59854 matches found
SUSE CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
SUSE CVE-2009-3727
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error message...
SUSE CVE-2026-41168
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
SUSE CVE-2026-6507
A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY Bootstrap Protocol Reply packet to a dnsmasq server configured with the --dhcp-split-relay option. This can lead to memory corruption, causing the dnsmasq...
SUSE CVE-2026-22018
unknown...
SUSE CVE-2026-31440
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is reset, causing the configuration registers to go back to their default state, which is zero. As the driver is checking if the event log...
SUSE CVE-2026-31449
In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing pathk.pidx-eiblock, there is no validation...
SUSE CVE-2026-31521
In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol stshndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplifysymbols: for i = 1; i shsize / sizeofElfSym; i++ const char name = info-strtab +...
SUSE CVE-2026-33599
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
SUSE CVE-2026-6771
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
SUSE CVE-2026-6780
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
SUSE CVE-2026-40333
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...
SUSE CVE-2026-41082
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...
SUSE CVE-2026-5713
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
SUSE CVE-2026-40199
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. packipv6 includes the sentinel byte from packipv4 when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of...
SUSE CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
SUSE CVE-2026-5902
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-34990
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...
SUSE CVE-2026-34826
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...
SUSE CVE-2026-34831
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...
SUSE CVE-2026-34872
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...
SUSE CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
SUSE CVE-2026-4789
Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...
SUSE CVE-2026-23305
In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could be the case with EPROBEDEFER, we need to properly unwind by decrementing the counter we just incremented and if this is the first core we...
SUSE CVE-2026-23321
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...
SUSE CVE-2026-23369
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpilock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk...
SUSE CVE-2026-4705
Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
SUSE CVE-2026-4712
Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
SUSE CVE-2026-4716
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
SUSE CVE-2026-4725
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
SUSE CVE-2026-31788
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...
SUSE CVE-2026-32246
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain...
SUSE CVE-2026-33554
ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system managemen...
SUSE CVE-2025-15558
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...
SUSE CVE-2026-32239
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...
SUSE CVE-2026-25802
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...
SUSE CVE-2026-25952
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...
SUSE CVE-2026-23209
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlancommonnewlink valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip lin...
SUSE CVE-2026-2441
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-25160
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This...
SUSE CVE-2025-61732
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...
SUSE CVE-2026-23015
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference obtained by calling usbgetdev is not released in the gpiompsseprobe error paths. Fix that by using device managed helper functions. Also remove the...
SUSE CVE-2020-37011
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to exhaust memory through repeated malloc calls and...
SUSE CVE-2025-71159
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free warning in btrfsgetorcreatedelayednode Previously, btrfsgetorcreatedelayednode set the delayednode's refcount before acquiring the root-delayednodes lock. Commit e8513c012de7 "btrfs: implement reftracker...
SUSE CVE-2025-68671
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...
SUSE CVE-2026-23003
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: use skbvlaninetprepare in ip6tnlrcv Blamed commit did not take care of VLAN encapsulations as spotted by syzbot 1. Use skbvlaninetprepare instead of pskbinetmaypull. 1 BUG: KMSAN: uninit-value in INETECNdecapsulate...
SUSE CVE-2026-23011
In the Linux kernel, the following vulnerability has been resolved: ipv4: ipgre: make ipgreheader robust Analog to commit db5b4e39c4e6 "ip6gre: make ip6greheader robust" Over the years, syzbot found many ways to crash the kernel in ipgreheader 1. This involves team or bonding drivers ability to...
SUSE CVE-2026-23013
In the Linux kernel, the following vulnerability has been resolved: net: octeonepvf: fix freeirq devid mismatch in IRQ rollback octepvfrequestirqs requests MSI-X queue IRQs with devid set to ioqvector. If requestirq fails part-way, the rollback loop calls freeirq with devid set to 'oct', which do...
SUSE CVE-2025-71158
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. This change uses a...
SUSE CVE-2022-21592
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...