Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
•added 2023/02/15 4:15 a.m.•12 views

SUSE CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

8.8CVSS8AI score0.82736EPSS
Exploits7References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:11 a.m.•12 views

SUSE CVE-2019-12815

An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...

9.8CVSS8AI score0.57606EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 4:8 a.m.•12 views

SUSE CVE-2019-15927

An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function buildaudioprocunit in the file sound/usb/mixer.c...

4.9CVSS7.6AI score0.00412EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•12 views

SUSE CVE-2020-12659

An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out-of-bounds write by a user with the CAPNETADMIN capability because of a lack of headroom validation...

5.1CVSS6.6AI score0.00707EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2023/02/15 3:55 a.m.•12 views

SUSE CVE-2020-20277

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's composeabspath function that can be abused to read or write to arbitrary files on the filesystem,...

9.8CVSS9.9AI score0.25249EPSS
Exploits4References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•12 views

SUSE CVE-2020-26145

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets...

5.4CVSS7.1AI score0.03515EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2023/02/15 3:47 a.m.•12 views

SUSE CVE-2021-4203

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

5.8CVSS6.3AI score0.01747EPSS
Exploits1References22
SUSE CVE
SUSE CVE
•added 2023/02/15 3:45 a.m.•12 views

SUSE CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS7.1AI score0.01843EPSS
Exploits1References85
SUSE CVE
SUSE CVE
•added 2023/02/15 3:44 a.m.•12 views

SUSE CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:43 a.m.•12 views

SUSE CVE-2021-28950

An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1...

6.2CVSS6.6AI score0.0036EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2023/02/15 3:42 a.m.•12 views

SUSE CVE-2021-29646

An issue was discovered in the Linux kernel before 5.11.11. tipcnlretrievekey in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8...

5.5CVSS6.4AI score0.0031EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:35 a.m.•12 views

SUSE CVE-2022-0382

An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user...

5.5CVSS7.1AI score0.00385EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:32 a.m.•12 views

SUSE CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

6.7CVSS7.2AI score0.0035EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•12 views

SUSE CVE-2022-3061

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error...

5.5CVSS6.7AI score0.00271EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•12 views

SUSE CVE-2022-3594

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intrcallback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is...

5.1CVSS6.3AI score0.02211EPSS
Exploits0References27
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•12 views

SUSE CVE-2022-21462

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS5.6AI score0.01287EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:28 a.m.•12 views

SUSE CVE-2022-23181

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...

7CVSS8.1AI score0.00692EPSS
Exploits15References11
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

9.8CVSS6AI score0.02147EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2026-13777

Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00293EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2026-13812

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

4.7CVSS6.1AI score0.00184EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2026-13820

Out of bounds read in Skia in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS6AI score0.00265EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2026-13870

Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.4AI score0.00479EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2026-13882

Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS6AI score0.00224EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2026-14411

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS6AI score0.00253EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 4 days ago•11 views

SUSE CVE-2026-56004

A shellcode injection in the mercurial handler of the obs tarscm source service before version 0.12.4 could be used by attackers able to provide a service file to execute code as the source service or the local user checking out the malicious services...

8.8CVSS6.1AI score0.00375EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/07/02 6:35 a.m.•11 views

SUSE CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

9.1CVSS5.9AI score0.00373EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:8 a.m.•11 views

SUSE CVE-2026-53305

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup /sys/bus/platform/devices/bc0000.geniqup/driver/unbind I get the following Oops: 436.478639 Unable...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/26 2:19 a.m.•11 views

SUSE CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/26 2:19 a.m.•11 views

SUSE CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist's filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/25 2:19 a.m.•11 views

SUSE CVE-2026-52933

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...

5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/23 2:20 a.m.•11 views

SUSE CVE-2026-52910

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. 0 The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a U...

5.7AI score0.00104EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:48 a.m.•11 views

SUSE CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

6.8CVSS6AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:30 a.m.•11 views

SUSE CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:30 a.m.•11 views

SUSE CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS6.1AI score0.0045EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS6.2AI score0.00371EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

6.5CVSS6.1AI score0.00258EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS6AI score0.00445EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:29 a.m.•11 views

SUSE CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•11 views

SUSE CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•11 views

SUSE CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

5.6CVSS6.1AI score0.00321EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•11 views

SUSE CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/06/20 2:28 a.m.•11 views

SUSE CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.8AI score0.00105EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

6.9CVSS5.6AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.3AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:58 a.m.•11 views

SUSE CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/19 1:57 a.m.•11 views

SUSE CVE-2026-8356

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...

6.9CVSS5.7AI score0.0012EPSS
Exploits0References3
Total number of security vulnerabilities5000