Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/05/28 3:54 a.m.•12 views

SUSE CVE-2026-46004

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Handle probe errors properly The probe procedure of setupcard in caiaq driver doesn't treat the error cases gracefully, e.g. the error from sndcardregister calls sndcardfree but continues. This would lead to a UAF fo...

6.6CVSS5.8AI score0.00129EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/05/28 3:54 a.m.•12 views

SUSE CVE-2026-46008

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the damonctx-kdamond so that API callers and API functions themselves can show t...

5.5CVSS5.7AI score0.00079EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:54 a.m.•12 views

SUSE CVE-2026-46031

In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851irq AND a TX packet has been sent, then the driver enables TX queue via netifwakequeue which schedules TX softirq to queue packets for this...

5.9CVSS5.8AI score0.0037EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46036

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46039

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgkextracttoken when checking the length of the ticket. Rather than rounding up the value to be tested which might overflow, round down the...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46041

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: fix sleep in atomic context in hdlctxframes hdlcappend calls usleeprange to wait for circular buffer space, but it is called with txproducerlock a spinlock held via hdlctxframes -...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46043

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv rxercv currently checks only that the incoming packet is at least headersizepkt bytes long before payloadsize is used. However, payloadsize subtracts both the...

7.5CVSS5.8AI score0.00514EPSS
Exploits0References23
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46045

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

6.4CVSS5.8AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46060

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adfdevup partially completes and then fails, the IRQ handlers registered during adfisrresourcealloc are not detached before the MSI-X vectors are released. Since the device...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46063

In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow...

4.7CVSS5.8AI score0.00094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46065

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of initializing deferred I/O and remove it only after the final mapping...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46071

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

8.8CVSS5.8AI score0.00121EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/28 3:53 a.m.•12 views

SUSE CVE-2026-46077

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dmaaddrout must be synced with dmasyncsingleforcpu instead of dmasyncsinglefordevice. Using the wrong direction can return stale cache data on...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:52 a.m.•12 views

SUSE CVE-2026-46084

In the Linux kernel, the following vulnerability has been resolved: RDMA/manaib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed e.g. DPDK exit, manaibdestroyqprss destroys the RX WQ objects but does not disable vPort RX steering in firmware. This leaves stale steering...

5.5CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:52 a.m.•12 views

SUSE CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.7CVSS5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:52 a.m.•12 views

SUSE CVE-2026-46088

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buflen before strnlen in sndctleleminitenumnames sndctleleminitenumnames advances pointer p through the names buffer while decrementing buflen. If buflen reaches zero but items remain, the next iteration...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/28 3:52 a.m.•12 views

SUSE CVE-2026-46102

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skbhead leak in strpabortstrp When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp-skbhead. That skb is not...

5.5CVSS5.8AI score0.00501EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/27 12:57 p.m.•12 views

SUSE CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

6.5CVSS5.9AI score0.00117EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/05/27 12:57 p.m.•12 views

SUSE CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/27 3:29 a.m.•12 views

SUSE CVE-2024-43826

In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfsfoliolength is unsafe to use without having the folio locked and a check for a NULL -fmapping that protects against truncations and can lead to kernel crashes. E.g. when running...

5.5CVSS6AI score0.00227EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/05/27 2:49 a.m.•12 views

SUSE CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.1CVSS6.5AI score0.00808EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/05/27 2:48 a.m.•12 views

SUSE CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS5.9AI score0.0015EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/23 1:34 a.m.•12 views

SUSE CVE-2025-33073

unknown...

8.8CVSS7.4AI score0.64987EPSS
Exploits6References2
SUSE CVE
SUSE CVE
•added 2026/05/22 2:20 a.m.•12 views

SUSE CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

6.8CVSS5.8AI score0.00302EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/05/22 2:20 a.m.•12 views

SUSE CVE-2026-43499

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...

7.8CVSS5.8AI score0.00125EPSS
Exploits2References24
SUSE CVE
SUSE CVE
•added 2026/05/22 2:19 a.m.•12 views

SUSE CVE-2026-44060

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/22 2:19 a.m.•12 views

SUSE CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

5.9CVSS5.8AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/22 2:19 a.m.•12 views

SUSE CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS5.8AI score0.00094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/22 2:19 a.m.•12 views

SUSE CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

7.6CVSS5.8AI score0.00322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/22 2:19 a.m.•12 views

SUSE CVE-2026-44073

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

5CVSS5.8AI score0.00277EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/21 1:12 p.m.•12 views

SUSE CVE-2026-9116

Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/21 2:30 a.m.•12 views

SUSE CVE-2026-24187

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution...

8.8CVSS5.9AI score0.00188EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/05/21 2:29 a.m.•12 views

SUSE CVE-2026-24194

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/05/21 2:28 a.m.•12 views

SUSE CVE-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/05/20 2:32 a.m.•12 views

SUSE CVE-2026-8951

Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/20 2:32 a.m.•12 views

SUSE CVE-2026-8958

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

8.6CVSS5.8AI score0.00344EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/20 2:32 a.m.•12 views

SUSE CVE-2026-8959

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.1CVSS5.8AI score0.00417EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/20 2:32 a.m.•12 views

SUSE CVE-2026-8960

Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/20 2:32 a.m.•12 views

SUSE CVE-2026-8963

Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/20 2:32 a.m.•12 views

SUSE CVE-2026-8964

Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/20 2:31 a.m.•12 views

SUSE CVE-2026-8965

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

4.3CVSS5.8AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/20 2:31 a.m.•12 views

SUSE CVE-2026-8971

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/20 2:28 a.m.•12 views

SUSE CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

7.8CVSS6AI score0.00185EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/18 1:22 p.m.•12 views

SUSE CVE-2026-8389

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3...

7.3CVSS5.8AI score0.00331EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/16 1:16 a.m.•12 views

SUSE CVE-2026-4152

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00744EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/16 1:16 a.m.•12 views

SUSE CVE-2026-8509

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.4AI score0.00397EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/16 1:15 a.m.•12 views

SUSE CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/16 1:15 a.m.•12 views

SUSE CVE-2026-8517

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00498EPSS
Exploits0References3
Total number of security vulnerabilities5000