Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2025/12/24 12:31 a.m.16 views

SUSE CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

6.3CVSS6.4AI score0.00197EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/10 12:39 a.m.16 views

SUSE CVE-2022-50639

In the Linux kernel, the following vulnerability has been resolved: io-wq: Fix memory leak in worker creation If the CPU mask allocation for a node fails, then the memory allocated for the 'iowqe' struct of the current node doesn't get freed on the error handling path, since it has not yet been...

5.5CVSS6.4AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/10 12:36 a.m.16 views

SUSE CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

7.5CVSS6.6AI score0.00172EPSS
Exploits0References35
SUSE CVE
SUSE CVE
added 2025/12/05 12:45 a.m.16 views

SUSE CVE-2025-2486

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based...

8.8CVSS7AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/11/13 12:24 a.m.16 views

SUSE CVE-2025-40115

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against &mpt3sasport-port-dev. At this point the SAS transport device may already be...

5.5CVSS6.4AI score0.00211EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.16 views

SUSE CVE-2005-3165

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via 1 tags or 2 Extension or sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet...

4.3CVSS5.5AI score0.01265EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.16 views

SUSE CVE-2006-2082

Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the svallowdownload cvar is enabled, allows remote attackers to read arbitrary files from the serve...

7.5CVSS7AI score0.02634EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.16 views

SUSE CVE-2006-5718

Cross-site scripting XSS vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter...

4.3CVSS6AI score0.01612EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.16 views

SUSE CVE-2010-3382

tauex in Tuning and Analysis Utilities TAU 2.16.4 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

6.9CVSS7AI score0.00386EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.16 views

SUSE CVE-2015-4732

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590...

10CVSS5.2AI score0.06457EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.16 views

SUSE CVE-2016-6663

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster...

7CVSS8.9AI score0.04313EPSS
Exploits18References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.16 views

SUSE CVE-2018-18459

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS6.8AI score0.01141EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.16 views

SUSE CVE-2019-19082

Memory leaks in createresourcepool functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption. This affects the dce120createresourcepool function in drivers/gpu/drm/amd/display/dc/dce120/dce120resource.c, the...

5.1CVSS6.5AI score0.00379EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.16 views

SUSE CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

9.9CVSS9AI score0.00671EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/20 2:34 a.m.15 views

SUSE CVE-2026-12706

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by...

6.5CVSS6AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.15 views

SUSE CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.9CVSS6.1AI score0.00256EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.15 views

SUSE CVE-2026-12320

Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.15 views

SUSE CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

5.9CVSS6.3AI score0.00358EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.15 views

SUSE CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

3.7CVSS5.7AI score0.00297EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.15 views

SUSE CVE-2026-12012

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS5.4AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.15 views

SUSE CVE-2026-12015

Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.3AI score0.00227EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.15 views

SUSE CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

4.9CVSS5.7AI score0.00282EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:31 a.m.15 views

SUSE CVE-2026-11884

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

6.5CVSS5.7AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:27 a.m.15 views

SUSE CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.15 views

SUSE CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

4.4CVSS5.4AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:51 a.m.15 views

SUSE CVE-2026-10895

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.0039EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:51 a.m.15 views

SUSE CVE-2026-10896

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00374EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:49 a.m.15 views

SUSE CVE-2026-10962

Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00393EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:49 a.m.15 views

SUSE CVE-2026-10985

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.5AI score0.00308EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:48 a.m.15 views

SUSE CVE-2026-10996

Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00262EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:44 a.m.15 views

SUSE CVE-2026-11129

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00176EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:43 a.m.15 views

SUSE CVE-2026-11153

Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

9.1CVSS5.5AI score0.00264EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:40 a.m.15 views

SUSE CVE-2026-11250

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.5AI score0.00239EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.15 views

SUSE CVE-2026-11300

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00154EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.15 views

SUSE CVE-2026-10972

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.15 views

SUSE CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

6.7CVSS5.7AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.15 views

SUSE CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

5.3CVSS5.8AI score0.00214EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:7 a.m.15 views

SUSE CVE-2026-50031

ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...

7.5CVSS6AI score0.00405EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.15 views

SUSE CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

7.4CVSS5.7AI score0.0015EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.15 views

SUSE CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.15 views

SUSE CVE-2026-45678

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.8AI score0.00342EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.15 views

SUSE CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:29 a.m.15 views

SUSE CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.4AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:25 a.m.15 views

SUSE CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

4.6CVSS5.9AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.15 views

SUSE CVE-2026-10197

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local...

3.3CVSS5.4AI score0.00115EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:38 a.m.15 views

SUSE CVE-2026-44518

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a signature...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.15 views

SUSE CVE-2026-47187

unknown...

5.8AI score0.00031EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.15 views

SUSE CVE-2026-9889

Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9892

Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.15 views

SUSE CVE-2026-9906

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Total number of security vulnerabilities5000