Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2024/03/01 4:7 a.m.•10 views

SUSE CVE-2021-47024

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b "vsock/virtio: free packets during the socket...

4.7CVSS6.2AI score0.0025EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/03/01 4:7 a.m.•10 views

SUSE CVE-2021-47026

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "removepath" that eventually calls rtrscltremovepathfromsysfs function. The current...

4.4CVSS7.8AI score0.00238EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2024/02/29 3:56 a.m.•10 views

SUSE CVE-2021-46943

In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...

5.5CVSS8AI score0.00234EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2024/02/28 3:42 a.m.•10 views

SUSE CVE-2023-52470

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the allocworkqueue return value in radeoncrtcinit check the allocworkqueue return value in radeoncrtcinit to avoid null-ptr-deref...

5.5CVSS6.4AI score0.0029EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2024/02/27 3:56 a.m.•10 views

SUSE CVE-2023-52462

In the Linux kernel, the following vulnerability has been resolved: bpf: fix check for attempt to corrupt spilled pointer When register is spilled onto a stack as a 1/2/4-byte register, we set slottypeBPFREGSIZE - 1 plus potentially few more below it, depending on actual spill size. So to check i...

4.4CVSS6.3AI score0.00226EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2024/02/24 3:17 a.m.•10 views

SUSE CVE-2023-52443

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpackprofile described like "profile :ns::samba-dcerpcd /usr/lib/samba/,samba/samba-dcerpcd ..." a string ":samba-dcerpcd" is unpacked a...

5.5CVSS6.2AI score0.0024EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2024/02/23 3:20 a.m.•10 views

SUSE CVE-2024-26584

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...

7.8CVSS6.3AI score0.00246EPSS
Exploits0References32
SUSE CVE
SUSE CVE
•added 2024/02/13 3:51 a.m.•10 views

SUSE CVE-2023-52429

dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2024/02/01 12:16 a.m.•10 views

SUSE CVE-2024-1060

Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00881EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2024/01/31 2:54 a.m.•10 views

SUSE CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

5.3CVSS8.5AI score0.0102EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2024/01/25 2:47 a.m.•10 views

SUSE CVE-2024-23851

copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...

4.4CVSS6.7AI score0.00296EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/11/30 2:6 a.m.•10 views

SUSE CVE-2023-6350

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...

8.8CVSS7.1AI score0.01118EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2023/10/31 2:26 a.m.•10 views

SUSE CVE-2021-20325

Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be...

9.8CVSS8.7AI score0.01569EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2023/10/31 2:25 a.m.•10 views

SUSE CVE-2021-35622

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS5.6AI score0.01294EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2023/10/11 1:47 a.m.•10 views

SUSE CVE-2023-5478

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS8.5AI score0.00766EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/09/16 2:5 a.m.•10 views

SUSE CVE-2023-4902

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS8.5AI score0.00663EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/09/07 2:35 a.m.•10 views

SUSE CVE-2023-4764

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

6.5CVSS8.4AI score0.01044EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/08/18 2:12 a.m.•10 views

SUSE CVE-2023-4387

A use-after-free flaw was found in vmxnet3rqallocrxbuf in drivers/net/vmxnet3/vmxnet3drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3rqcleanupall, which could also lead to ...

6.6CVSS6AI score0.00245EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2023/08/16 2:21 a.m.•10 views

SUSE CVE-2023-4349

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00829EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/08/05 2:2 a.m.•10 views

SUSE CVE-2023-4134

A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...

4.1CVSS6.2AI score0.00188EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2023/08/04 2:5 a.m.•10 views

SUSE CVE-2023-4069

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9AI score0.24116EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/08/04 2:5 a.m.•10 views

SUSE CVE-2023-4075

Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.01219EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/07/25 2:19 a.m.•10 views

SUSE CVE-2023-3609

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...

7CVSS6.6AI score0.00458EPSS
Exploits1References47
SUSE CVE
SUSE CVE
•added 2023/06/23 1:45 a.m.•10 views

SUSE CVE-2023-3357

A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system...

4.7CVSS6.2AI score0.00195EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2023/06/10 2:55 a.m.•10 views

SUSE CVE-2023-3161

A flaw was found in the Framebuffer Console fbcon in the Linux Kernel. When providing font-width and font-height greater than 32 to fbconsetfont, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service...

