Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/01/27 12:28 a.m.33 views

SUSE CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

6.5CVSS5.9AI score0.00168EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.33 views

SUSE CVE-2009-2079

Cross-site scripting XSS vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to injec...

3.5CVSS5.9AI score0.01028EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.32 views

SUSE CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

7CVSS5.8AI score0.00478EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.32 views

SUSE CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.32 views

SUSE CVE-2026-39827

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/02/14 1:57 a.m.32 views

SUSE CVE-2020-37167

ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...

8.6CVSS5.9AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.32 views

SUSE CVE-2025-13324

Mattermost versions 10.11.x = 10.11.5, 11.0.x = 11.0.4, 10.12.x = 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy version 1 protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to...

3.7CVSS7AI score0.00167EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/31 12:32 a.m.32 views

SUSE CVE-2022-50812

In the Linux kernel, the following vulnerability has been resolved: security: Restrict CONFIGZEROCALLUSEDREGS to gcc or clang 15.0.6 A bad bug in clang's implementation of -fzero-call-used-regs can result in NULL pointer dereferences see the links above the check for more information. Restrict...

6.5AI score0.00201EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:30 a.m.31 views

SUSE CVE-2026-9064

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.8AI score0.00815EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.30 views

SUSE CVE-2004-0789

Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service CPU and network bandwidth...

5CVSS6.9AI score0.02765EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.30 views

SUSE CVE-2007-4601

A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information...

5CVSS7AI score0.02233EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.30 views

SUSE CVE-2016-5303

Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...

6.1CVSS6AI score0.01509EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.29 views

SUSE CVE-2026-10275

A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an atta...

7CVSS5.5AI score0.00296EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.29 views

SUSE CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/31 1:32 a.m.29 views

SUSE CVE-2026-46242

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix epremove struct eventpoll / struct file UAF epremove via epremovefile cleared file-fep under file-flock but then kept using @file inside the critical section isfileepoll, hlistdelrcu through the head, spinunlock. A...

7.8CVSS5.8AI score0.00124EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/23 1:30 a.m.29 views

SUSE CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

8.1CVSS6.2AI score0.04261EPSS
Exploits3References11
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.29 views

SUSE CVE-2026-6575

Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.29 views

SUSE CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

5.4CVSS5.7AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:16 p.m.29 views

SUSE CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

3.7CVSS5AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:33 a.m.29 views

SUSE CVE-2018-3827

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure formerly elasticsearch-cloud-azure plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged...

8.1CVSS6.5AI score0.01014EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.28 views

SUSE CVE-2026-10268

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.28 views

SUSE CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS6AI score0.02342EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.28 views

SUSE CVE-2026-46176

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/14 3:9 a.m.28 views

SUSE CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

7.3CVSS7.8AI score0.167EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.28 views

SUSE CVE-2009-0310

Buffer overflow in SUSE blinux aka sbl in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to "incoming data and authentication-strings."...

7.2CVSS7.3AI score0.00375EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.27 views

SUSE CVE-2026-46147

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem succeeds, the cleanup path jumps to 'unlock' without calling unpinhostvcp...

4.7CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.27 views

SUSE CVE-2026-45901

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.27 views

SUSE CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

7.5CVSS5.6AI score0.00631EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/24 12:56 a.m.27 views

SUSE CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

5.5CVSS6.2AI score0.00148EPSS
Exploits0References26
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.27 views

SUSE CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/18 1:29 p.m.27 views

SUSE CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

9.8CVSS6.7AI score0.00696EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/13 11:27 p.m.27 views

SUSE CVE-2026-25710

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...

7CVSS5.9AI score0.00134EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.27 views

SUSE CVE-2021-26400

AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage...

4CVSS5.2AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.26 views

SUSE CVE-2026-46135

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...

7CVSS5.8AI score0.00353EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.26 views

SUSE CVE-2026-44170

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

7.5CVSS5.5AI score0.00797EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.26 views

SUSE CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/05 1:48 a.m.26 views

SUSE CVE-2026-6948

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...

4.9CVSS5.8AI score0.00344EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/17 12:26 a.m.26 views

SUSE CVE-2025-71109

In the Linux kernel, the following vulnerability has been resolved: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits Since commit e424054000878 "MIPS: Tracing: Reduce the overhead of dynamic Function Tracer", the macro UASMiLAmostly has been used, and this macro can...

5.5CVSS7AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.26 views

SUSE CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability...

6.3CVSS7AI score0.00422EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.25 views

SUSE CVE-2026-12451

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.3AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/01 12:58 a.m.25 views

SUSE CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.25 views

SUSE CVE-2026-9903

Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. Chromium security severity: High...

5CVSS5.8AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:24 a.m.25 views

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/29 1:17 a.m.25 views

SUSE CVE-2026-46109

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpiregister error paths Commit 01af542392b5 "usb: ulpi: fix double free in ulpiregisterinterface error path" removed kfreeulpi from ulpiregisterinterface to fix a double-free when deviceregister...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/11/28 12:23 a.m.25 views

SUSE CVE-2025-45311

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is...

8.8CVSS7AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.25 views

SUSE CVE-2015-4156

GNU Parallel before 20150522 Nepal, when using 1 --cat or 2 --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file...

3.6CVSS6.7AI score0.00372EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:57 a.m.25 views

SUSE CVE-2016-8595

The gsmparse function in libavcodec/gsmparser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service assert fault via a crafted AVI file...

5.5CVSS5.1AI score0.01048EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.25 views

SUSE CVE-2017-11658

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters .. -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack...

7.5CVSS7AI score0.03327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.25 views

SUSE CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

6.1CVSS6.4AI score0.07124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.24 views

SUSE CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3
Total number of security vulnerabilities5000