Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/05/09 2:48 a.m.•11 views

SUSE CVE-2025-71287

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure e.g. probe deferral and on driver unbind...

5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:46 a.m.•11 views

SUSE CVE-2026-8087

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

7.8CVSS5.8AI score0.00223EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:46 a.m.•11 views

SUSE CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

5.5CVSS5.3AI score0.00246EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:43 a.m.•11 views

SUSE CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•11 views

SUSE CVE-2026-42284

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...

9.8CVSS5.7AI score0.00571EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•11 views

SUSE CVE-2026-43123

In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fbacquirenewinfo If fbconopen fails when called from con2fbacquirenewinfo then info-fbconpar pointer remains NULL which is later dereferenced. Add check for return value of the function...

5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•11 views

SUSE CVE-2026-43128

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dmabufunpin in failure path In ibumemdmabufgetpinnedwithdmadevice, the call to ibumemdmabufmappages can fail. If this occurs, the dmabuf is immediately unpinned but the umemdmabuf-pinned flag is still set...

5.5CVSS5.8AI score0.00139EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•11 views

SUSE CVE-2026-43130

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•11 views

SUSE CVE-2026-43140

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc-input Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, msc-input stays NULL, leading to a crash at a later time...

4.6CVSS5.8AI score0.00128EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•11 views

SUSE CVE-2026-43141

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddownpowoftwo will cause undefined behaviour and should not be performed. This...

7.1CVSS5.7AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•11 views

SUSE CVE-2026-43142

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen1: Destroy internal buffers after FW releases After the firmware releases internal buffers, the driver was not destroying them. This left stale allocations that were no longer used, especially across resolution...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•11 views

SUSE CVE-2026-43153

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfsattrleafhasname The calling convention of xfsattrleafhasname is problematic, because it returns a NULL buffer when xfsattr3leafread fails, a valid buffer when xfsattr3leaflookupint returns -ENOATTR or -EEXIST, and ...

7CVSS5.7AI score0.00138EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•11 views

SUSE CVE-2026-43169

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Prevent BUGON by validating rounded allocation When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power-of-two via rounduppowoftwo. Similarly, for non-contiguous allocations with lar...

5.7AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•11 views

SUSE CVE-2026-43174

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix post open error handling Closing a queue doesn't guarantee that all associated page pools are terminated right away, let the refcounting do the work instead of releasing the zcrx ctx directly...

5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•11 views

SUSE CVE-2026-43184

In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely. This prevents any stray bytes to be picked up by the client side when there the message is exchange...

4.3CVSS5.8AI score0.00444EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•11 views

SUSE CVE-2026-43201

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ARM processor Error: don't go past allocated memory If the BIOS generates a very small ARM Processor Error, or an incomplete one, the current logic will fail to deferrence err-sectionlength and ctxinfo-size Add checks ...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•11 views

SUSE CVE-2026-43235

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add missing platform data entries for SM8750 Two platform-data fields for SM8750 were missed: - getvpubuffersize = irisvpu33bufsize Without this, the driver fails to allocate the required internal buffers, leading to...

5.7AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•11 views

SUSE CVE-2026-43237

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•11 views

SUSE CVE-2026-43240

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•11 views

SUSE CVE-2026-43259

In the Linux kernel, the following vulnerability has been resolved: phy: fsl-imx8mq-usb: set platform driver data Add missing platformsetdrvdata as the data will be used in remove...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:42 a.m.•11 views

SUSE CVE-2014-0610

The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference via unspecified vectors...

10CVSS6.2AI score0.05534EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/08 2:35 a.m.•11 views

SUSE CVE-2016-8817

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy, causing a buffer overflow, leading to denial of service o...

7.8CVSS7.3AI score0.004EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:28 a.m.•11 views

SUSE CVE-2026-4430

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7...

6.9CVSS5.8AI score0.00078EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-6210

A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker without verifying the node type. A non-marker element such as a...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7899

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00296EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7904

Out of bounds read in Fonts in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7914

Type Confusion in Accessibility in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7915

Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7916

Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7920

Use after free in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7923

Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7928

Use after free in WebRTC in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00338EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:27 a.m.•11 views

SUSE CVE-2026-7929

Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7930

Is not a vulnerability, is a feature bug...

5.4AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7938

Use after free in CSS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

4.4CVSS5.9AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7944

Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.7AI score0.002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7945

Insufficient validation of untrusted input in COOP in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS5.7AI score0.002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7946

Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7950

Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7957

Out of bounds write in Media in Google Chrome on Mac, iOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7974

Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:26 a.m.•11 views

SUSE CVE-2026-7977

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS5.8AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•11 views

SUSE CVE-2026-7980

Use after free in WebAudio in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00338EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•11 views

SUSE CVE-2026-7983

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•11 views

SUSE CVE-2026-7991

Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•11 views

SUSE CVE-2026-7994

Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•11 views

SUSE CVE-2026-7995

Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•11 views

SUSE CVE-2026-8003

Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. Chromium security severity: Low...

5.4CVSS5.8AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/08 2:25 a.m.•11 views

SUSE CVE-2026-8008

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

5.4CVSS5.8AI score0.00121EPSS
Exploits0References3
Total number of security vulnerabilities5000