Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/06/01 12:58 a.m.25 views

SUSE CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.25 views

SUSE CVE-2026-9903

Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. Chromium security severity: High...

5CVSS5.8AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:24 a.m.25 views

SUSE CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/29 1:17 a.m.25 views

SUSE CVE-2026-46109

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpiregister error paths Commit 01af542392b5 "usb: ulpi: fix double free in ulpiregisterinterface error path" removed kfreeulpi from ulpiregisterinterface to fix a double-free when deviceregister...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.25 views

SUSE CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

7.3CVSS5.8AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.25 views

SUSE CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

7.5CVSS6.8AI score0.00454EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.25 views

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

8.1CVSS5.9AI score0.00848EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.25 views

SUSE CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

7.8CVSS5.9AI score0.00214EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/19 1:51 a.m.25 views

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

7.5CVSS5.7AI score0.00356EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:46 a.m.25 views

SUSE CVE-2026-31725

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Fix netdevice lifecycle with devicemove The netdevice is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, t...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.25 views

SUSE CVE-2015-4156

GNU Parallel before 20150522 Nepal, when using 1 --cat or 2 --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file...

3.6CVSS6.7AI score0.00372EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.24 views

SUSE CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:34 a.m.24 views

SUSE CVE-2011-2662

Integer signedness error in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message...

10CVSS6.2AI score0.04058EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:27 a.m.24 views

SUSE CVE-2019-12380

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because...

4CVSS6.8AI score0.00483EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.24 views

SUSE CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.24 views

SUSE CVE-2026-43144

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential kernel oops when probe fails When probe of the sdio brcmfmac device fails for some reasons i.e. missing firmware, the sdiodev-bus is set to error instead of NULL, thus the cleanup later in...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.24 views

SUSE CVE-2026-40924

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAllresp.Body with no response body size limit. Any tenant...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/17 12:24 a.m.24 views

SUSE CVE-2026-23130

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dead lock while flushing management frames Commit 1 converted the management transmission work item into a wiphy work. Since a wiphy work can only run under wiphy lock protection, a race condition happens in bel...

5.5CVSS5.1AI score0.0008EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/30 12:25 a.m.24 views

SUSE CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

5.1CVSS5.7AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.24 views

SUSE CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

4.3CVSS7.4AI score0.25707EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.24 views

SUSE CVE-2010-0230

SUSE Linux Enterprise 10 SP3 SLE10-SP3 and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions...

7.5CVSS7.1AI score0.01801EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.24 views

SUSE CVE-2010-0748

Transmission before 1.92 allows an attacker to cause a denial of service crash or possibly have other unspecified impact via a large number of tr arguments in a magnet link...

9.8CVSS7.3AI score0.01879EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.24 views

SUSE CVE-2017-9454

Buffer overflow in the aresparseareply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted DNS response...

7.5CVSS7.3AI score0.01992EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:20 a.m.23 views

SUSE CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.23 views

SUSE CVE-2026-9878

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00312EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.23 views

SUSE CVE-2026-9888

Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:8 a.m.23 views

SUSE CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

8.6CVSS6.5AI score0.01272EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.23 views

SUSE CVE-2026-46195

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...

5.5CVSS5.8AI score0.00675EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.23 views

SUSE CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References28
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.23 views

SUSE CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

6.5CVSS5.8AI score0.00513EPSS
Exploits0References28
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.23 views

SUSE CVE-2026-43427

In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc-length update can be reordered before the memmove. If this happens, wdmread...

5.8AI score0.00132EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/10 1:9 a.m.23 views

SUSE CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

7.1CVSS6.8AI score0.00145EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.23 views

SUSE CVE-2026-31708

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

8.1CVSS5.9AI score0.00307EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/07 12:23 a.m.23 views

SUSE CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/31 12:31 a.m.23 views

SUSE CVE-2022-50827

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfccreateport Commit 5e633302ace1 "scsi: lpfc: vmid: Add support for VMID in mailbox command" introduced allocations for the VMID resources in lpfccreateport after the call to scsihostalloc. Upon...

5.5CVSS6.6AI score0.00198EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2025/12/12 1:24 a.m.23 views

SUSE CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...

7.5CVSS7.7AI score0.02109EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/11/28 12:22 a.m.23 views

SUSE CVE-2025-64344

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected wh...

7.5CVSS7AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.23 views

SUSE CVE-2017-15759

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001b3f3."...

7.8CVSS8AI score0.02457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.22 views

SUSE CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.22 views

SUSE CVE-2026-9884

Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.22 views

SUSE CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:43 a.m.22 views

SUSE CVE-2015-2667

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory...

7.2CVSS5.8AI score0.00776EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.22 views

SUSE CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.1CVSS5.8AI score0.00303EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.22 views

SUSE CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

8.4CVSS5.8AI score0.00346EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/23 1:28 a.m.22 views

SUSE CVE-2026-42508

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

8.1CVSS5.8AI score0.00469EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.22 views

SUSE CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 6:2 p.m.22 views

SUSE CVE-2026-46333

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an...

7.8CVSS5.8AI score0.0138EPSS
Exploits6References132
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.22 views

SUSE CVE-2026-43487

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.22 views

SUSE CVE-2026-7912

Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

4.2CVSS6AI score0.00153EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.22 views

SUSE CVE-2026-31717

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

8.8CVSS5.8AI score0.00437EPSS
Exploits1References3
Total number of security vulnerabilities5000