Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2024/06/04 2:24 a.m.•11 views

SUSE CVE-2024-36964

In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set among others the suid bit. This was presumably not the intent since the unix extende...

7.2CVSS6.2AI score0.00218EPSS
Exploits0References143
SUSE CVE
SUSE CVE
•added 2024/06/01 2:30 a.m.•11 views

SUSE CVE-2024-5499

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00892EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2024/05/28 3:1 p.m.•11 views

SUSE CVE-2023-52752

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being teared down e.g. @ses-sesstatus == SESEXITING in cifsdebugdataprocshow to avoid use-after-free in @ses. This fixes the following GPF wh...

7.8CVSS6.3AI score0.00246EPSS
Exploits0References148
SUSE CVE
SUSE CVE
•added 2024/05/21 2:0 a.m.•11 views

SUSE CVE-2024-27432

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK: In the mtkppestop function, the PPE scan mode is not disabled before disabling the PPE. This can potentially le...

5.5CVSS6.3AI score0.00223EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/05/21 2:0 a.m.•11 views

SUSE CVE-2024-35808

In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definitely unsafe because mdreapsyncthread can change many fields that is...

5.5CVSS6.3AI score0.00174EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/21 1:59 a.m.•11 views

SUSE CVE-2024-35915

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncidevup and ncintfpacket syzbot reported the following uninit-value access issue 12: ncirxwork parses and processes received packet. When the payload length is zero, each message type handler reads...

5.5CVSS6.3AI score0.00221EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2024/05/18 2:46 a.m.•11 views

SUSE CVE-2024-27412

In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client-irq will be 0. bq27xxxbatteryi2cprobe already has an if client-irq check wrapping the requestthreadedirq. B...

5.5CVSS6.5AI score0.00244EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/05/18 2:46 a.m.•11 views

SUSE CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

7CVSS6.4AI score0.00244EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2024/05/03 2:9 a.m.•11 views

SUSE CVE-2024-26962

In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in...

5.5CVSS6.4AI score0.00174EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/03 2:9 a.m.•11 views

SUSE CVE-2024-26992

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host...

3.3CVSS6.4AI score0.00221EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2024/04/30 2:26 a.m.•11 views

SUSE CVE-2022-48663

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: fix NULL pointer dereference when removing debugfs We now remove the device's debugfs entries when unbinding the driver. This now causes a NULL-pointer dereference on module exit because the platform devices are...

5.5CVSS6.2AI score0.00226EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/04/23 1:44 a.m.•11 views

SUSE CVE-2024-26884

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on rounduppowoftwo to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches,...

5.5CVSS6.5AI score0.00251EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2024/04/23 1:44 a.m.•11 views

SUSE CVE-2024-26915

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOWCLEAR bit Allows us to detect subsequent IH ring buffer overflows as well...

5.5CVSS6.7AI score0.00246EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/04/18 2:31 a.m.•11 views

SUSE CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

8.2CVSS7.2AI score0.8833EPSS
Exploits16References11
SUSE CVE
SUSE CVE
•added 2024/04/18 2:31 a.m.•11 views

SUSE CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

6.1CVSS6.5AI score0.00801EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2024/04/15 11:20 p.m.•11 views

SUSE CVE-2021-47194

In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211stopap when switch from P2PGO type If the userspace tools switch from NL80211IFTYPEP2PGO to NL80211IFTYPEADHOC via sendmsgNL80211CMDSETINTERFACE, it does not call the cleanup cfg80211stopap, this leads to t...

5.5CVSS7.5AI score0.00249EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2024/04/13 2:19 a.m.•11 views

SUSE CVE-2021-47189

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordere...

5.5CVSS7.8AI score0.00921EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/04/12 2:21 a.m.•11 views

SUSE CVE-2021-47184

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40EVSIRELEASING flag to signalize deleting and releasing of VSI resources to sync this thread with sy...

5.5CVSS7.5AI score0.00238EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/03/19 3:50 a.m.•11 views

SUSE CVE-2021-47112

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features Async PF, PV EOI, steal time work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all these features to ma...

3.3CVSS7.8AI score0.00237EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/03/14 4:12 a.m.•11 views

SUSE CVE-2024-2400

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.007EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2024/03/07 4:25 a.m.•11 views

SUSE CVE-2023-52603

In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...

5.5CVSS6.3AI score0.00289EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2024/03/06 4:52 a.m.•11 views

SUSE CVE-2021-47104

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qibusersdmaqueuepkts The wrong goto label was used for the error case and missed cleanup of the pkt allocation. Addresses-Coverity-ID: 1493352 "Resource leak"...

5.5CVSS7.8AI score0.0024EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2024/03/05 4:39 a.m.•11 views

SUSE CVE-2022-48628

In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the icount will be released. Then it will flush the dirty cap/sna...

4.4CVSS5.8AI score0.00237EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/03/05 4:31 a.m.•11 views

SUSE CVE-2023-52580

In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETHP1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to skbflowdissect, nhoff value calculation is wrong. For example: hdr-messagelength takes t...

