Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
•added 2026/03/25 11:52 a.m.•11 views

SUSE CVE-2026-4715

Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

6.3CVSS7.2AI score0.0043EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/03/25 11:52 a.m.•11 views

SUSE CVE-2026-4722

Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

6.3CVSS7.2AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 11:52 a.m.•11 views

SUSE CVE-2026-4724

Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

5CVSS7.2AI score0.00322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 11:52 a.m.•11 views

SUSE CVE-2026-4727

Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

4.3CVSS7.2AI score0.0053EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 11:52 a.m.•11 views

SUSE CVE-2026-4728

Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

4.3CVSS7.2AI score0.00235EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:26 a.m.•11 views

SUSE CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

7.2CVSS5.8AI score0.00739EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:24 a.m.•11 views

SUSE CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.9AI score0.00445EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:24 a.m.•11 views

SUSE CVE-2026-32245

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

6.5CVSS5.9AI score0.0025EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/25 12:24 a.m.•11 views

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00401EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/22 12:26 a.m.•11 views

SUSE CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

3.3CVSS5.7AI score0.00238EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/13 1:16 p.m.•11 views

SUSE CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the ggufinitfromfileimpl in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread writes 528+ bytes of attacker-controlled data past the buffer boundary. This is...

7.8CVSS5.9AI score0.00177EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/06 12:28 a.m.•11 views

SUSE CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

7.5CVSS5.8AI score0.00566EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/03/04 12:29 a.m.•11 views

SUSE CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.8AI score0.00239EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/25 12:24 a.m.•11 views

SUSE CVE-2026-25987

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...

5.3CVSS5.9AI score0.0037EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/02/25 12:24 a.m.•11 views

SUSE CVE-2026-25988

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-4...

5.3CVSS5.8AI score0.00438EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/02/24 12:25 a.m.•11 views

SUSE CVE-2025-14905

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting...

7.2CVSS6.2AI score0.01038EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/02/17 12:24 a.m.•11 views

SUSE CVE-2026-23133

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dmafreecoherent pointer dmaalloccoherent allocates a DMA mapped buffer and stores the addresses in XXXunaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses...

4.7CVSS5.3AI score0.00123EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/02/07 12:25 a.m.•11 views

SUSE CVE-2026-23518

Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...

9.8CVSS5.5AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/02/05 12:47 a.m.•11 views

SUSE CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

7.5CVSS5.4AI score0.00713EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/02/01 12:23 a.m.•11 views

SUSE CVE-2026-23029

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvmdevice leak in kvmeiointcdestroy In kvmioctlcreatedevice, kvmdevice has allocated memory, kvmdevice-destroy seems to be supposed to free its kvmdevice struct, but kvmeiointcdestroy is not currently doing...

5.7AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/19 12:23 a.m.•11 views

SUSE CVE-2025-71132

In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPTRT When smc91x.c is built with PREEMPTRT, the following splat occurs in FVPRevC: 13.055000 smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 13.062137 BUG: workqueue leaked...

5.5CVSS6.5AI score0.00114EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•12 views

SUSE CVE-2017-18905

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...

5.3CVSS7AI score0.00769EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:47 a.m.•11 views

SUSE CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS4.6AI score0.00911EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:25 a.m.•11 views

SUSE CVE-2025-71125

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This leads to calling the tracepoint register functions with a NULL function pointer which triggers:...

3.3CVSS6.7AI score0.00136EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•11 views

SUSE CVE-2025-15271

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS8.8AI score0.00581EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•11 views

SUSE CVE-2025-62190

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

4.3CVSS6.8AI score0.001EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/31 12:32 a.m.•11 views

SUSE CVE-2022-50816

In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report 1 with no reproducer hints at a bug in ip6gre tunnel dev:ip6gretap0 Since ipv6 mcast code makes sure to read dev-mtu once and applies a sanity check on it see commit...

4.4CVSS6.3AI score0.00211EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•11 views

SUSE CVE-2022-50823

In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra114clockinit offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

5.5CVSS6.4AI score0.00233EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•11 views

SUSE CVE-2022-50839

In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2fcwaitbufs' if buffer isn't uptodate, will return -EIO without update 'journal-jfcoff'. But 'jbd2fcreleasebufs' will release buffer head from 'jfcoff - 1' if 'bh' is...

5.5CVSS6.8AI score0.00206EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•11 views

SUSE CVE-2022-50840

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snictgtcreate Smatch reports a warning as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warn: '&tgt-list' not removed from list If deviceadd fails in snictgtcreate, tgt will be freed, but...

