Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•12 views

SUSE CVE-2026-43455

In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•12 views

SUSE CVE-2026-43471

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommandtrace The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq-id. This can happen if...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•12 views

SUSE CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML - with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/05/09 2:48 a.m.•12 views

SUSE CVE-2025-71294

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer issue buffer funcs If SDMA block not enabled, bufferfuncs will not initialize, fix the null pointer issue if bufferfuncs not initialized...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:48 a.m.•12 views

SUSE CVE-2025-71295

In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in trytofreebuffers for folios without buffers trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio belonging to a mapping with ASRELEASEALWAYS set...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:46 a.m.•12 views

SUSE CVE-2026-8086

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

7.8CVSS5.9AI score0.00237EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:46 a.m.•12 views

SUSE CVE-2026-8149

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•12 views

SUSE CVE-2026-43170

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...

5.7AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•12 views

SUSE CVE-2026-43265

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpublock Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit,...

4.7CVSS5.7AI score0.00119EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/05/09 2:39 a.m.•12 views

SUSE CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:39 a.m.•12 views

SUSE CVE-2026-43397

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsungdsimhostattach, drmbridgeadd is called to add the bridge. However, if samsungdsimregisterteirq or pdata-hostops-attach fails afterwards, the function returns witho...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:39 a.m.•12 views

SUSE CVE-2026-43411

In the Linux kernel, the following vulnerability has been resolved: tipc: fix divide-by-zero in tipcskfilterconnect A user can set conntimeout to any value via setsockoptTIPCCONNTIMEOUT, including values less than 4. When a SYN is rejected with TIPCERROVERLOAD and the retry path in...

5.9CVSS5.8AI score0.00123EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/05/09 2:39 a.m.•12 views

SUSE CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

5.3CVSS5.8AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•12 views

SUSE CVE-2026-7909

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.7AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•12 views

SUSE CVE-2026-7922

Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•12 views

SUSE CVE-2026-7933

Out of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•12 views

SUSE CVE-2026-7937

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

3.1CVSS5.8AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•12 views

SUSE CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00196EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•12 views

SUSE CVE-2026-7960

Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•12 views

SUSE CVE-2026-7971

Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS5.7AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•12 views

SUSE CVE-2026-7973

Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.9AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•12 views

SUSE CVE-2026-7990

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•12 views

SUSE CVE-2026-7997

Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

7.8CVSS5.8AI score0.0008EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•12 views

SUSE CVE-2026-8016

Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:21 a.m.•12 views

SUSE CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

8.7CVSS5.8AI score0.00408EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:19 a.m.•12 views

SUSE CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/08 2:19 a.m.•12 views

SUSE CVE-2026-44603

Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007...

9.1CVSS5.8AI score0.00342EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:21 a.m.•12 views

SUSE CVE-2026-31741

In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time the sysfs enable file is written to. If user writes 0 to the sysfs enable file multiple times,...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:21 a.m.•12 views

SUSE CVE-2026-31757

In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usbsubmiturb fails in usbioprobe, the previously allocated URB is never freed, causing a memory leak. Fix this by jumping to errfreeurb label to properly release the UR...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:21 a.m.•12 views

SUSE CVE-2026-32936

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

7.5CVSS5.7AI score0.00672EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:20 a.m.•12 views

SUSE CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:19 a.m.•12 views

SUSE CVE-2026-43048

In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset The memset in hidreportrawevent has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:19 a.m.•12 views

SUSE CVE-2026-43056

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in addadev error path If auxiliarydeviceadd fails, addadev jumps to addfail and calls auxiliarydeviceuninitadev. The auxiliary device has its release callback set to adevrelease, which frees the...

7.8CVSS5.7AI score0.00116EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:19 a.m.•12 views

SUSE CVE-2026-43076

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data isize during inode read When reading an inode from disk, ocfs2validateinodeblock performs various sanity checks but does not validate the size of inline data. If the filesystem is corrupted, an inode's...

7.8CVSS5.9AI score0.00131EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/07 2:18 a.m.•12 views

SUSE CVE-2026-43099

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not loaded, and passing this error pointer to devhold will cause a kernel cra...

7.5CVSS5.8AI score0.0049EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:18 a.m.•12 views

SUSE CVE-2026-43100

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIGBRIDGEVLANFILTERING is not set, brvlangroup and nbpvlangroup return NULL brprivate.h stub definitions. The BRBOOLOPTFDBLOCALVLAN0 toggle code is compiled...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:18 a.m.•12 views

SUSE CVE-2026-43107

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMAIFID in aevent size calculation xfrmgetae allocates the reply skb with xfrmaeventmsgsize, then buildaevent appends attributes including XFRMAIFID when x-ifid is set. xfrmaeventmsgsize does not include space for...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:18 a.m.•12 views

SUSE CVE-2026-43112

In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifssanitizeprepath When cifssanitizeprepath is called with an empty string or a string containing only delimiters e.g., "/", the current logic attempts to check cursor2 - 1 before cursor2...

5.5CVSS5.8AI score0.00339EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/05/07 2:17 a.m.•12 views

SUSE CVE-2026-43225

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix memory leak on failure path cfg80211informbssframe may return NULL on failure. In that case, the allocated buffer 'buf' is not freed and the function returns early, leading to potential memory leak. Fix th...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:16 a.m.•12 views

SUSE CVE-2026-43242

In the Linux kernel, the following vulnerability has been resolved: soc: ti: k3-socinfo: Fix regmap leak on probe failure The mmio regmap allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and on...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:16 a.m.•12 views

SUSE CVE-2026-43249

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/07 2:16 a.m.•12 views

SUSE CVE-2026-43250

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:16 a.m.•12 views

SUSE CVE-2026-43257

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...

5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:16 a.m.•12 views

SUSE CVE-2026-43275

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...

5.7AI score0.00091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/06 1:43 a.m.•12 views

SUSE CVE-2026-31734

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/06 1:43 a.m.•12 views

SUSE CVE-2026-31753

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisprelease linedisprelease currently retrieves the enclosing struct linedisp via tolinedisp. That lookup depends on the attachment list, but the attachment may already have...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/06 1:43 a.m.•12 views

SUSE CVE-2026-31756

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...

5.5CVSS5.7AI score0.00095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/06 1:42 a.m.•12 views

SUSE CVE-2026-31761

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Move iiodeviceregister to correct location iiodeviceregister should be at the end of the probe function to prevent race conditions. Place iiodeviceregister at the end of the probe function and place...

7.8CVSS5.7AI score0.001EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/06 1:42 a.m.•12 views

SUSE CVE-2026-31762

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix irq resource leak The interrupt handler is setup but only a few lines down if iiotriggerregister fails the function returns without properly releasing the handler. Add cleanup goto to resolve resource leak...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/06 1:42 a.m.•12 views

SUSE CVE-2026-31766

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate doorbelloffset in user queue creation amdgpuuserqgetdoorbellindex passes the user-provided doorbelloffset to amdgpudoorbellindexonbar without bounds checking. An arbitrarily large doorbelloffset can cause the...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References3
Total number of security vulnerabilities5000