Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2024/08/06 1:59 a.m.•13 views

SUSE CVE-2024-42104

In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which trigger...

6.1CVSS6.4AI score0.0026EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2024/07/16 2:33 a.m.•13 views

SUSE CVE-2024-41007

In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCPUSERTIMEOUT, and the other peer retracted its window to zero, tcpretransmittimer can retransmit a packet every two jiffies 2 ms for HZ=1000, for about 4 minutes...

2.5CVSS6.4AI score0.00229EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2024/05/21 2:0 a.m.•13 views

SUSE CVE-2024-35814

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb "swiotlb: fix a braino in the alignment check fix", which was a fix for commit 0eee5ae10256 "swiotlb: fix slot alignment checks", causes...

5.5CVSS6.7AI score0.00234EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/18 2:46 a.m.•13 views

SUSE CVE-2024-27405

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadgetgiveback has one byte appended at the end of a prop...

3.3CVSS6.4AI score0.01287EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/04/19 2:18 a.m.•13 views

SUSE CVE-2024-26900

In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev-serial If kobjectadd is fail in bindrdevtoarray, 'rdev-serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 size 49152: comm "mdadm", pid 789, jiffies 4294716910...

5.5CVSS6.4AI score0.00287EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2024/04/15 11:12 p.m.•13 views

SUSE CVE-2024-26777

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In...

5.5CVSS6AI score0.00254EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/03/20 3:48 a.m.•13 views

SUSE CVE-2024-26641

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

6.1CVSS6.4AI score0.00241EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/02/13 3:50 a.m.•13 views

SUSE CVE-2024-25744

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/memencryptamd.c...

7.8CVSS6.8AI score0.00278EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2024/02/11 3:54 a.m.•13 views

SUSE CVE-2024-24819

icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class gipfl\Web\Form is the base for various concrete form implementations 1 and provides protection against cross site request forgery CSRF by default. This is done by automatically...

8.8CVSS6.7AI score0.0026EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/09/07 2:35 a.m.•13 views

SUSE CVE-2023-4764

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

6.5CVSS8.4AI score0.01044EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/08/24 2:24 a.m.•13 views

SUSE CVE-2023-4429

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00943EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 6:10 a.m.•13 views

SUSE CVE-2007-6209

Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

4.6CVSS6.7AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 6:7 a.m.•13 views

SUSE CVE-2008-4297

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request...

5CVSS6.9AI score0.02695EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:43 a.m.•13 views

SUSE CVE-2012-5615

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

5CVSS6.5AI score0.14784EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2023/02/15 4:39 a.m.•13 views

SUSE CVE-2017-14051

An integer overflow in the qla2x00sysfswriteoptromctl function in drivers/scsi/qla2xxx/qlaattr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service memory corruption and system crash by leveraging root access...

6.4CVSS6.1AI score0.00373EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:18 a.m.•13 views

SUSE CVE-2019-2974

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS7.8AI score0.03726EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:17 a.m.•13 views

SUSE CVE-2019-5489

The mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. Fixing this affects the output of the fincore program. Limited...

5.6CVSS6.4AI score0.00774EPSS
Exploits1References21
SUSE CVE
SUSE CVE
•added 2023/02/15 4:11 a.m.•13 views

SUSE CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

5.9CVSS9.1AI score0.45205EPSS
Exploits2References2
SUSE CVE
SUSE CVE
•added 2023/02/15 4:9 a.m.•13 views

SUSE CVE-2019-14523

An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmtoktloadsong in the Amiga Oktalyzer parser in fmt/okt.c...

7.8CVSS7.5AI score0.01238EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:48 a.m.•13 views

SUSE CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

7.8CVSS8.6AI score0.00413EPSS
Exploits1References38
SUSE CVE
SUSE CVE
•added 2023/02/15 3:38 a.m.•13 views

SUSE CVE-2021-39184

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potential...

8.6CVSS8.3AI score0.01017EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:36 a.m.•13 views

SUSE CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

5.1CVSS6.5AI score0.01339EPSS
Exploits1References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•13 views

SUSE CVE-2022-21307

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.8AI score0.02518EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:23 a.m.•13 views

SUSE CVE-2022-42329

Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...

5.7CVSS7.3AI score0.0021EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/06/26 2:25 a.m.•12 views

SUSE CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

7.3CVSS6AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/26 2:25 a.m.•12 views

SUSE CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:36 a.m.•12 views

SUSE CVE-2026-11463

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor...

7.5CVSS6.6AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:35 a.m.•12 views

SUSE CVE-2026-12045

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS6.8AI score0.00482EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•12 views

SUSE CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

2.9CVSS5.9AI score0.00208EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•12 views

SUSE CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.3CVSS6.5AI score0.00405EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•12 views

SUSE CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•12 views

SUSE CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4CVSS6AI score0.00154EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•12 views

SUSE CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•12 views

SUSE CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•12 views

SUSE CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•12 views

SUSE CVE-2026-12330

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...

5.4CVSS5.2AI score0.00164EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/16 2:30 a.m.•12 views

SUSE CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•12 views

SUSE CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•12 views

SUSE CVE-2026-45674

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:30 a.m.•12 views

SUSE CVE-2025-71329

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.7AI score0.0043EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•12 views

SUSE CVE-2026-12009

Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•12 views

SUSE CVE-2026-12013

Determined not a vulnerability...

5.2AI score0.0024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•12 views

SUSE CVE-2026-12014

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. Chromium security severity: High...

8.3CVSS5.3AI score0.00174EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•12 views

SUSE CVE-2026-12017

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:17 a.m.•12 views

SUSE CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

8.1CVSS5.3AI score0.00552EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:17 a.m.•12 views

SUSE CVE-2026-44890

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:17 a.m.•12 views

SUSE CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

7.5CVSS5.7AI score0.02719EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2026/06/13 2:16 a.m.•12 views

SUSE CVE-2026-49760

Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...

6.9CVSS5.6AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:33 a.m.•12 views

SUSE CVE-2026-3886

unknown...

7.2AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:32 a.m.•12 views

SUSE CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.4AI score0.00475EPSS
Exploits0References3
Total number of security vulnerabilities5000