Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/06/19 1:58 a.m.11 views

SUSE CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.11 views

SUSE CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

6.9CVSS5.6AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.11 views

SUSE CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.11 views

SUSE CVE-2026-9678

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

5.9CVSS5.3AI score0.00374EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:50 a.m.11 views

SUSE CVE-2026-49983

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot...

5.2CVSS5.9AI score0.00098EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.11 views

SUSE CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

8.1CVSS6.2AI score0.00732EPSS
Exploits11References5
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.11 views

SUSE CVE-2026-10649

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...

7.5CVSS5.4AI score0.0044EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.11 views

SUSE CVE-2026-12312

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/17 2:16 a.m.11 views

SUSE CVE-2026-46680

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an...

7CVSS5.9AI score0.00221EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:23 a.m.11 views

SUSE CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS5.5AI score0.00618EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/16 2:21 a.m.11 views

SUSE CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:21 a.m.11 views

SUSE CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS6AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.11 views

SUSE CVE-2026-48006

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

7.5CVSS5.3AI score0.00489EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.11 views

SUSE CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/15 1:20 a.m.11 views

SUSE CVE-2026-53533

unknown...

5.3AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.11 views

SUSE CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.1AI score0.00287EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.11 views

SUSE CVE-2026-12011

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.11 views

SUSE CVE-2026-12019

Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:28 a.m.11 views

SUSE CVE-2026-12020

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.11 views

SUSE CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.11 views

SUSE CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

7.5CVSS5.5AI score0.00346EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.11 views

SUSE CVE-2026-11791

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.8AI score0.00212EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.11 views

SUSE CVE-2026-11822

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

7.8CVSS6.5AI score0.00175EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/12 2:31 a.m.11 views

SUSE CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5.9CVSS5.4AI score0.00261EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.11 views

SUSE CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.3AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.11 views

SUSE CVE-2026-48858

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

6.5CVSS5.5AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:24 a.m.11 views

SUSE CVE-2026-53689

libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c...

7.1CVSS5.4AI score0.00192EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/10 2:32 a.m.11 views

SUSE CVE-2026-11629

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.0027EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:32 a.m.11 views

SUSE CVE-2026-11630

Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.5AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:32 a.m.11 views

SUSE CVE-2026-11636

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS5.6AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11642

Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00231EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11647

Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11648

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11651

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

9.6CVSS6AI score0.00337EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11652

Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11655

Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11659

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11660

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00258EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.11 views

SUSE CVE-2026-11672

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.11 views

SUSE CVE-2026-11681

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.11 views

SUSE CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.11 views

SUSE CVE-2026-11698

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.11 views

SUSE CVE-2026-43951

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

6.5CVSS5.4AI score0.00525EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.11 views

SUSE CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.9CVSS5.4AI score0.00486EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.11 views

SUSE CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

7.2CVSS5.9AI score0.00533EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.11 views

SUSE CVE-2026-46318

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmapprepare" This reverts commit ea52cb24cd3f "mm/hugetlbfs: update hugetlbfs to use mmapprepare" with conflict resolution to account for changes in commit ea52cb24cd3f "mm/hugetlbfs:...

5.5CVSS5.4AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.11 views

SUSE CVE-2026-46330

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...

7.8CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.11 views

SUSE CVE-2026-47895

unknown...

7.5CVSS5.4AI score
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.11 views

SUSE CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:28 a.m.11 views

SUSE CVE-2025-71315

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

5.5AI score0.00162EPSS
Exploits0References3
Total number of security vulnerabilities5000