Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
added 2026/05/21 2:47 a.m.21 views

SUSE CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

4.8CVSS6.8AI score0.00804EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.21 views

SUSE CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.21 views

SUSE CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.21 views

SUSE CVE-2006-4517

Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service crash in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference...

7.8CVSS6.8AI score0.03234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:36 a.m.20 views

SUSE CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS5.8AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.20 views

SUSE CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:7 a.m.20 views

SUSE CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS5.8AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.20 views

SUSE CVE-2026-10268

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

4.8CVSS5.5AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:27 a.m.20 views

SUSE CVE-2024-13745

unknown...

5.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.20 views

SUSE CVE-2026-9874

Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.20 views

SUSE CVE-2026-9886

Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.20 views

SUSE CVE-2026-10001

Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.20 views

SUSE CVE-2026-10004

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:22 a.m.20 views

SUSE CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.20 views

SUSE CVE-2026-46133

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 "RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv", a single unauthenticated UDP packet can still trigger panic. That pat...

5.5CVSS5.7AI score0.00574EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.20 views

SUSE CVE-2026-44988

LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC serve...

8.1CVSS5.8AI score0.00242EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.20 views

SUSE CVE-2026-45925

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanup attribute to automatically release the node and fix the leak. rjw:...

5.8AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/26 1:52 a.m.20 views

SUSE CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

7.3CVSS5.8AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.20 views

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/17 1:21 a.m.20 views

SUSE CVE-2025-54518

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation...

7.4CVSS5.8AI score0.00258EPSS
Exploits0References136
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.20 views

SUSE CVE-2026-7820

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.20 views

SUSE CVE-2026-43407

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...

5.5CVSS5.8AI score0.00537EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.20 views

SUSE CVE-2026-43284

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

8.8CVSS6AI score0.93235EPSS
Exploits31References136
SUSE CVE
SUSE CVE
added 2026/05/07 2:19 a.m.20 views

SUSE CVE-2026-43075

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.20 views

SUSE CVE-2026-33608

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...

9.8CVSS5.8AI score0.00383EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.20 views

SUSE CVE-2026-40938

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation...

8.5CVSS6.4AI score0.00788EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/05 1:56 p.m.20 views

SUSE CVE-2026-20031

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

5.3CVSS5.8AI score0.00414EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/01/26 12:24 a.m.20 views

SUSE CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

5.5CVSS5.2AI score0.00135EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/17 12:33 a.m.20 views

SUSE CVE-2024-6717

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

8.6CVSS6.9AI score0.00388EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/30 12:25 a.m.20 views

SUSE CVE-2025-15095

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used...

5.1CVSS5.7AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/12/12 12:49 a.m.20 views

SUSE CVE-2025-13357

Vault's Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00492EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/04/17 2:21 a.m.20 views

SUSE CVE-2024-25742

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 VC at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES...

6.4CVSS6.7AI score0.0018EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.20 views

SUSE CVE-2006-3331

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks...

5CVSS6.9AI score0.03513EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.20 views

SUSE CVE-2006-7229

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spinlock and spinunlock functions, which allows remote attackers to cause a denial of service machine crash via a flood of network traffic...

7.8CVSS6.7AI score0.02801EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.20 views

SUSE CVE-2011-0456

webscript.pl in Open Ticket Request System OTRS 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."...

7.5CVSS8.1AI score0.03001EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.20 views

SUSE CVE-2012-2945

Hadoop 1.0.3 contains a symlink vulnerability...

7.5CVSS7AI score0.02671EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.20 views

SUSE CVE-2013-3738

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code...

9.8CVSS7.5AI score0.03125EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.19 views

SUSE CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA's permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.19 views

SUSE CVE-2026-10201

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:39 a.m.19 views

SUSE CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00188EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.19 views

SUSE CVE-2026-9872

Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00326EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.19 views

SUSE CVE-2026-9875

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.19 views

SUSE CVE-2026-9880

Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.19 views

SUSE CVE-2026-9882

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Critical...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.19 views

SUSE CVE-2026-9890

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.19 views

SUSE CVE-2026-9893

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.19 views

SUSE CVE-2026-9901

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00255EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.19 views

SUSE CVE-2026-9933

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:21 a.m.19 views

SUSE CVE-2026-42250

bzip2 contains an off-by-one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out-of-bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2 patch...

5.1CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.19 views

SUSE CVE-2026-46114

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...

5.4CVSS5.8AI score0.00467EPSS
Exploits0References18
Total number of security vulnerabilities5000