Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2023/02/15 4:33 a.m.•10 views

SUSE CVE-2018-2787

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.5CVSS7.2AI score0.02594EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/02/15 4:17 a.m.•10 views

SUSE CVE-2019-3460

A heap data infoleak in multiple locations including L2CAPPARSECONFRSP was found in the Linux kernel before 5.1-rc1...

2.6CVSS7.1AI score0.01827EPSS
Exploits1References17
SUSE CVE
SUSE CVE
•added 2023/02/15 4:16 a.m.•10 views

SUSE CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...

4.8CVSS8.3AI score0.58204EPSS
Exploits9References32
SUSE CVE
SUSE CVE
•added 2023/02/15 4:13 a.m.•10 views

SUSE CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

7.1CVSS7.4AI score0.81466EPSS
Exploits4References10
SUSE CVE
SUSE CVE
•added 2023/02/15 4:12 a.m.•10 views

SUSE CVE-2019-11479

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

7.5CVSS6.3AI score0.9166EPSS
Exploits1References24
SUSE CVE
SUSE CVE
•added 2023/02/15 4:9 a.m.•10 views

SUSE CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig...

7.5CVSS9.2AI score0.10676EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2023/02/15 4:8 a.m.•10 views

SUSE CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptracegetdebugreg" commit reintroduced the...

6.2CVSS6.9AI score0.00586EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 4:0 a.m.•10 views

SUSE CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7.5CVSS8.1AI score0.56636EPSS
Exploits15References14
SUSE CVE
SUSE CVE
•added 2023/02/15 3:59 a.m.•10 views

SUSE CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

5.3CVSS7AI score0.58716EPSS
Exploits2References12
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•10 views

SUSE CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

7.5CVSS6.8AI score0.87553EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2023/02/15 3:58 a.m.•10 views

SUSE CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

5.4CVSS8.4AI score0.08665EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2023/02/15 3:54 a.m.•10 views

SUSE CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

4.2CVSS8.3AI score0.02592EPSS
Exploits2References33
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•10 views

SUSE CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration...

6.5CVSS7AI score0.02923EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•10 views

SUSE CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

4.3CVSS9AI score0.06487EPSS
Exploits0References32
SUSE CVE
SUSE CVE
•added 2023/02/15 3:51 a.m.•10 views

SUSE CVE-2020-29479

An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged...

8.8CVSS6.9AI score0.00304EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:51 a.m.•10 views

SUSE CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b...

7.4CVSS6.1AI score0.01129EPSS
Exploits2References37
SUSE CVE
SUSE CVE
•added 2023/02/15 3:48 a.m.•10 views

SUSE CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

4CVSS8.6AI score0.00308EPSS
Exploits0References34
SUSE CVE
SUSE CVE
•added 2023/02/15 3:47 a.m.•10 views

SUSE CVE-2021-4203

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

5.8CVSS6.3AI score0.01747EPSS
Exploits1References22
SUSE CVE
SUSE CVE
•added 2023/02/15 3:46 a.m.•10 views

SUSE CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

2.9CVSS7.5AI score0.01777EPSS
Exploits1References8
SUSE CVE
SUSE CVE
•added 2023/02/15 3:43 a.m.•10 views

SUSE CVE-2021-29553

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

7.1CVSS7AI score0.00198EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:40 a.m.•10 views

SUSE CVE-2021-33909

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...

7.8CVSS8AI score0.09729EPSS
Exploits6References43
SUSE CVE
SUSE CVE
•added 2023/02/15 3:38 a.m.•10 views

SUSE CVE-2021-38199

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service hanging of mounts by arranging for those servers to be unreachable during trunking detection...

6.5CVSS6.3AI score0.01245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:36 a.m.•10 views

SUSE CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message...

9.8CVSS9.1AI score0.99999EPSS
Exploits351References23
SUSE CVE
SUSE CVE
•added 2023/02/15 3:35 a.m.•10 views

SUSE CVE-2021-46663

MariaDB through 10.5.13 allows a hamaria::extra application crash via certain SELECT statements...

