020-14382 Upstream summary: It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. […]