Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2024/03/01 4:8 a.m.•12 views

SUSE CVE-2021-46981

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...

5.5CVSS7.7AI score0.0025EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2023/02/15 6:10 a.m.•12 views

SUSE CVE-2007-6209

Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

4.6CVSS6.7AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•12 views

SUSE CVE-2010-0094

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

7.5CVSS8.2AI score0.81593EPSS
Exploits5References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:55 a.m.•12 views

SUSE CVE-2010-4508

The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification...

10CVSS7AI score0.01299EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 4:59 a.m.•12 views

SUSE CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

7.1CVSS6.3AI score0.39633EPSS
Exploits6References12
SUSE CVE
SUSE CVE
•added 2023/02/15 4:15 a.m.•12 views

SUSE CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

8.8CVSS8AI score0.82736EPSS
Exploits7References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:11 a.m.•12 views

SUSE CVE-2019-12815

An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...

9.8CVSS8AI score0.57606EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 4:9 a.m.•12 views

SUSE CVE-2019-14523

An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmtoktloadsong in the Amiga Oktalyzer parser in fmt/okt.c...

7.8CVSS7.5AI score0.01238EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•12 views

SUSE CVE-2020-12659

An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out-of-bounds write by a user with the CAPNETADMIN capability because of a lack of headroom validation...

5.1CVSS6.6AI score0.00707EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•12 views

SUSE CVE-2020-26145

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets...

5.4CVSS7.1AI score0.03515EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2023/02/15 3:45 a.m.•12 views

SUSE CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS7.1AI score0.01843EPSS
Exploits1References85
SUSE CVE
SUSE CVE
•added 2023/02/15 3:44 a.m.•12 views

SUSE CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:43 a.m.•12 views

SUSE CVE-2021-28950

An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1...

6.2CVSS6.6AI score0.0036EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2023/02/15 3:42 a.m.•12 views

SUSE CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipcnlretrievekey in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8...

5.5CVSS6.4AI score0.0031EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:36 a.m.•12 views

SUSE CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

5.1CVSS6.5AI score0.01339EPSS
Exploits1References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:32 a.m.•12 views

SUSE CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

6.7CVSS7.2AI score0.0035EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•12 views

SUSE CVE-2022-3061

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error...

5.5CVSS6.7AI score0.00271EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•12 views

SUSE CVE-2022-3594

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intrcallback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is...

5.1CVSS6.3AI score0.02211EPSS
Exploits0References27
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•12 views

SUSE CVE-2022-21569

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS6.2AI score0.01169EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:28 a.m.•12 views

SUSE CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS8.1AI score0.00692EPSS
Exploits15References11
SUSE CVE
SUSE CVE
•added 2026/06/26 2:19 a.m.•11 views

SUSE CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/26 2:19 a.m.•11 views

SUSE CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist's filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/25 2:19 a.m.•11 views

SUSE CVE-2026-52933

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...

5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•11 views

SUSE CVE-2026-52910

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...

5.7AI score0.00103EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:48 a.m.•11 views

SUSE CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

6.8CVSS6AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:30 a.m.•11 views

SUSE CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS6.2AI score0.00371EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•11 views

SUSE CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 2:1 a.m.•11 views

SUSE CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

9.1CVSS5.2AI score0.00474EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•11 views

SUSE CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•11 views

SUSE CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•11 views

SUSE CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/19 1:50 a.m.•11 views

SUSE CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:49 a.m.•11 views

SUSE CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

8.1CVSS6.2AI score0.00732EPSS
Exploits10References5
SUSE CVE
SUSE CVE
•added 2026/06/18 2:0 a.m.•11 views

SUSE CVE-2026-12312

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/16 2:23 a.m.•11 views

SUSE CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS5.5AI score0.00618EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•11 views

SUSE CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•11 views

SUSE CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS6AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•11 views

SUSE CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•11 views

SUSE CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•11 views

SUSE CVE-2026-12017

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.3AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:28 a.m.•11 views

SUSE CVE-2026-12020

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:21 a.m.•11 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/06/13 2:17 a.m.•11 views

SUSE CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

8.1CVSS5.3AI score0.00552EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/13 2:17 a.m.•11 views

SUSE CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/12 2:32 a.m.•11 views

SUSE CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

7.8CVSS6AI score0.00097EPSS
Exploits0References3
Total number of security vulnerabilities5000