Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.9 views

SUSE CVE-2020-26146

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented...

5.3CVSS6.8AI score0.05622EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.9 views

SUSE CVE-2020-26555

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...

5.4CVSS7.3AI score0.00887EPSS
Exploits1References18
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.9 views

SUSE CVE-2020-29371

An issue was discovered in romfsdevread in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd...

4CVSS6.2AI score0.0069EPSS
Exploits1References25
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.9 views

SUSE CVE-2020-29660

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyio.c and drivers/tty/ttyjobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24...

7.4CVSS6.4AI score0.00468EPSS
Exploits1References34
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.9 views

SUSE CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.05018EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.9 views

SUSE CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.20929EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.9 views

SUSE CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.05018EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.9 views

SUSE CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS...

8.8CVSS8AI score0.05041EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.9 views

SUSE CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

8.8CVSS5.7AI score0.43988EPSS
Exploits27References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.9 views

SUSE CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

8.4CVSS6.7AI score0.00282EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.9 views

SUSE CVE-2021-22925

curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...

4.3CVSS6.3AI score0.04929EPSS
Exploits1References86
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.9 views

SUSE CVE-2021-23134

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAPNETRAW capability...

7.8CVSS6.5AI score0.00343EPSS
Exploits0References50
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.9 views

SUSE CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

7CVSS7.3AI score0.09491EPSS
Exploits15References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.9 views

SUSE CVE-2021-25634

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

7.5CVSS6.8AI score0.00685EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.9 views

SUSE CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will...

7.8CVSS6.8AI score0.00361EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.9 views

SUSE CVE-2021-28712

Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...

6.2CVSS7.4AI score0.00332EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.9 views

SUSE CVE-2021-29543

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

5.5CVSS5.4AI score0.00189EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.9 views

SUSE CVE-2021-31829

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can...

6.2CVSS6.2AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.9 views

SUSE CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

6.5CVSS8.6AI score0.99298EPSS
Exploits6References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.9 views

SUSE CVE-2021-35619

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

7.1CVSS8AI score0.00869EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.9 views

SUSE CVE-2021-38205

drivers/net/ethernet/xilinx/xilinxemaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer i.e., the real IOMEM pointer...

3.3CVSS6.3AI score0.00328EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.9 views

SUSE CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

7.5CVSS8.7AI score0.99999EPSS
Exploits5References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.9 views

SUSE CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

9.8CVSS9.3AI score0.99964EPSS
Exploits175References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.9 views

SUSE CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

7.5CVSS7.4AI score0.99999EPSS
Exploits20References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.9 views

SUSE CVE-2021-45485

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/outputcore.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses...

3.7CVSS6.3AI score0.03585EPSS
Exploits0References25
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.9 views

SUSE CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

5.6CVSS6.8AI score0.0069EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.9 views

SUSE CVE-2022-2602

iouring UAF, Unix SCM garbage collection...

7.8CVSS6.9AI score0.01433EPSS
Exploits2References35
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.9 views

SUSE CVE-2022-2905

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of the map. This flaw allows a local user to gain unauthorized access to data...

6.2CVSS6.4AI score0.00338EPSS
Exploits1References25
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.9 views

SUSE CVE-2022-3542

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.9CVSS5.8AI score
Exploits0References27
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.9 views

SUSE CVE-2022-4382

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side...

7.4CVSS6.8AI score0.00484EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.9 views

SUSE CVE-2022-21289

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.8AI score0.02686EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.9 views

SUSE CVE-2022-21288

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.8AI score0.02686EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.9 views

SUSE CVE-2022-21330

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication...

6.3CVSS5.8AI score0.03193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.9 views

SUSE CVE-2022-21436

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS5.6AI score0.01252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.9 views

SUSE CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

3.7CVSS4.9AI score0.02376EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.9 views

SUSE CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS8.6AI score0.99677EPSS
Exploits102References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.9 views

SUSE CVE-2022-27381

An issue in the component Field::setdefault of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

7.1CVSS8.5AI score0.02159EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.9 views

SUSE CVE-2022-42895

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2capcore.c's l2capparseconfreq function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e...

6.8CVSS6.2AI score0.00395EPSS
Exploits0References23
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.9 views

SUSE CVE-2023-23454

cbqclassify in net/sched/schcbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service slab-out-of-bounds read because of type confusion non-negative numbers can sometimes indicate a TCACTSHOT condition rather than valid classification results...

7.8CVSS6.3AI score0.00312EPSS
Exploits0References64
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6AI score0.00476EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-13122

OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...

5.9CVSS6AI score0.00487EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS6AI score0.00549EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-14604

A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be initiated remotely. The...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-14757

A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is...

5.3CVSS5.6AI score0.00142EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-14758

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

4.8CVSS5.6AI score0.00131EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-14760

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function rcoreseekarchbits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made availabl...

4.8CVSS5.5AI score0.00135EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-14761

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function rstrndup/rstrappend of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be...

5.5CVSS5.2AI score0.00131EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00135EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-42311

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

8.6CVSS6.2AI score0.0015EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 4 days ago8 views

SUSE CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS6AI score0.00211EPSS
Exploits0References3
Total number of security vulnerabilities5000