Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.97 views

SUSE CVE-2026-49261

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

9CVSS5.5AI score0.00998EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/05 1:49 a.m.81 views

SUSE CVE-2025-70069

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial method...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 4:49 a.m.70 views

SUSE CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system's configuration, which also includes some debug functions...

8.8CVSS7.2AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:49 a.m.69 views

SUSE CVE-2025-70071

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray...

7.5CVSS5.8AI score0.00523EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.61 views

SUSE CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

8.8CVSS5.8AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/20 12:46 a.m.59 views

SUSE CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

7.1CVSS7.5AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.59 views

SUSE CVE-2023-28848

useroidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second...

5.4CVSS6.8AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.58 views

SUSE CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

7.4CVSS5.8AI score0.00478EPSS
Exploits0References52
SUSE CVE
SUSE CVE
added 2026/05/14 3:28 a.m.57 views

SUSE CVE-2010-4314

Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter...

9.3CVSS6AI score0.03093EPSS
Exploits4References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.56 views

SUSE CVE-2018-1000144

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseActiondoDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these...

6.1CVSS6AI score0.00861EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:21 a.m.55 views

SUSE CVE-2023-43636

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

8.8CVSS7.3AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/20 12:45 a.m.52 views

SUSE CVE-2025-34450

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...

7.8CVSS7.4AI score0.0019EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/31 12:32 a.m.51 views

SUSE CVE-2022-50785

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use getdevice and putdevice in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check...

6.7AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.50 views

SUSE CVE-2018-1279

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports ...

8.5CVSS7AI score0.0183EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.47 views

SUSE CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

5.3CVSS5.3AI score0.00684EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.47 views

SUSE CVE-2026-46178

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix resource leak on error in mlx4ibcreatesrq Sashiko points out that mlx4srqalloc was not undone during error unwind, add the missing call to mlx4srqfree...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 4:13 a.m.47 views

SUSE CVE-2023-43634

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. I...

8.8CVSS7.3AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/08/12 2:10 a.m.47 views

SUSE CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

4.8CVSS6.8AI score0.00446EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.46 views

SUSE CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.4AI score0.00342EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.46 views

SUSE CVE-2026-43496

In the Linux kernel, the following vulnerability has been resolved: net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeued, we could get a kernel panic. When the parent of such qdiscs eg...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 4:13 a.m.45 views

SUSE CVE-2023-43630

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is...

8.8CVSS7.3AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/06/10 2:55 a.m.43 views

SUSE CVE-2023-21102

In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.8CVSS7.1AI score0.00189EPSS
Exploits1References17
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.42 views

SUSE CVE-2026-43289

In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.42 views

SUSE CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

8.5CVSS6.8AI score0.00758EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.41 views

SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/09 11:25 p.m.40 views

SUSE CVE-2026-39324

Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...

9.3CVSS5.8AI score0.0027EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.40 views

SUSE CVE-2017-1000110

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when...

4.3CVSS4.8AI score0.00717EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/04/11 9:55 a.m.39 views

SUSE CVE-2009-4653

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service dhost.exe crash and possibly execute arbitrary code via a long string to /dhost/modules?I:...

9CVSS8AI score0.12655EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.39 views

SUSE CVE-2020-24335

An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets...

7.5CVSS7.5AI score0.03044EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/14 3:9 a.m.38 views

SUSE CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

8.8CVSS7.3AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.37 views

SUSE CVE-2026-43380

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

7.8CVSS6AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/20 12:28 a.m.37 views

SUSE CVE-2025-51602

mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server...

4.8CVSS5.4AI score0.00368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/20 12:45 a.m.37 views

SUSE CVE-2025-34449

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the scdevicemsgdeserialize function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-servic...

9.1CVSS7AI score0.00345EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.37 views

SUSE CVE-2006-6105

Format string vulnerability in the host chooser window gdmchooser in GNOME Foundation Display Manager gdm allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog...

4.3CVSS7.6AI score0.00397EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/06 12:25 a.m.36 views

SUSE CVE-2025-62155

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applie...

8.5CVSS6.9AI score0.00259EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/11/18 12:25 a.m.36 views

SUSE CVE-2025-63745

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...

5.5CVSS6.7AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/18 12:24 a.m.35 views

SUSE CVE-2025-71133

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent should not dereference anything from "neigh" alias "ptr" until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointe...

5.5CVSS6.4AI score0.00153EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2025/12/30 12:23 a.m.35 views

SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/04/11 9:54 a.m.35 views

SUSE CVE-2013-1087

Cross-site scripting XSS vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message...

4.3CVSS6AI score0.01507EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.35 views

SUSE CVE-2011-3351

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system...

7.1CVSS6.7AI score0.00398EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/30 12:31 a.m.34 views

SUSE CVE-2025-45160

A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...

5.4CVSS5.5AI score0.002EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/01/22 1:2 a.m.34 views

SUSE CVE-2021-47853

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.1AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/06/20 11:34 p.m.34 views

SUSE CVE-2025-6264

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch...

5.2CVSS9.3AI score0.00963EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.34 views

SUSE CVE-2007-4521

Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail...

5CVSS6.8AI score0.02998EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.34 views

SUSE CVE-2014-2915

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service host or guest crash via unspecified vectors, related to 1 cache control, 2 coprocessors, 3 debug registers, and 4 other unspecified registers...

5.5CVSS6.3AI score0.00616EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.34 views

SUSE CVE-2018-11623

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.8AI score0.02882EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.34 views

SUSE CVE-2022-29358

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in parsespecialtag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted XML file...

5.5CVSS5.8AI score0.00568EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.33 views

SUSE CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

5.5CVSS5.4AI score0.00457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.33 views

SUSE CVE-2026-46177

In the Linux kernel, the following vulnerability has been resolved: ipmi: Add limits to event and receive message requests The driver would just fetch events and receive messages until the BMC said it was done. To avoid issues with BMCs that never say they are done, add a limit of 10 fetches at a...

5.5CVSS5.8AI score0.00501EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.33 views

SUSE CVE-2009-2079

Cross-site scripting XSS vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to injec...

3.5CVSS5.9AI score0.01028EPSS
Exploits1References3
Total number of security vulnerabilities5000