Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2025/02/27 3:8 a.m.•12 views

SUSE CVE-2022-49328

In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76txqschedule by protecting mtxq-wcid with rculock between mt76txqschedule and stainfoalloc, free. 18853.876689...

5.5CVSS6.3AI score0.00284EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/02/27 3:5 a.m.•12 views

SUSE CVE-2022-49541

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/showbug.cgi?id=2088799...

6CVSS6.5AI score0.00291EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/02/27 3:4 a.m.•12 views

SUSE CVE-2022-49592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...

5.5CVSS6.4AI score0.00267EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/02/27 3:4 a.m.•12 views

SUSE CVE-2022-49610

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

5.3CVSS7.9AI score0.00215EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/01/11 12:21 a.m.•12 views

SUSE CVE-2024-56654

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix using rcureadunlock while iterating The usage of rcureadunlock while inside listforeachentryrcu is not safe since for the most part entries fetched this way shall be treated as rcudereference: Note that t...

4.7CVSS7.8AI score0.00213EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2024/12/28 3:50 a.m.•12 views

SUSE CVE-2024-53215

In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpucounter in svcrdmaprocinit There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC:...

5.5CVSS7.7AI score0.00217EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/12/28 3:49 a.m.•12 views

SUSE CVE-2024-53227

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfadimmoduleexit BUG: KASAN: slab-use-after-free in lockacquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: dumpstacklvl+0x95/0xe0 printreport+0xcb/0x6...

5.5CVSS6.9AI score0.0027EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2024/10/22 2:22 p.m.•12 views

SUSE CVE-2022-49021

In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 1 PREEMPT SMP KASAN PTI CPU: 1...

5.5CVSS7.7AI score0.0028EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2024/10/22 2:50 a.m.•12 views

SUSE CVE-2024-50007

In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This patch adds a sanity che...

6.4CVSS6.5AI score0.0025EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2024/10/22 2:49 a.m.•12 views

SUSE CVE-2024-50045

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: fix panic with metadatadst skb Fix a kernel panic in the brnetfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in brnfdevqueuexmit. It is...

5.5CVSS6.2AI score0.00258EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2024/10/21 3:46 p.m.•12 views

SUSE CVE-2024-47728

In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARGPTRTOLONG,INT args in case of error For all non-tracing helpers which formerly had ARGPTRTOLONG,INT as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, i...

5.5CVSS6.3AI score0.00235EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2024/10/11 2:48 a.m.•12 views

SUSE CVE-2024-47669

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 "nilfs2: separate wait function from nilfssegctorwrite" was applied, the log writing function nilfssegctordoconstruct was able to issue...

6.3CVSS6.4AI score0.00211EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/10/09 3:41 a.m.•12 views

SUSE CVE-2023-2314

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

6.5CVSS8.6AI score0.003EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2024/09/28 2:51 a.m.•12 views

SUSE CVE-2024-46828

In the Linux kernel, the following vulnerability has been resolved: sched: schcake: fix bulk flow accounting logic for host fairness In schcake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when...

5.5CVSS6.4AI score0.0025EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2024/09/14 2:51 a.m.•12 views

SUSE CVE-2024-46679

In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: exception RIP: qedgetcurrentlink+17 ...

4.1CVSS6.3AI score0.00244EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2024/08/18 2:1 a.m.•12 views

SUSE CVE-2024-43841

In the Linux kernel, the following vulnerability has been resolved: wifi: virtwifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virtwifi has advertised, the cfg80211connectresult will trigger the warning: WARNONbssnotfound. T...

5.5CVSS6.5AI score0.00211EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/08/06 2:0 a.m.•12 views

SUSE CVE-2024-41098

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ataportalloc call in atahostalloc fails, atahostrelease will get called. However, the code in atahostrelease tries to free ataport struct members unconditionally, whi...

5.5CVSS6.6AI score0.00263EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/07/16 2:34 a.m.•12 views

SUSE CVE-2024-40940

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...

5.5CVSS6.8AI score0.00259EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/07/13 2:37 a.m.•12 views

SUSE CVE-2024-39494

In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name -dname.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it -dlock on dentry, -dlock on its parent, -irwsem exclusive on th...

7.8CVSS6.3AI score0.00306EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2024/07/03 4:55 a.m.•12 views

SUSE CVE-2020-28595

An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS7.8AI score0.01467EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2024/06/22 3:34 a.m.•12 views

SUSE CVE-2024-38618

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...

