Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2024/04/15 11:12 p.m.•10 views

SUSE CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

4.4CVSS6.1AI score0.00234EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2024/04/10 2:16 a.m.•10 views

SUSE CVE-2024-26697

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfsrecoverycopyblock of nilfsrecoverydsyncblocks, which recovers data from logs created by data sync writes during a mount after an...

5.5CVSS6.5AI score0.00234EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2024/04/09 2:29 a.m.•10 views

SUSE CVE-2024-26744

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srptserviceguid parameter Make loading ibsrpt with this parameter set work. The current behavior is that setting that parameter while loading the ibsrpt kernel module triggers the following kerne...

5.5CVSS6.3AI score0.00255EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2024/04/05 2:21 a.m.•10 views

SUSE CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

5.5CVSS6.6AI score0.0023EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/03/28 4:14 a.m.•10 views

SUSE CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.7CVSS9AI score0.19883EPSS
Exploits5References5
SUSE CVE
SUSE CVE
•added 2024/03/27 4:26 a.m.•10 views

SUSE CVE-2021-47141

In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv-msixvectors. If we failed to allocate priv-msixvectors see abortwithmsixvectors this could lead to a NULL pointer dereference if the...

5.5CVSS7.7AI score0.00225EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/03/13 4:22 a.m.•10 views

SUSE CVE-2024-26610

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwlfwinitriggertlv::data is a pointer to a le32, which means that if we copy to iwlfwinitriggertlv::data + offset while offset is in bytes, we'll write past the buffer...

7.1CVSS6.3AI score0.00307EPSS
Exploits0References132
SUSE CVE
SUSE CVE
•added 2024/03/07 4:25 a.m.•10 views

SUSE CVE-2023-52585

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible NULL dereference in amdgpurasqueryerrorstatushelper Return invalid error code -EINVAL for invalid block id. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpuras.c:1183 amdgpurasqueryerrorstatushelper...

5.5CVSS6.5AI score0.00282EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2024/03/07 4:25 a.m.•10 views

SUSE CVE-2023-52589

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1ispstop and rkisp1csidisable the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is...

4.7CVSS6.2AI score0.00173EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2024/03/07 4:25 a.m.•10 views

SUSE CVE-2023-52603

In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...

5.5CVSS6.3AI score0.00289EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2024/03/06 4:52 a.m.•10 views

SUSE CVE-2021-47095

In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: initialize ssifinfo-client early During probe ssifinfo-client is dereferenced in error path. However, it is set when some of the error checking has already been done. This causes following kernel crash if an error pat...

5.1CVSS7.7AI score0.00225EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2024/03/05 4:49 a.m.•10 views

SUSE CVE-2021-47073

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dellsmbios initdellsmbioswmi only registers the dellsmbioswmidriver on systems where the Dell WMI interface is supported. While exitdellsmbioswmi unregisters it unconditionally, th...

5.5CVSS7.7AI score0.00241EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2024/03/05 4:39 a.m.•10 views

SUSE CVE-2022-48628

In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the icount will be released. Then it will flush the dirty cap/sna...

4.4CVSS5.8AI score0.00237EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/03/05 4:31 a.m.•10 views

SUSE CVE-2023-52574

In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer 1. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlandevhardheader+0x35/0x140 8021q...

5.5CVSS5.8AI score0.00228EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2024/03/02 5:48 a.m.•10 views

SUSE CVE-2021-47046

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi14processtransaction The hdcpi2coffsets array did not have an entry for HDCPMESSAGEIDWRITECONTENTSTREAMTYPE so it led to an off by one read overflow. I added an entry and copied the 0x0 valu...

6CVSS7.8AI score0.00245EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2024/03/01 4:8 a.m.•10 views

SUSE CVE-2021-46983

In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, a retry counter exceeded error is received. This leads to nvmetrdmaerrorcomp which tried accessing the...

5.5CVSS7.7AI score0.00236EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2024/03/01 4:7 a.m.•10 views

SUSE CVE-2021-47024

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b "vsock/virtio: free packets during the socket...

4.7CVSS6.2AI score0.0025EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/03/01 4:7 a.m.•10 views

SUSE CVE-2021-47026

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "removepath" that eventually calls rtrscltremovepathfromsysfs function. The current...

4.4CVSS7.8AI score0.00238EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2024/02/29 3:56 a.m.•10 views

SUSE CVE-2021-46955

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds...

7.5CVSS6.3AI score0.00254EPSS
Exploits0References65
SUSE CVE
SUSE CVE
•added 2024/02/28 3:42 a.m.•10 views

SUSE CVE-2023-52470

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the allocworkqueue return value in radeoncrtcinit check the allocworkqueue return value in radeoncrtcinit to avoid null-ptr-deref...

