Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.11 views

SUSE CVE-2026-8953

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.1CVSS5.8AI score0.00532EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.11 views

SUSE CVE-2026-8956

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.9AI score0.00605EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8969

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

5.4CVSS5.8AI score0.0029EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8972

Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8973

Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

8.8CVSS6AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:28 a.m.11 views

SUSE CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

6.2CVSS5.8AI score0.00144EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/20 2:28 a.m.11 views

SUSE CVE-2026-43492

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/19 2:2 a.m.11 views

SUSE CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.8AI score0.00333EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/05/18 1:23 a.m.11 views

SUSE CVE-2021-34529

unknown...

7.8CVSS7.1AI score0.03862EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 6:19 p.m.11 views

SUSE CVE-2012-0271

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...

10CVSS6.4AI score0.17091EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8510

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS5.9AI score0.00214EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8524

Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00383EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8532

Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8533

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8536

Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00186EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8538

Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8539

Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8542

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:15 a.m.11 views

SUSE CVE-2026-8552

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

4.3CVSS6AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.11 views

SUSE CVE-2026-8555

Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.11 views

SUSE CVE-2026-8558

Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.11 views

SUSE CVE-2026-8565

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.7CVSS5.8AI score0.00134EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.11 views

SUSE CVE-2026-8566

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.11 views

SUSE CVE-2026-8568

Determined not a vulnerability...

5.2AI score0.00174EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS6AI score0.00173EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-43906

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

8.5CVSS6.1AI score0.00188EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-43908

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.8CVSS6.3AI score0.00104EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

2.5CVSS5.8AI score0.00131EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44673

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

8.6CVSS6AI score0.00428EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.11 views

SUSE CVE-2026-28374

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.11 views

SUSE CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.11 views

SUSE CVE-2026-33376

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.11 views

SUSE CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.11 views

SUSE CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.11 views

SUSE CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

5.9CVSS5.8AI score0.0068EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.11 views

SUSE CVE-2026-40701

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

5.6CVSS5.8AI score0.00677EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.11 views

SUSE CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 4:9 p.m.11 views

SUSE CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

7.5CVSS5.8AI score0.07486EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 p.m.11 views

SUSE CVE-2019-12455

An issue was discovered in sunxidivsclksetup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derivedname, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash. NOTE: This id is disputed as not...

5.5CVSS6.8AI score0.00421EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 2:25 p.m.11 views

SUSE CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

5.3CVSS5.8AI score0.00266EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 2:21 p.m.11 views

SUSE CVE-2026-43513

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

5.4CVSS5.7AI score0.00467EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/13 2:21 p.m.11 views

SUSE CVE-2026-43515

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from...

7.5CVSS5.8AI score0.01136EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.11 views

SUSE CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

2.9CVSS5.8AI score0.00365EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/05/13 3:36 a.m.11 views

SUSE CVE-2026-43145

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxrproc: Fix invalid loaded resource table detection imxrprocelffindloadedrsctable may incorrectly report a loaded resource table even when the current firmware does not provide one. When the device tree contains a...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:36 a.m.11 views

SUSE CVE-2026-43180

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kawethsetrxmode kawethsetrxmode, the ndosetrxmode callback, calls netifstopqueue and netifwakequeue. These are TX queue flow control functions unrelated to RX multicast...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.11 views

SUSE CVE-2026-43287

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.11 views

SUSE CVE-2026-43293

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix kthread worker destruction in polling mode Fix the cleanup order in polling mode irq worklist and WARNON!listempty&worker-delayedworklist. The original code called kthreaddestroyworker before...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.11 views

SUSE CVE-2026-43303

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: clear page-private in freepagesprepare Several subsystems slub, shmem, ttm, etc. use page-private but don't clear it before freeing pages. When these pages are later allocated as high-order pages and split via...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References5
Total number of security vulnerabilities5000