Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.11 views

SUSE CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

6.7CVSS5.8AI score0.00116EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.11 views

SUSE CVE-2026-45838

In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey listnextentry never returns NULL -- when the current element is the last entry it wraps to the list head via containerof. The subsequent NULL check is therefore dead code...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.11 views

SUSE CVE-2026-45841

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...

5.9CVSS5.8AI score0.00114EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.11 views

SUSE CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

6.5CVSS5.8AI score0.00114EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.11 views

SUSE CVE-2026-45846

In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudpfillmetadatadst bareudpfillmetadatadst passes bareudp-sock to udptunnel6dstlookup in the IPv6 path without a NULL check. The socket is only created in bareudpopen and NULLed in...

5.9CVSS5.8AI score0.00115EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/05/27 12:57 p.m.11 views

SUSE CVE-2026-48962

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

7.8CVSS6.2AI score0.00292EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2026/05/27 11:3 a.m.11 views

SUSE CVE-2025-15649

IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. dosToUnixTime decodes the local-file-header last-modification date field and calls Time::Local::timelocal without an eval guard. A header whose date field decodes to ...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:58 a.m.11 views

SUSE CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

8.1CVSS5.8AI score0.01231EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/27 3:29 a.m.11 views

SUSE CVE-2024-43826

In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfsfoliolength is unsafe to use without having the folio locked and a check for a NULL -fmapping that protects against truncations and can lead to kernel crashes. E.g. when running...

5.5CVSS6AI score0.00227EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.11 views

SUSE CVE-2026-9530

A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read2004compressedsection of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made...

4.8CVSS5.4AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:48 a.m.11 views

SUSE CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS5.9AI score0.0015EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:48 a.m.11 views

SUSE CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.3AI score0.00104EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:47 a.m.11 views

SUSE CVE-2026-45834

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockstatechangecb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:47 a.m.11 views

SUSE CVE-2026-45836

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.11 views

SUSE CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

5.5CVSS5.8AI score0.00253EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.11 views

SUSE CVE-2026-42001

Insufficient Validation of Autoprimary SOA Queries...

7.5CVSS5.8AI score0.00365EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.11 views

SUSE CVE-2026-43449

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.11 views

SUSE CVE-2026-43497

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...

7.8CVSS5.9AI score0.00113EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-44060

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-47254

unknown...

6.8CVSS5.8AI score0.00024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-47714

unknown...

6.1CVSS5.8AI score0.00018EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-47709

unknown...

6.2CVSS5.8AI score0.00025EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-48029

unknown...

6.1CVSS5.8AI score0.00035EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.11 views

SUSE CVE-2026-9111

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00796EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.11 views

SUSE CVE-2026-9112

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00396EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.11 views

SUSE CVE-2026-9118

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00396EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.11 views

SUSE CVE-2026-9122

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:12 p.m.11 views

SUSE CVE-2026-9123

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: Medium...

7.5CVSS6.4AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:11 p.m.11 views

SUSE CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 1:11 p.m.11 views

SUSE CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 3:0 a.m.11 views

SUSE CVE-2021-25736

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress.ip” field. Clusters where the LoadBalancer controller sets the...

6.3CVSS7AI score0.00908EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:47 a.m.11 views

SUSE CVE-2024-3219

The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don't support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...

5.1CVSS7.3AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:30 a.m.11 views

SUSE CVE-2026-24182

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service...

6.5CVSS5.8AI score0.00125EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.11 views

SUSE CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.11 views

SUSE CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

7CVSS6.5AI score0.00529EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.11 views

SUSE CVE-2026-8953

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.1CVSS5.8AI score0.00532EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.11 views

SUSE CVE-2026-8956

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.9AI score0.00605EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8965

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

4.3CVSS5.8AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8969

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

5.4CVSS5.8AI score0.0029EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8973

Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

8.8CVSS6AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/19 2:2 a.m.11 views

SUSE CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.8AI score0.00333EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/05/18 1:23 a.m.11 views

SUSE CVE-2021-34529

unknown...

7.8CVSS7.1AI score0.03862EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 6:19 p.m.11 views

SUSE CVE-2012-0271

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...

10CVSS6.4AI score0.17091EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8520

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8525

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8529

Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...

8.8CVSS6.4AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8532

Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8538

Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8539

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References3
Total number of security vulnerabilities5000