7.5CVSS8.2AI score0.00403EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:35 a.m.•10 views

SUSE CVE-2021-46665

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

5.5CVSS8.2AI score0.004EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:34 a.m.•10 views

SUSE CVE-2022-0850

A vulnerability was found in linux kernel, where an information leak occurs via ext4extentheader to userspace...

4.4CVSS6.6AI score0.00408EPSS
Exploits1References25
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•10 views

SUSE CVE-2022-3435

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fibnhmatch of the file net/ipv4/fibsemantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to appl...

5.3CVSS6.7AI score0.03681EPSS
Exploits0References28
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•10 views

SUSE CVE-2022-3643

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network stack that packet...

6.3CVSS6.5AI score0.00463EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•10 views

SUSE CVE-2022-21313

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to...

2.9CVSS3.4AI score0.01592EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•10 views

SUSE CVE-2022-21462

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS5.6AI score0.01287EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•10 views

SUSE CVE-2022-21489

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.8AI score0.78854EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•10 views

SUSE CVE-2022-21505

In the linux kernel, if IMA appraisal is used with the "imaappraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "imaappraise=log" from the boot param when Secure Boot is enabled, but this does not cover case...

6.7CVSS6.9AI score0.002EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/02/15 3:27 a.m.•10 views

SUSE CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS8.3AI score0.00645EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:27 a.m.•10 views

SUSE CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

6.2CVSS7.2AI score0.01044EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 3:27 a.m.•10 views

SUSE CVE-2022-25265

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 e.g., with GCC 3.2.2 and Linux kernel 2.4.20. This can cause execution of bytes located in supposedly non-executable regions of a file...

7.8CVSS6.6AI score0.01054EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:26 a.m.•10 views

SUSE CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

5.1CVSS6.7AI score0.00381EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:26 a.m.•10 views

SUSE CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

7.5CVSS9.4AI score0.012EPSS
Exploits0References29
SUSE CVE
SUSE CVE
•added 2023/02/15 3:25 a.m.•10 views

SUSE CVE-2022-32091

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

4.4CVSS8.4AI score0.02082EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2023/02/15 3:23 a.m.•10 views

SUSE CVE-2022-41850

roccatreportevent in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-value is in progress...

4CVSS6.6AI score0.00205EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:23 a.m.•10 views

SUSE CVE-2022-42896

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may allow code execution and leaking kernel memory respectively remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via...

6.8CVSS7.4AI score0.02014EPSS
Exploits0References23
SUSE CVE
SUSE CVE
•added 2023/02/15 3:22 a.m.•10 views

SUSE CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...

8.8CVSS7.4AI score0.21314EPSS
Exploits0References82
SUSE CVE
SUSE CVE
•added 2023/02/15 3:22 a.m.•10 views

SUSE CVE-2022-44032

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race condition between cmmopen and cm4000detach...

4.3CVSS7.8AI score0.00323EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 3 days ago•9 views

SUSE CVE-2026-53361

In the Linux kernel, the following vulnerability has been resolved: afunix: Set gcinprogress to true in unixgc. Igor Ushakov reported that unixgc could run with gcinprogress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unixschedulegc...

5.8AI score0.00171EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 5 days ago•9 views

SUSE CVE-2022-46294

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7.5AI score0.00863EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/06/30 1:50 a.m.•9 views

SUSE CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS6.6AI score0.00551EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:49 a.m.•9 views

SUSE CVE-2026-13500

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS6.7AI score0.00311EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:42 a.m.•9 views

SUSE CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53278

In the Linux kernel, the following vulnerability has been resolved: armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...

5.8AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS6AI score0.00432EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53285

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DCRUNWITHPREEMPTIONENABLED Why dcn32validatebandwidth wraps dcn32internalvalidatebw with DCFPSTART/DCFPEND. In x86 non-RT, DCFPSTART takes fpregslock, which disables local...

5.8AI score0.00155EPSS
Exploits0References3
Total number of security vulnerabilities5000