Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2024/03/14 4:12 a.m.•11 views

SUSE CVE-2024-2400

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.007EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2024/03/07 4:25 a.m.•11 views

SUSE CVE-2023-52603

In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...

5.5CVSS6.3AI score0.00289EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2024/03/07 4:24 a.m.•11 views

SUSE CVE-2024-26625

In the Linux kernel, the following vulnerability has been resolved: llc: call sockorphan at release time syzbot reported an interesting trace 1 caused by a stale sk-skwq pointer in a closed llc socket. In commit ff7b11aa481f "net: socket: set sock-sk to NULL after calling protoops::release" Eric...

5.5CVSS6.1AI score0.00249EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/03/06 4:52 a.m.•11 views

SUSE CVE-2021-47104

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qibusersdmaqueuepkts The wrong goto label was used for the error case and missed cleanup of the pkt allocation. Addresses-Coverity-ID: 1493352 "Resource leak"...

5.5CVSS7.8AI score0.0024EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2024/03/05 4:39 a.m.•11 views

SUSE CVE-2022-48628

In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the icount will be released. Then it will flush the dirty cap/sna...

4.4CVSS5.8AI score0.00237EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/03/02 5:48 a.m.•11 views

SUSE CVE-2021-47068

In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcpsockbind/connect Commits 8a4cd82d "nfc: fix refcount leak in llcpsockconnect" and c33b1cc62 "nfc: fix refcount leak in llcpsockbind" fixed a refcount leak bug in bind/connect but introduced a...

7.8CVSS6.1AI score0.00233EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2024/02/29 3:56 a.m.•11 views

SUSE CVE-2021-46955

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds...

7.5CVSS6.3AI score0.00254EPSS
Exploits0References65
SUSE CVE
SUSE CVE
•added 2024/01/20 3:10 a.m.•11 views

SUSE CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

7.5CVSS7.3AI score0.14286EPSS
Exploits3References6
SUSE CVE
SUSE CVE
•added 2023/12/30 2:24 a.m.•11 views

SUSE CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

7CVSS6.5AI score0.00224EPSS
Exploits0References60
SUSE CVE
SUSE CVE
•added 2023/08/01 1:29 a.m.•11 views

SUSE CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nftpipaporemove function with the element, without a NFTSETEXTKEYEND. This issue could allow a local user to crash the system or potentially escalate their privileges on the system...

7.8CVSS6.3AI score0.0095EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2023/06/20 1:13 a.m.•11 views

SUSE CVE-2023-35828

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesasusb3remove in drivers/usb/gadget/udc/renesasusb3.c...

6.7CVSS6.6AI score0.00536EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2023/04/07 1:56 a.m.•11 views

SUSE CVE-2023-1838

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem...

5.5CVSS6.2AI score0.00251EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2023/04/05 1:49 a.m.•11 views

SUSE CVE-2023-1811

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00968EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/03/28 1:53 a.m.•11 views

SUSE CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

3.3CVSS6.1AI score0.00199EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/03/28 1:50 a.m.•11 views

SUSE CVE-2023-1637

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to...

4.8CVSS7.5AI score0.00223EPSS
Exploits0References24
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•11 views

SUSE CVE-2010-0425

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...

10CVSS9.4AI score0.94248EPSS
Exploits13References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:48 a.m.•11 views

SUSE CVE-2012-1182

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

10CVSS9.5AI score0.74034EPSS
Exploits9References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:40 a.m.•11 views

SUSE CVE-2013-1488

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

10CVSS7.7AI score0.87227EPSS
Exploits10References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:32 a.m.•11 views

SUSE CVE-2014-0160

The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS6.8AI score0.99999EPSS
Exploits88References32
SUSE CVE
SUSE CVE
•added 2023/02/15 4:52 a.m.•11 views

SUSE CVE-2017-2910

An exploitable Out-of-bounds Write vulnerability exists in the xlsaddCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability...

8.8CVSS8.3AI score0.02088EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:35 a.m.•11 views

SUSE CVE-2017-18595

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocatetracebuffer in the file kernel/trace/trace.c...

4.4CVSS6.2AI score0.0035EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:29 a.m.•11 views

SUSE CVE-2018-7492

A NULL pointer dereference was found in the net/rds/rdma.c rdsrdmamap function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDSGETMR and RDSGETMRFORDEST...

6.2CVSS6AI score0.00652EPSS
Exploits1References15
SUSE CVE
SUSE CVE
•added 2023/02/15 4:25 a.m.•11 views

SUSE CVE-2018-14734

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucmaleavemulticast to access a certain data structure after a cleanup step in ucmaprocessjoin, which allows attackers to cause a denial of service use-after-free...

7CVSS7.3AI score0.00566EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:20 a.m.•11 views

SUSE CVE-2018-1000199

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...

