Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2024/09/28 2:51 a.m.•12 views

SUSE CVE-2024-46828

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: fix bulk flow accounting logic for host fairness In schcake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when...

5.5CVSS6.4AI score0.0025EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2024/09/14 2:51 a.m.•12 views

SUSE CVE-2024-46679

In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: exception RIP: qedgetcurrentlink+17 ...

4.1CVSS6.3AI score0.00244EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2024/07/16 2:34 a.m.•12 views

SUSE CVE-2024-40940

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...

5.5CVSS6.8AI score0.00259EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/07/13 2:37 a.m.•12 views

SUSE CVE-2024-39494

In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name -dname.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it -dlock on dentry, -dlock on its parent, -irwsem exclusive on th...

7.8CVSS6.3AI score0.00306EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2024/07/03 4:55 a.m.•12 views

SUSE CVE-2020-28595

An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS7.8AI score0.01467EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2024/06/13 4:0 a.m.•12 views

SUSE CVE-2024-5840

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.6AI score0.00408EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2024/06/04 12:37 p.m.•12 views

SUSE CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system...

6.7CVSS6.7AI score0.00491EPSS
Exploits1References28
SUSE CVE
SUSE CVE
•added 2024/05/28 3:34 a.m.•12 views

SUSE CVE-2021-47393

In the Linux kernel, the following vulnerability has been resolved: hwmon: mlxreg-fan Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed, 19...

5.5CVSS6.6AI score0.00244EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2024/05/28 3:33 a.m.•12 views

SUSE CVE-2021-47498

In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/21 2:0 a.m.•12 views

SUSE CVE-2024-27417

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...

5.5CVSS6.5AI score0.00238EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/21 2:0 a.m.•12 views

SUSE CVE-2024-35822

In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usbepqueue+0x7c/0x104 pc :...

3.3CVSS6.5AI score0.0023EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2024/05/03 2:9 a.m.•12 views

SUSE CVE-2024-26956

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submitbhwbc". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one...

5.5CVSS6.6AI score0.00255EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/05/03 2:9 a.m.•12 views

SUSE CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

5.5CVSS6.6AI score0.00244EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/03/27 4:25 a.m.•12 views

SUSE CVE-2021-47177

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in allociommu iommudevicesysfsadd is called before, so is has to be cleaned on subsequent errors...

5.5CVSS7.8AI score0.00238EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/03/02 5:48 a.m.•12 views

SUSE CVE-2021-47061

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new...

6.7CVSS6.3AI score0.00241EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•12 views

SUSE CVE-2010-0094

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

7.5CVSS8.2AI score0.81593EPSS
Exploits5References12
SUSE CVE
SUSE CVE
•added 2023/02/15 4:59 a.m.•12 views

SUSE CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

7.1CVSS6.3AI score0.39633EPSS
Exploits6References12
SUSE CVE
SUSE CVE
•added 2023/02/15 4:39 a.m.•12 views

SUSE CVE-2017-14051

An integer overflow in the qla2x00sysfswriteoptromctl function in drivers/scsi/qla2xxx/qlaattr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service memory corruption and system crash by leveraging root access...

6.4CVSS6.1AI score0.00373EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:18 a.m.•12 views

SUSE CVE-2019-2739

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu...

5.1CVSS7.1AI score0.0079EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:18 a.m.•12 views

SUSE CVE-2019-2974

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS7.8AI score0.03726EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:15 a.m.•12 views

SUSE CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

8.8CVSS8AI score0.82736EPSS
Exploits7References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:11 a.m.•12 views

SUSE CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

5.9CVSS9.1AI score0.45205EPSS
Exploits2References2
SUSE CVE
SUSE CVE
•added 2023/02/15 4:11 a.m.•12 views

SUSE CVE-2019-12815

An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...

9.8CVSS8AI score0.57606EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•12 views

SUSE CVE-2020-12659

An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out-of-bounds write by a user with the CAPNETADMIN capability because of a lack of headroom validation...

5.1CVSS6.6AI score0.00707EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2023/02/15 3:54 a.m.•12 views

SUSE CVE-2020-24999

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service Segmentation fault or possibly have unspecified other impact...

7.8CVSS7.5AI score0.01055EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:45 a.m.•12 views

SUSE CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS7.1AI score0.01843EPSS
Exploits1References85
SUSE CVE
SUSE CVE
•added 2023/02/15 3:44 a.m.•12 views

SUSE CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:43 a.m.•12 views

SUSE CVE-2021-28950

An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1...

6.2CVSS6.6AI score0.0036EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2023/02/15 3:42 a.m.•12 views

SUSE CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipcnlretrievekey in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8...

5.5CVSS6.4AI score0.0031EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:36 a.m.•12 views

SUSE CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

5.1CVSS6.5AI score0.01339EPSS
Exploits1References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:32 a.m.•12 views

SUSE CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

6.7CVSS7.2AI score0.0035EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•12 views

SUSE CVE-2022-3061

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error...

5.5CVSS6.7AI score0.00271EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•12 views

SUSE CVE-2022-3594

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intrcallback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is...

5.1CVSS6.3AI score0.02211EPSS
Exploits0References27
SUSE CVE
SUSE CVE
•added 2023/02/15 3:28 a.m.•12 views

SUSE CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS8.1AI score0.00692EPSS
Exploits15References11
SUSE CVE
SUSE CVE
•added 2026/06/26 2:19 a.m.•11 views

SUSE CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/26 2:19 a.m.•11 views

SUSE CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist's filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/25 2:19 a.m.•11 views

SUSE CVE-2026-52933

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...

5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•11 views

SUSE CVE-2026-52910

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...

5.7AI score0.00102EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:48 a.m.•11 views

SUSE CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

6.8CVSS6AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:30 a.m.•11 views

SUSE CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS6.2AI score0.00371EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•11 views

SUSE CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 2:1 a.m.•11 views

SUSE CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

9.1CVSS5.2AI score0.00474EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•11 views

SUSE CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•11 views

SUSE CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•11 views

SUSE CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References4
Total number of security vulnerabilities5000