5.5CVSS6.5AI score0.00239EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•11 views

SUSE CVE-2022-50842

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO. Add check for that to prevent NULL dereference if userspace passes a VRAM BO...

5.5CVSS6.5AI score0.00201EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•11 views

SUSE CVE-2022-50849

In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmaping with VMIOREMAP An oops can be induced by running 'cat /proc/kcore /dev/null' on devices using pstore with the ram backend because kmapatomic assumes lowmem pages are accessible with va. Unable ...

5.5CVSS6.4AI score0.00195EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:29 a.m.•11 views

SUSE CVE-2023-54166

In the Linux kernel, the following vulnerability has been resolved: igc: Fix Kernel Panic during ndotxtimeout callback The Xeon validation group has been carrying out some loaded tests with various HW configurations, and they have seen some transmit queue time out happening during the test. This...

4.7CVSS6.4AI score0.00168EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/31 12:28 a.m.•11 views

SUSE CVE-2023-54214

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...

5.8CVSS6.6AI score0.00177EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:27 a.m.•11 views

SUSE CVE-2023-54236

In the Linux kernel, the following vulnerability has been resolved: net/netfailover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary devic...

6.1CVSS6.5AI score0.0018EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/30 12:23 a.m.•11 views

SUSE CVE-2025-68973

In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later are fixed versions...

8CVSS6.8AI score0.00129EPSS
Exploits1References16
SUSE CVE
SUSE CVE
•added 2025/12/25 1:5 a.m.•11 views

SUSE CVE-2022-50701

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes to align bus operation. If the tailroom of this skb is not big enough, we would access invalid memory region. For low level...

5.5CVSS6.5AI score0.00167EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/12/25 1:5 a.m.•11 views

SUSE CVE-2022-50706

In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized rawsendmsg syzbot is hitting skbassertlen warning at devqueuexmit 1, for PFIEEE802154 socket's zero-sized rawsendmsg request is hitting devqueuexmit with skb-len == 0. Since PFIEEE802154...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/25 1:5 a.m.•11 views

SUSE CVE-2022-50711

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix possible memory leak in mtkprobe If mtkwedaddhw has been called, mtkwedexit needs be called in error path or removing module to free the memory allocated in mtkwedaddhw...

6.5AI score0.00156EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•11 views

SUSE CVE-2022-50721

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...

7CVSS6.4AI score0.00198EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•11 views

SUSE CVE-2022-50755

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 ... Call Trace: invalidatebhlru+0x99/0x150...

5.1CVSS6.5AI score0.00239EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/25 12:56 a.m.•11 views

SUSE CVE-2023-54048

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since...

5.5CVSS6.3AI score0.00206EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2025/12/25 12:55 a.m.•11 views

SUSE CVE-2023-54110

In the Linux kernel, the following vulnerability has been resolved: usb: rndishost: Secure rndisquery check against int overflow Variables off and len typed as uint32 in rndisquery function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a...

5.5CVSS6.5AI score0.00184EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2025/12/25 12:54 a.m.•11 views

SUSE CVE-2023-54140

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in markbufferdirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that markbufferdirty called from nilfsmarkinodedirty or nilfspalloccommitallocentry may output a kern...

3.3CVSS6.4AI score0.00195EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/25 12:54 a.m.•11 views

SUSE CVE-2023-54146

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 "x86/kexec: fix memory leak of elf header buffer", freeing image-elfheaders in the error path of crashloadsegments is not needed because kimagefilepostloadcleanup...

6.3CVSS6.4AI score0.00168EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/19 1:7 a.m.•11 views

SUSE CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS5.4AI score0.00244EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2025/12/17 12:24 a.m.•11 views

SUSE CVE-2025-68241

In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The sit driver's packet transmission path calls: sittunnelxmit - updateorcreatefnhe, which lead to fnheremoveoldest being called to delete entries exceeding...

5.5CVSS6.2AI score0.00165EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•11 views

SUSE CVE-2025-14326

Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

6.5CVSS7.3AI score0.00401EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•11 views

SUSE CVE-2022-50650

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once, i.e. it explores execution state as if the function was being called...

6CVSS6.5AI score0.00188EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•11 views

SUSE CVE-2022-50654

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im-image In the scenario where livepatch and kretfunc coexist, the pageattr of im-image is rox after archpreparebpftrampoline in bpftrampolineupdate, and then modifyfentry or registerfentry...

6.5AI score0.00172EPSS
Exploits0References3
Total number of security vulnerabilities5000