Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
•added 2026/05/13 2:25 p.m.•9 views

SUSE CVE-2026-8449

This CVE ID has been rejected or withdrawn...

5.7AI score0.00179EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/13 2:22 p.m.•9 views

SUSE CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

7.5CVSS5.7AI score0.00126EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/05/13 3:48 a.m.•9 views

SUSE CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:37 a.m.•9 views

SUSE CVE-2026-42050

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/05/13 3:35 a.m.•9 views

SUSE CVE-2026-43307

In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than present in FIFO The interrupt handler reads FIFO entries in batches of N samples, where N is the number of scan elements that have been enabled. However, the sensor fills the...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:35 a.m.•9 views

SUSE CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

5.9AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:35 a.m.•9 views

SUSE CVE-2026-43337

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:35 a.m.•9 views

SUSE CVE-2026-43345

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CHCCNTXT0 to CHCCNTXT1. The v5.0 register definition intended to define this field in the CHCCNTXT1 fmask array but...

5.5CVSS5.7AI score0.00353EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43355

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pmruntimeputautosuspend before the error check to ensure the PM runtime reference count is always decremented after pmruntimegetsync, regardless of whether the read...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43368

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more is populated with pages allocated from a folio, unsigned int .length attribute of a scatterlist may...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43382

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...

5.5AI score0.00095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43388

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43396

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly release the user fence reference to prevent a memory leak. cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43412

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43417

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork/CLONEVM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mmgetcid when scheduling in. It turned out that the logic which handles vfork'ed tasks is broken. It is invoked when th...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43422

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43423

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score0.00091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43438

In the Linux kernel, the following vulnerability has been resolved: schedext: Remove redundant cssput in scxcgroupinit The iterator cssforeachdescendantpre walks the cgroup hierarchy under cgrouplock. It does not increment the reference counts on yielded css structs. According to the cgroup...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.8AI score0.0009EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43465

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...

9.8CVSS5.9AI score0.00414EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS5.9AI score0.00157EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:47 a.m.•9 views

SUSE CVE-2025-38241

In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo always /sys/kernel/mm/transparenthugepage/hugepages-64kB/enabled swapon /dev/zram0 zram0 is a 48G swap...

5.5CVSS7.2AI score0.00094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:34 a.m.•9 views

SUSE CVE-2025-71299

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled done in commit f1eb4e792bb1 "spi: spi-cadence-quadspi: Enable pm runtime earlier to avoid imbalance"...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

8.1CVSS5.7AI score0.00549EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-43294

In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-43296

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between stick...

5.5CVSS5.8AI score0.00387EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-43313

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpiprocessorerratapiix4 In acpiprocessorerratapiix4, the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pcigetsubsys...,...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43357

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pmruntime error handling The return value of pmruntimegetsync is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43398

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpuuserqwaitioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough value...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43402

In the Linux kernel, the following vulnerability has been resolved: kthread: consolidate kthread exit paths to prevent use-after-free Guillaume reported crashes via corrupted RCU callback function pointers during KUnit testing. The crash was traced back to the pidfs rhashtable conversion which...

9.8CVSS5.8AI score0.00456EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43420

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inlink underrun during async unlink During async unlink, we drop the inlink counter before we receive the completion that will eventually update the inlink because "we assume that the unlink will succeed". That is not a...

5.8AI score0.00093EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:29 a.m.•9 views

SUSE CVE-2026-43466

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5eresettxqsqccpc resets dmafifocc to 0 but not dmafifopc, desyncing the DMA FIFO producer and consumer. After...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:17 p.m.•9 views

SUSE CVE-2026-7263

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/11 2:16 p.m.•9 views

SUSE CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.3CVSS5.8AI score0.00205EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43372

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If requestthreadedirq fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the kszptpirqsetup's error path only frees the mappings...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43409

In the Linux kernel, the following vulnerability has been resolved: kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe probes. BUG: unable to handle page fault for address: fffffbfff805000d...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43447

In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f "iavf: periodically cache PHC time" introduced a worker to cache PHC time, but failed to stop it during reset or disable. This creates a race condition where...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43453

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43456

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...

7.8CVSS5.7AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43474

In the Linux kernel, the following vulnerability has been resolved: fs: init flagsvalid before calling vfsfileattrget syzbot reported a uninit-value bug in 1. Similar to the "get" context where the kernel's internal filekattr structure is initialized before calling vfsfileattrget, we should use t...

5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/10 1:6 a.m.•9 views

SUSE CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

6.1CVSS5.9AI score0.00247EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:56 a.m.•9 views

SUSE CVE-2023-47268

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

5.3CVSS6.2AI score0.0072EPSS
Exploits4References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:48 a.m.•9 views

SUSE CVE-2025-71291

In the Linux kernel, the following vulnerability has been resolved: misc: bcmvk: Fix possible null-pointer dereferences in bcmvkread In the function bcmvkread, the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
Total number of security vulnerabilities5000