Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
•added 2024/03/27 4:25 a.m.•15 views

SUSE CVE-2021-47174

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: Add irqfpuusable check, fallback to non-AVX2 version Arturo reported this backtrace: 709732.358791 WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernelfpubeginmask+0xae/0xe0 709732.358793...

5.5CVSS7.8AI score0.00232EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 4:39 a.m.•15 views

SUSE CVE-2017-14051

An integer overflow in the qla2x00sysfswriteoptromctl function in drivers/scsi/qla2xxx/qlaattr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service memory corruption and system crash by leveraging root access...

6.4CVSS6.1AI score0.00373EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:18 a.m.•15 views

SUSE CVE-2019-2739

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

5.1CVSS7.1AI score0.0079EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:17 a.m.•15 views

SUSE CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

5.6CVSS6.4AI score0.00774EPSS
Exploits1References21
SUSE CVE
SUSE CVE
•added 2023/02/15 3:54 a.m.•15 views

SUSE CVE-2020-24999

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service Segmentation fault or possibly have unspecified other impact...

7.8CVSS7.5AI score0.01055EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 4 days ago•14 views

SUSE CVE-2026-13799

Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS6AI score0.00298EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/30 1:49 a.m.•14 views

SUSE CVE-2026-12246

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

8.1CVSS5.8AI score0.00265EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:30 a.m.•14 views

SUSE CVE-2026-44663

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...

6.1CVSS5.7AI score0.00199EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•14 views

SUSE CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

6.1CVSS5.9AI score0.00263EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•14 views

SUSE CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

2.9CVSS5.9AI score0.00208EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/15 1:20 a.m.•14 views

SUSE CVE-2026-54057

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.8CVSS5.2AI score0.00166EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:30 a.m.•14 views

SUSE CVE-2025-71330

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

8.7CVSS5.7AI score0.0043EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•14 views

SUSE CVE-2026-12022

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:21 a.m.•14 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/06/13 2:17 a.m.•14 views

SUSE CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

7.5CVSS5.7AI score0.02719EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2026/06/12 2:32 a.m.•14 views

SUSE CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/12 2:32 a.m.•14 views

SUSE CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

7.5CVSS5.5AI score0.00348EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:32 a.m.•14 views

SUSE CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

7.5CVSS5.4AI score0.00147EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/12 2:27 a.m.•14 views

SUSE CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.3CVSS5.3AI score0.00813EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/06/11 11:14 a.m.•14 views

SUSE CVE-2026-46693

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue ha...

4.1CVSS5.2AI score0.00077EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/10 2:33 a.m.•14 views

SUSE CVE-2026-9669

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

4.7CVSS5.4AI score0.00433EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:33 a.m.•14 views

SUSE CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

4.3CVSS5.5AI score0.00184EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/10 2:32 a.m.•14 views

SUSE CVE-2026-11628

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...

6.8CVSS5.4AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:30 a.m.•14 views

SUSE CVE-2026-11694

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:27 a.m.•14 views

SUSE CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

5.5CVSS5.7AI score0.00413EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/08 1:5 a.m.•14 views

SUSE CVE-2026-10701

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3...

6.5CVSS5.4AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/07 4:51 a.m.•14 views

SUSE CVE-2026-10887

Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS6AI score0.00404EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:51 a.m.•14 views

SUSE CVE-2026-10908

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00286EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:50 a.m.•14 views

SUSE CVE-2026-10924

Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00286EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:50 a.m.•14 views

SUSE CVE-2026-10949

Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.0031EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:49 a.m.•14 views

SUSE CVE-2026-10977

Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.5AI score0.00336EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:49 a.m.•14 views

SUSE CVE-2026-10981

Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted video file. Chromium security severity: High...

6.5CVSS5.5AI score0.00284EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:48 a.m.•14 views

SUSE CVE-2026-10993

Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00333EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:47 a.m.•14 views

SUSE CVE-2026-11024

Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00352EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:46 a.m.•14 views

SUSE CVE-2026-11065

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00325EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:45 a.m.•14 views

SUSE CVE-2026-11086

Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.0028EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:44 a.m.•14 views

SUSE CVE-2026-11135

Insufficient policy enforcement in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:43 a.m.•14 views

SUSE CVE-2026-11163

Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00234EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:43 a.m.•14 views

SUSE CVE-2026-11171

Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:39 a.m.•14 views

SUSE CVE-2026-11284

Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00237EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:39 a.m.•14 views

SUSE CVE-2026-11304

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Low...

8.8CVSS5.5AI score0.00187EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/07 4:38 a.m.•14 views

SUSE CVE-2026-11307

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6AI score0.00228EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/06 2:53 a.m.•14 views

SUSE CVE-2026-10894

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00286EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/06 2:53 a.m.•14 views

SUSE CVE-2026-11160

Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:30 a.m.•14 views

SUSE CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.9CVSS5.8AI score0.00285EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/04 2:30 a.m.•14 views

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:25 a.m.•14 views

SUSE CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/03 2:23 a.m.•14 views

SUSE CVE-2026-43965

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::readfromdisc are passed without validation to paths.buildpackagespackage, whi...

5.6CVSS5.9AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:44 a.m.•14 views

SUSE CVE-2026-10230

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:44 a.m.•14 views

SUSE CVE-2026-10232

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

5.3CVSS5.6AI score0.00115EPSS
Exploits0References3
Total number of security vulnerabilities5000