Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.24 views

SUSE CVE-2026-40924

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAllresp.Body with no response body size limit. Any tenant...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/01/22 1:2 a.m.24 views

SUSE CVE-2021-47853

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.1AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.24 views

SUSE CVE-2010-0230

SUSE Linux Enterprise 10 SP3 SLE10-SP3 and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions...

7.5CVSS7.1AI score0.01801EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.24 views

SUSE CVE-2017-9454

Buffer overflow in the aresparseareply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted DNS response...

7.5CVSS7.3AI score0.01992EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.24 views

SUSE CVE-2017-11658

In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters .. -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack...

7.5CVSS7AI score0.03327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.24 views

SUSE CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

6.1CVSS6.4AI score0.07124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:20 a.m.23 views

SUSE CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.23 views

SUSE CVE-2026-9878

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00312EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.23 views

SUSE CVE-2026-9888

Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:8 a.m.23 views

SUSE CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

8.6CVSS6.5AI score0.01272EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.23 views

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

8.1CVSS5.9AI score0.00848EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:23 a.m.23 views

SUSE CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/31 12:31 a.m.23 views

SUSE CVE-2022-50827

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfccreateport Commit 5e633302ace1 "scsi: lpfc: vmid: Add support for VMID in mailbox command" introduced allocations for the VMID resources in lpfccreateport after the call to scsihostalloc. Upon...

5.5CVSS6.6AI score0.00198EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.23 views

SUSE CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

4.3CVSS7.4AI score0.25707EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.23 views

SUSE CVE-2010-0748

Transmission before 1.92 allows an attacker to cause a denial of service crash or possibly have other unspecified impact via a large number of tr arguments in a magnet link...

9.8CVSS7.3AI score0.01879EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.23 views

SUSE CVE-2017-15759

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001b3f3."...

7.8CVSS8AI score0.02457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.22 views

SUSE CVE-2026-9884

Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.22 views

SUSE CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.22 views

SUSE CVE-2026-46195

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...

5.5CVSS5.8AI score0.00675EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:43 a.m.22 views

SUSE CVE-2015-2667

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory...

7.2CVSS5.8AI score0.00776EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.22 views

SUSE CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References28
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.22 views

SUSE CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

6.5CVSS5.8AI score0.005EPSS
Exploits0References28
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.22 views

SUSE CVE-2026-43427

In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc-length update can be reordered before the memmove. If this happens, wdmread...

5.8AI score0.00132EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.22 views

SUSE CVE-2026-31708

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

8.1CVSS5.9AI score0.00307EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:27 a.m.22 views

SUSE CVE-2026-25542

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/17 12:24 a.m.22 views

SUSE CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

5.8CVSS6.5AI score0.00178EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/12/12 1:24 a.m.22 views

SUSE CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...

7.5CVSS7.7AI score0.02109EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.22 views

SUSE CVE-2012-3189

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR...

7.8CVSS6.7AI score0.02024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.22 views

SUSE CVE-2017-1000387

Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.buildpublisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to acce...

7.8CVSS7.2AI score0.00382EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.22 views

SUSE CVE-2017-1000390

Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build...

4.3CVSS4.8AI score0.00709EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.21 views

SUSE CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/31 1:32 a.m.21 views

SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9873

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9876

Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9877

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9881

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...

9CVSS5.8AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.21 views

SUSE CVE-2026-9883

Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.21 views

SUSE CVE-2026-9899

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.21 views

SUSE CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:23 a.m.21 views

SUSE CVE-2026-5946

Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN - for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths - recursio...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.21 views

SUSE CVE-2026-46121

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.21 views

SUSE CVE-2026-46187

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exitkthreadcompleteandexit and external-stop kthreadstop when killing a kthread. Generally, kthreadstop is called first, and in thi...

5.5CVSS5.8AI score0.00093EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.21 views

SUSE CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.21 views

SUSE CVE-2026-45843

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.21 views

SUSE CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

7.3CVSS5.8AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.21 views

SUSE CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.21 views

SUSE CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.1CVSS5.8AI score0.00295EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.21 views

SUSE CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

8.4CVSS5.8AI score0.00338EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/23 1:28 a.m.21 views

SUSE CVE-2026-42508

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...

8.1CVSS5.8AI score0.00469EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2026/05/21 2:47 a.m.21 views

SUSE CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

4.8CVSS6.8AI score0.00804EPSS
Exploits0References22
Total number of security vulnerabilities5000