4.7CVSS7.5AI score0.00642EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2024/06/13 4:0 a.m.•12 views

SUSE CVE-2024-5840

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.6AI score0.00408EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2024/06/04 12:37 p.m.•12 views

SUSE CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system...

6.7CVSS6.7AI score0.00491EPSS
Exploits1References28
SUSE CVE
SUSE CVE
•added 2024/05/28 3:34 a.m.•12 views

SUSE CVE-2021-47393

In the Linux kernel, the following vulnerability has been resolved: hwmon: mlxreg-fan Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed, 19...

5.5CVSS6.6AI score0.00244EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2024/05/28 3:33 a.m.•12 views

SUSE CVE-2021-47498

In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/23 3:23 p.m.•12 views

SUSE CVE-2023-52781

In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usbgetbosdescriptor' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usbgetbosdescriptor' encounters an iterati...

4.3CVSS6.5AI score0.00239EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2024/05/21 2:0 a.m.•12 views

SUSE CVE-2024-27417

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...

5.5CVSS6.5AI score0.00238EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/21 2:0 a.m.•12 views

SUSE CVE-2024-35822

In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usbepqueue+0x7c/0x104 pc :...

3.3CVSS6.5AI score0.0023EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2024/05/03 2:9 a.m.•12 views

SUSE CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

5.5CVSS6.6AI score0.00244EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/05/03 2:9 a.m.•12 views

SUSE CVE-2024-26956

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submitbhwbc". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one...

5.5CVSS6.6AI score0.00255EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/04/19 2:18 a.m.•12 views

SUSE CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

4.4CVSS6.6AI score0.00218EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2024/03/27 4:25 a.m.•12 views

SUSE CVE-2021-47177

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in allociommu iommudevicesysfsadd is called before, so is has to be cleaned on subsequent errors...

5.5CVSS7.8AI score0.00238EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/03/07 4:25 a.m.•12 views

SUSE CVE-2023-52515

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler has called the SCSI LLD ehaborthandler callback, it performs one of the following actions: Call scsiqueueinsert. Call scsifinishcommand. Call scsiehscmdadd...

5.5CVSS6.4AI score0.0023EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2024/03/02 5:48 a.m.•12 views

SUSE CVE-2021-47061

In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new...

6.7CVSS6.3AI score0.00241EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/03/01 4:8 a.m.•12 views

SUSE CVE-2021-46981

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...

5.5CVSS7.7AI score0.0025EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2023/02/15 6:10 a.m.•12 views

SUSE CVE-2007-6209

Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

4.6CVSS6.7AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•12 views

SUSE CVE-2010-0094

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

7.5CVSS8.2AI score0.81593EPSS
Exploits5References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:55 a.m.•12 views

SUSE CVE-2010-4508

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification...

10CVSS7AI score0.01299EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 4:59 a.m.•12 views

SUSE CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

7.1CVSS6.3AI score0.39633EPSS
Exploits6References12
SUSE CVE
SUSE CVE
•added 2023/02/15 4:15 a.m.•12 views

SUSE CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

8.8CVSS8AI score0.82736EPSS
Exploits7References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:11 a.m.•12 views

SUSE CVE-2019-12815

An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...

9.8CVSS8AI score0.57606EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 4:9 a.m.•12 views

SUSE CVE-2019-14523

An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmtoktloadsong in the Amiga Oktalyzer parser in fmt/okt.c...

7.8CVSS7.5AI score0.01238EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•12 views

SUSE CVE-2020-12659

An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out-of-bounds write by a user with the CAPNETADMIN capability because of a lack of headroom validation...

5.1CVSS6.6AI score0.00707EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•12 views

SUSE CVE-2020-26145

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets...

5.4CVSS7.1AI score0.03515EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2023/02/15 3:45 a.m.•12 views

SUSE CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS7.1AI score0.01843EPSS
Exploits1References85
SUSE CVE
SUSE CVE
•added 2023/02/15 3:44 a.m.•12 views

SUSE CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:43 a.m.•12 views

SUSE CVE-2021-28950

An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1...

6.2CVSS6.6AI score0.0036EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2023/02/15 3:42 a.m.•12 views

SUSE CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipcnlretrievekey in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8...

5.5CVSS6.4AI score0.0031EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:36 a.m.•12 views

SUSE CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

5.1CVSS6.5AI score0.01339EPSS
Exploits1References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:32 a.m.•12 views

SUSE CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

6.7CVSS7.2AI score0.0035EPSS
Exploits1References18
Total number of security vulnerabilities5000