Lucene search
K
SusecveMost viewed

59855 matches found

SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.10 views

SUSE CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

6.5CVSS5.4AI score0.00349EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.10 views

SUSE CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.9CVSS5.7AI score0.00262EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.10 views

SUSE CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5CVSS5.2AI score0.00259EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.10 views

SUSE CVE-2026-46433

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:16 a.m.10 views

SUSE CVE-2026-49759

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.5AI score0.00497EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/13 2:16 a.m.10 views

SUSE CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.6AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:27 a.m.10 views

SUSE CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7CVSS5.7AI score0.00555EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:26 a.m.10 views

SUSE CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:26 a.m.10 views

SUSE CVE-2026-45106

Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a...

4.6CVSS5.2AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

7.1CVSS5.3AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.4AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

5.9CVSS5.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-52726

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted...

7.5CVSS5.7AI score0.00448EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/11 11:14 a.m.10 views

SUSE CVE-2026-48724

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24...

5.5CVSS5.4AI score0.00103EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/11 11:14 a.m.10 views

SUSE CVE-2026-48733

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

4.7CVSS5.2AI score0.00092EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/11 11:13 a.m.10 views

SUSE CVE-2026-53460

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 a...

5.5CVSS5.2AI score0.00346EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/10 2:32 a.m.10 views

SUSE CVE-2026-11631

Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:32 a.m.10 views

SUSE CVE-2026-11633

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: Critical...

8.8CVSS6AI score0.00232EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:32 a.m.10 views

SUSE CVE-2026-11637

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.10 views

SUSE CVE-2026-11649

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00314EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.10 views

SUSE CVE-2026-11657

Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.10 views

SUSE CVE-2026-11658

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.5AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.10 views

SUSE CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.10 views

SUSE CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS5.4AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:28 a.m.10 views

SUSE CVE-2026-40215

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion...

6.1CVSS5.5AI score0.00309EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:28 a.m.10 views

SUSE CVE-2026-42535

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.5CVSS5.3AI score0.00538EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/10 2:28 a.m.10 views

SUSE CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.3CVSS5.4AI score0.0071EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.10 views

SUSE CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

6.5CVSS5.4AI score0.00598EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.10 views

SUSE CVE-2026-44186

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

6.5CVSS5.4AI score0.00562EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

5.5CVSS5.5AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46321

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...

5.5CVSS5.3AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46322

In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...

3.3CVSS5.3AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46325

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...

9.8CVSS5.5AI score0.00347EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46326

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...

8.4CVSS5.4AI score0.00132EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46329

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

5.4AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-52907

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from vs = to avoid accessing one element beyond the end of the arrays. While at it, use ARRAYSIZE instead of the MAX enum values. fix cosmetic issues...

5.3CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:25 a.m.10 views

SUSE CVE-2026-11487

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

5.3CVSS5.3AI score0.00923EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.10 views

SUSE CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

6.5CVSS5.8AI score0.00329EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46292

In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpddevpmattachbyid, genpd calls pmruntimeenable for the corresponding virtual device that it registers. While this...

5.5CVSS5.5AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46296

In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe back to s3c64xxspipreparetransfer failed to remove the corresponding deallocation from remove. Drop the bogus DMA channel release fro...

5.5CVSS5.4AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46297

In the Linux kernel, the following vulnerability has been resolved: net: libwx: use requestirq for VF misc interrupt Currently, requestthreadedirq is used with a primary handler but a NULL threaded handler, while also setting the IRQFONESHOT flag. This specific combination triggers a WARNING sinc...

5.5CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

5.5CVSS5.5AI score0.00091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46302

In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...

5.5CVSS5.5AI score0.001EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

5.5CVSS5.4AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46313

In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp-psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set to NULL before goin...

5.5CVSS5.3AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

5.5CVSS5.6AI score0.00277EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-48104

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

3.6CVSS5.5AI score0.00179EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/08 1:5 a.m.10 views

SUSE CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS5.4AI score0.00158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:51 a.m.10 views

SUSE CVE-2026-10913

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.0039EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:50 a.m.10 views

SUSE CVE-2026-10932

Use after free in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00301EPSS
Exploits0References2
Total number of security vulnerabilities5000