5.5CVSS6.5AI score0.00206EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/06/09 2:32 a.m.•10 views

SUSE CVE-2023-3141

A use-after-free flaw was found in r592remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak...

6.1CVSS6.1AI score0.00437EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/05/09 2:3 a.m.•10 views

SUSE CVE-2023-32269

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free because accept is also allowed for a successfully connected AFNETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the...

5.9CVSS6.7AI score0.0027EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2023/04/20 2:6 a.m.•10 views

SUSE CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS9.3AI score0.05786EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/04/05 1:49 a.m.•10 views

SUSE CVE-2023-1812

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.7AI score0.00935EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/04/05 1:49 a.m.•10 views

SUSE CVE-2023-1820

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS9.3AI score0.00975EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/03/29 1:53 a.m.•10 views

SUSE CVE-2023-28859

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. This could, for example, happen for a non-pipeline operation. NOTE: the solutions for CVE-2023-288...

4.3CVSS9.2AI score0.01034EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/02/15 6:21 a.m.•10 views

SUSE CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

5CVSS7AI score0.10872EPSS
Exploits7References10
SUSE CVE
SUSE CVE
•added 2023/02/15 6:17 a.m.•10 views

SUSE CVE-2005-2706

Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla...

6.4CVSS7.2AI score0.02763EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2023/02/15 6:16 a.m.•10 views

SUSE CVE-2005-3905

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.115 and earlier, 1.4.208 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a differen...

7.5CVSS7.5AI score0.05168EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 6:11 a.m.•10 views

SUSE CVE-2007-3779

PHP local file inclusion vulnerability in gpgpopinit.php in the G/PGP GPG Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter...

4.3CVSS7.3AI score0.01192EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 6:6 a.m.•10 views

SUSE CVE-2008-4482

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service stack consumption and crash via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file...

7.8CVSS6.8AI score0.04183EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•10 views

SUSE CVE-2010-0838

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Orac...

7.5CVSS8.5AI score0.149EPSS
Exploits9References12
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•10 views

SUSE CVE-2010-0839

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

7.5CVSS8.2AI score0.03538EPSS
Exploits4References12
SUSE CVE
SUSE CVE
•added 2023/02/15 6:0 a.m.•10 views

SUSE CVE-2010-0842

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

7.5CVSS8.4AI score0.77721EPSS
Exploits9References12
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•10 views

SUSE CVE-2010-3362

lastfm 1.5.4 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

6.9CVSS6.9AI score0.00436EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•10 views

SUSE CVE-2010-3366

MnFit 5.13 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

6.9CVSS7.1AI score0.00386EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:57 a.m.•10 views

SUSE CVE-2010-3372

Untrusted search path vulnerability in NorduGrid Advanced Resource Connector ARC before 0.8.3 allows local users to gain privileges via vectors related to the LDLIBRARYPATH environment variable. NOTE: some of these details are obtained from third party information...

6.9CVSS7.1AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:53 a.m.•10 views

SUSE CVE-2011-1938

Stack-based buffer overflow in the socketconnect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket...

7.5CVSS8.2AI score0.22724EPSS
Exploits13References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:51 a.m.•10 views

SUSE CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS8.8AI score0.98945EPSS
Exploits17References20
SUSE CVE
SUSE CVE
•added 2023/02/15 5:50 a.m.•10 views

SUSE CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

4.4CVSS9.2AI score0.04716EPSS
Exploits4References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:50 a.m.•10 views

SUSE CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS6.9AI score0.52531EPSS
Exploits2References4
SUSE CVE
SUSE CVE
•added 2023/02/15 5:46 a.m.•10 views

SUSE CVE-2012-3174

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the...

10CVSS7.2AI score0.04577EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 5:42 a.m.•10 views

SUSE CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

10CVSS8.3AI score0.97612EPSS
Exploits38References17
SUSE CVE
SUSE CVE
•added 2023/02/15 5:40 a.m.•10 views

SUSE CVE-2013-1808

Cross-site scripting XSS vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is...

4.3CVSS5.9AI score0.06316EPSS
Exploits4References5
SUSE CVE
SUSE CVE
•added 2023/02/15 5:38 a.m.•10 views

SUSE CVE-2013-2423

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...

4.3CVSS6.7AI score0.85333EPSS
Exploits6References4
Total number of security vulnerabilities5000