5.5CVSS6.4AI score0.0029EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2024/02/27 3:56 a.m.•10 views

SUSE CVE-2023-52462

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slottypeBPFREGSIZE - 1 plus potentially few more below it, depending on actual spill size. So to check i...

4.4CVSS6.3AI score0.00226EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/02/24 3:17 a.m.•10 views

SUSE CVE-2023-52443

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpackprofile described like "profile :ns::samba-dcerpcd /usr/lib/samba/,samba/samba-dcerpcd ..." a string ":samba-dcerpcd" is unpacked a...

5.5CVSS6.2AI score0.0024EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2024/02/13 3:51 a.m.•10 views

SUSE CVE-2023-52429

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2024/02/01 12:16 a.m.•10 views

SUSE CVE-2024-1060

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00881EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2024/01/25 2:47 a.m.•10 views

SUSE CVE-2024-23851

copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...

4.4CVSS6.7AI score0.00296EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/10/31 2:26 a.m.•10 views

SUSE CVE-2021-20325

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be...

9.8CVSS8.7AI score0.01569EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2023/10/31 2:25 a.m.•10 views

SUSE CVE-2021-35622

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS5.6AI score0.01294EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2023/10/11 1:47 a.m.•10 views

SUSE CVE-2023-5478

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS8.5AI score0.00766EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/09/07 2:35 a.m.•10 views

SUSE CVE-2023-4764

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

6.5CVSS8.4AI score0.01044EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/06/10 2:55 a.m.•10 views

SUSE CVE-2023-3161

A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing font-width and font-height greater than 32 to fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service...

5.5CVSS6.5AI score0.00206EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/04/05 1:49 a.m.•10 views

SUSE CVE-2023-1812

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.7AI score0.00935EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/04/05 1:49 a.m.•10 views

SUSE CVE-2023-1820

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS9.3AI score0.00975EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/03/29 1:53 a.m.•10 views

SUSE CVE-2023-28859

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...

4.3CVSS9.2AI score0.01034EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/03/28 1:53 a.m.•10 views

SUSE CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

3.3CVSS6.1AI score0.00199EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2023/02/15 6:21 a.m.•10 views

SUSE CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

5CVSS7AI score0.10872EPSS
Exploits7References10
SUSE CVE
SUSE CVE
•added 2023/02/15 6:16 a.m.•10 views

SUSE CVE-2005-3905

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.115 and earlier, 1.4.208 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a differen...

7.5CVSS7.5AI score0.05168EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 6:11 a.m.•10 views

SUSE CVE-2007-3779

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

4.3CVSS7.3AI score0.01192EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•10 views

SUSE CVE-2010-0425

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...

10CVSS9.4AI score0.94248EPSS
Exploits13References6
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•10 views

SUSE CVE-2010-0838

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Orac...

7.5CVSS8.5AI score0.149EPSS
Exploits9References12
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•10 views

SUSE CVE-2010-0839

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

7.5CVSS8.2AI score0.03538EPSS
Exploits4References12
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•10 views

SUSE CVE-2010-0842

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

7.5CVSS8.4AI score0.77721EPSS
Exploits9References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•10 views

SUSE CVE-2010-3362

lastfm 1.5.4 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

6.9CVSS6.9AI score0.00436EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•10 views

SUSE CVE-2010-3366

MnFit 5.13 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

6.9CVSS7.1AI score0.00386EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•10 views

SUSE CVE-2010-3372

Untrusted search path vulnerability in NorduGrid Advanced Resource Connector ARC before 0.8.3 allows local users to gain privileges via vectors related to the LDLIBRARYPATH environment variable. NOTE: some of these details are obtained from third party information...

6.9CVSS7.1AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:53 a.m.•10 views

SUSE CVE-2011-1938

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...

7.5CVSS8.2AI score0.22724EPSS
Exploits13References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:51 a.m.•10 views

SUSE CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS8.8AI score0.98945EPSS
Exploits17References20
SUSE CVE
SUSE CVE
•added 2023/02/15 5:50 a.m.•10 views

SUSE CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

4.4CVSS9.2AI score0.04716EPSS
Exploits4References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:50 a.m.•10 views

SUSE CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS6.9AI score0.52531EPSS
Exploits2References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:46 a.m.•10 views

SUSE CVE-2012-3174

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the...

10CVSS7.2AI score0.04577EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:42 a.m.•10 views

SUSE CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

10CVSS8.3AI score0.97612EPSS
Exploits38References17
Total number of security vulnerabilities5000