7.1CVSS7.1AI score0.01221EPSS
Exploits0References86
SUSE CVE
SUSE CVE
•added 2023/02/15 4:19 a.m.•11 views

SUSE CVE-2019-2510

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7.2AI score0.03443EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2023/02/15 4:18 a.m.•11 views

SUSE CVE-2019-2537

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4.9CVSS7.2AI score0.04457EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2023/02/15 4:15 a.m.•11 views

SUSE CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...

6.5CVSS7.4AI score0.91985EPSS
Exploits9References4
SUSE CVE
SUSE CVE
•added 2023/02/15 4:14 a.m.•11 views

SUSE CVE-2019-9503

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...

4.7CVSS7.5AI score0.03313EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:12 a.m.•11 views

SUSE CVE-2019-11477

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

8.2CVSS7.6AI score0.98745EPSS
Exploits4References36
SUSE CVE
SUSE CVE
•added 2023/02/15 4:9 a.m.•11 views

SUSE CVE-2019-14815

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiexsetwmmparams function of Marvell Wifi Driver...

7.5CVSS6.9AI score0.00488EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:8 a.m.•11 views

SUSE CVE-2019-15927

An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function buildaudioprocunit in the file sound/usb/mixer.c...

4.9CVSS7.6AI score0.00412EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/02/15 4:7 a.m.•11 views

SUSE CVE-2019-17666

rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow...

5.4CVSS7AI score0.03017EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/02/15 4:6 a.m.•11 views

SUSE CVE-2019-19037

ext4emptydir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4readdirblockinode,0,DIRENTHTREE can be zero...

5.5CVSS7.9AI score0.01886EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:3 a.m.•11 views

SUSE CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

7.5CVSS6.7AI score0.00343EPSS
Exploits0References66
SUSE CVE
SUSE CVE
•added 2023/02/15 4:1 a.m.•11 views

SUSE CVE-2020-8648

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the nttyreceivebufcommon function in drivers/tty/ntty.c...

6.1CVSS6.5AI score0.00661EPSS
Exploits1References19
SUSE CVE
SUSE CVE
•added 2023/02/15 4:1 a.m.•11 views

SUSE CVE-2020-8834

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATEHOSTR1 to store r1 state in kvmppchventry plus in kvmppcsave,restoretm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to pani...

7.1CVSS5.2AI score0.00347EPSS
Exploits1References16
SUSE CVE
SUSE CVE
•added 2023/02/15 3:55 a.m.•11 views

SUSE CVE-2020-20277

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's composeabspath function that can be abused to read or write to arbitrary files on the filesystem,...

9.8CVSS9.9AI score0.25249EPSS
Exploits4References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:54 a.m.•11 views

SUSE CVE-2020-25220

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd-norefcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature...

7.8CVSS6.9AI score0.00449EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•11 views

SUSE CVE-2020-25639

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC. This flaw allows a local user to crash the system...

4.4CVSS6.2AI score0.00366EPSS
Exploits1References23
SUSE CVE
SUSE CVE
•added 2023/02/15 3:51 a.m.•11 views

SUSE CVE-2020-29373

An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d...

7.7CVSS6.6AI score0.00512EPSS
Exploits1References16
SUSE CVE
SUSE CVE
•added 2023/02/15 3:49 a.m.•11 views

SUSE CVE-2021-3506

An out-of-bounds OOB memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The...

7.1CVSS6.3AI score0.00366EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:48 a.m.•11 views

SUSE CVE-2021-3679

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users with CAPSYSADMIN capability could use this flaw to starve the resources causing denial of service...

5.5CVSS6.3AI score0.00734EPSS
Exploits0References33
SUSE CVE
SUSE CVE
•added 2023/02/15 3:48 a.m.•11 views

SUSE CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

7.8CVSS7.5AI score0.94921EPSS
Exploits152References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:47 a.m.•11 views

SUSE CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

6.4CVSS8.6AI score0.81147EPSS
Exploits9References24
SUSE CVE
SUSE CVE
•added 2023/02/15 3:45 a.m.•11 views

SUSE CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

5.4CVSS6.2AI score0.0627EPSS
Exploits1References86
SUSE CVE
SUSE CVE
•added 2023/02/15 3:44 a.m.•11 views

SUSE CVE-2021-26932

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then...

5.9CVSS6.6AI score0.00346EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2023/02/15 3:42 a.m.•11 views

SUSE CVE-2021-29603

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

7.8CVSS7.6AI score0.00201EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:37 a.m.•11 views

SUSE CVE-2021-41773

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

7.5CVSS8.8AI score0.99992EPSS
Exploits149References4
SUSE CVE
SUSE CVE
•added 2023/02/15 3:37 a.m.•11 views

SUSE CVE-2021-42008

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...

8.8CVSS6.5AI score0.01476EPSS
Exploits3References38
SUSE CVE
SUSE CVE
•added 2023/02/15 3:36 a.m.•11 views

SUSE CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.9CVSS7AI score0.09358EPSS
Exploits1References11
Total number of security vulnerabilities5000