59854 matches found
SUSE CVE-2026-43243
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add signal type check for dcn401 getphyd32clksrc Trying to access link enc on a dpia link will cause a crash otherwise...
SUSE CVE-2026-43246
In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9906: Fix potential memory leak in tw9906probe In one of the error paths in tw9906probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. Fix that by calling v4l2ctrlhandlerfree on the...
SUSE CVE-2026-43251
In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm-inputep82 Fake USB devices can send their own report descriptors for which the inputmapping hook does not get called. In this case, pm-inputep82 stays NULL, which leads to a crash later. This...
SUSE CVE-2011-0333
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to a...
SUSE CVE-2026-23479
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...
SUSE CVE-2026-28780
Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...
SUSE CVE-2026-29004
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...
SUSE CVE-2026-29168
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...
SUSE CVE-2026-31744
In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found devenergymodelnlgetperfdomainsdoit calls emperfdomaingetbyid but does not check the return value before passing it to emnlgetpdsize. When a caller supplies a...
SUSE CVE-2026-31763
In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix incorrect freeirq variable The handler for the IRQ part of this driver is mpu3050-trig but, in the teardown freeirq is called with handler mpu3050. Use correct IRQ handler when calling freeirq...
SUSE CVE-2026-31765
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...
SUSE CVE-2026-31776
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daiodeviceindex for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and...
SUSE CVE-2026-31779
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwlmvmndmatchinfohandler The memcpy function assumes the dynamic array notif-matches is at least as large as the number of bytes to copy. Otherwise, results-matches may...
SUSE CVE-2026-43012
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy mode, before this patch, rollback will unregister the uplink netdev and leave it unregistered causin...
SUSE CVE-2026-43020
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...
SUSE CVE-2026-43038
In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach Sashiko AI-review observed: In ip6errgenicmpv6unreach, the skb is an outer IPv4 ICMP error packet where its cb contains an IPv4 inetskbparm. When skb is cloned into skb2 and...
SUSE CVE-2026-43054
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...
SUSE CVE-2026-43058
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN warnings vidtvtsnullwriteinto and vidtvtspcrwriteinto take their argument structs by value, causing MSAN to report uninit-value warnings. While only vidtvtsnullwriteinto has...
SUSE CVE-2026-43068
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocate block from corrupted group in ext4mbfindbygoal There's issue as follows: ... EXT4-fs mmcblk0p1: Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117 EXT4-fs...
SUSE CVE-2026-24072
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
SUSE CVE-2026-29169
A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...
SUSE CVE-2026-33857
Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...
SUSE CVE-2026-43861
mutt before 2.3.2 does not check for '\0' in urlpctdecode...
SUSE CVE-2026-31701
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in createcard The caiaq driver stores a pointer to the parent USB device in cdev-chip.dev but never takes a reference on it. The card's privatefree callback, sndusbcaiaqcardfree, ca...
SUSE CVE-2026-31710
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...
SUSE CVE-2026-1858
wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
SUSE CVE-2026-5656
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...
SUSE CVE-2026-6526
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
SUSE CVE-2026-6530
DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
SUSE CVE-2026-33845
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...
SUSE CVE-2026-42010
A flaw was found in gnutls. Servers configured with RSA-PSK Rivest-Shamir-Adleman - Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...
SUSE CVE-2026-42015
A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...
SUSE CVE-2013-3245
plugins/demux/libmkvplugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer...
SUSE CVE-2026-7320
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1...
SUSE CVE-2026-7360
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-31689
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edacmcalloc When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice which will end up calling the device's release function. However, the init ordering is wrong...
SUSE CVE-2026-40687
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...
SUSE CVE-2026-41079
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...
SUSE CVE-2026-41163
bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitraril...
SUSE CVE-2026-35329
unknown...
SUSE CVE-2026-40475
unknown...
SUSE CVE-2026-31678
In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdevput to RCU release ovsnetdevtunneldestroy may run after NETDEVUNREGISTER already detached the device. Dropping the netdev reference in destroy can race with concurrent readers that still observe...
SUSE CVE-2026-31572
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the commit 38fa29b01a6a "i2c: designware: Combine the init functions",but this issue existed from the...
SUSE CVE-2026-31576
In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrfprobe In hackrf driver, the following race condition occurs: CPU0 CPU1 hackrfprobe kzalloc; // alloc hackrfdev .... v4l2deviceregister; .... fd =...
SUSE CVE-2026-31586
In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...
SUSE CVE-2026-31605
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-zero on FBIOPUTVSCREENINFO Much like commit 19f953e74356 "fbdev: fbpm2fb: Avoid potential divide by zero error", we also need to prevent that same crash from happening in the udlfb driver as it uses...
SUSE CVE-2026-31622
In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digitalinrecvsddres appends 3 or 4 bytes to target-nfcid1 on each round, but the number of cascade rounds is controlled...
SUSE CVE-2026-31633
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgkverifyresponse In rxgkverifyresponse, there's a potential integer overflow due to rounding up tokenlen before checking it, thereby allowing the length check to be bypassed. Fix this by checking...
SUSE CVE-2008-5091
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service application crash via vectors involving an "invalid extensibleMatch filter."...
SUSE CVE-2025-53000
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...