5.5CVSS6AI score0.00225EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2024/03/02 5:48 a.m.•11 views

SUSE CVE-2021-47068

In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcpsockbind/connect Commits 8a4cd82d "nfc: fix refcount leak in llcpsockconnect" and c33b1cc62 "nfc: fix refcount leak in llcpsockbind" fixed a refcount leak bug in bind/connect but introduced a...

7.8CVSS6.1AI score0.00233EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2024/03/02 5:20 a.m.•11 views

SUSE CVE-2023-52478

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has four time-of-check vs time-of-use TOCTOU races when it races with itself. hidppconnectevent primarily runs from a workqueue but it also runs o...

5.8CVSS6.3AI score0.00171EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2024/02/29 3:56 a.m.•11 views

SUSE CVE-2021-46955

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds...

7.5CVSS6.3AI score0.00254EPSS
Exploits0References65
SUSE CVE
SUSE CVE
•added 2024/01/20 3:10 a.m.•11 views

SUSE CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

7.5CVSS7.3AI score0.14286EPSS
Exploits3References6
SUSE CVE
SUSE CVE
•added 2023/10/11 1:47 a.m.•11 views

SUSE CVE-2023-5479

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.5AI score0.00621EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/08/18 2:12 a.m.•11 views

SUSE CVE-2023-4387

A use-after-free flaw was found in vmxnet3rqallocrxbuf in drivers/net/vmxnet3/vmxnet3drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3rqcleanupall, which could also lead to ...

6.6CVSS6AI score0.00245EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2023/08/01 1:29 a.m.•11 views

SUSE CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nftpipaporemove function with the element, without a NFTSETEXTKEYEND. This issue could allow a local user to crash the system or potentially escalate their privileges on the system...

7.8CVSS6.3AI score0.0095EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2023/06/20 1:13 a.m.•11 views

SUSE CVE-2023-35828

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesasusb3remove in drivers/usb/gadget/udc/renesasusb3.c...

6.7CVSS6.6AI score0.00536EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2023/06/10 2:55 a.m.•11 views

SUSE CVE-2023-3161

A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing font-width and font-height greater than 32 to fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service...

5.5CVSS6.5AI score0.00206EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/05/09 2:3 a.m.•11 views

SUSE CVE-2023-32269

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free because accept is also allowed for a successfully connected AFNETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the...

5.9CVSS6.7AI score0.0027EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2023/04/20 2:6 a.m.•11 views

SUSE CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS9.3AI score0.05786EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/04/07 1:56 a.m.•11 views

SUSE CVE-2023-1838

A use-after-free flaw was found in vhostnetsetbackend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem...

5.5CVSS6.2AI score0.00251EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2023/04/05 1:49 a.m.•11 views

SUSE CVE-2023-1811

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00968EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/04/05 1:49 a.m.•11 views

SUSE CVE-2023-1814

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.6AI score0.00889EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/03/28 1:53 a.m.•11 views

SUSE CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

3.3CVSS6.1AI score0.00199EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 6:16 a.m.•11 views

SUSE CVE-2005-3905

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.115 and earlier, 1.4.208 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a differen...

7.5CVSS7.5AI score0.05168EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•11 views

SUSE CVE-2010-0425

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...

10CVSS9.4AI score0.94248EPSS
Exploits13References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:48 a.m.•11 views

SUSE CVE-2012-1182

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call...

10CVSS9.5AI score0.74034EPSS
Exploits9References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:40 a.m.•11 views

SUSE CVE-2013-1488

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...

10CVSS7.7AI score0.87227EPSS
Exploits10References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:32 a.m.•11 views

SUSE CVE-2014-0160

The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS6.8AI score0.99999EPSS
Exploits88References32
SUSE CVE
SUSE CVE
•added 2023/02/15 4:52 a.m.•11 views

SUSE CVE-2017-2910

An exploitable Out-of-bounds Write vulnerability exists in the xlsaddCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability...

8.8CVSS8.3AI score0.02088EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 4:49 a.m.•11 views

SUSE CVE-2017-5898

Integer overflow in the emulatedapdufromguest function in usb/dev-smartcard-reader.c in Quick Emulator Qemu, when built with the CCID Card device emulator support, allows local users to cause a denial of service application crash via a large Application Protocol Data Units APDU unit...

5.5CVSS6.7AI score0.004EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 4:35 a.m.•11 views

SUSE CVE-2017-18595

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocatetracebuffer in the file kernel/trace/trace.c...

4.4CVSS6.2AI score0.0035EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:25 a.m.•11 views

SUSE CVE-2018-14734

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucmaleavemulticast to access a certain data structure after a cleanup step in ucmaprocessjoin, which allows attackers to cause a denial of service use-after-free...

7CVSS7.3AI score0.00566EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:20 a.m.•11 views

SUSE CVE-2018-1000199

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in...

7.1CVSS7.1AI score0.01221EPSS
Exploits0References86
SUSE CVE
SUSE CVE
•added 2023/02/15 4:19 a.m.•11 views

SUSE CVE-2019-2510

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7.2AI score0.03443EPSS
Exploits0References9
Total number of security vulnerabilities5000