Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2023/02/15 3:54 a.m.•10 views

SUSE CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and...

4.2CVSS8.3AI score0.02592EPSS
Exploits2References33
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•10 views

SUSE CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

5.8CVSS6.8AI score0.17611EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•10 views

SUSE CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration...

6.5CVSS7AI score0.02923EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2023/02/15 3:53 a.m.•10 views

SUSE CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

4.3CVSS9AI score0.06487EPSS
Exploits0References32
SUSE CVE
SUSE CVE
•added 2023/02/15 3:51 a.m.•10 views

SUSE CVE-2020-29479

An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged...

8.8CVSS6.9AI score0.00304EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:51 a.m.•10 views

SUSE CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b...

7.4CVSS6.1AI score0.01129EPSS
Exploits2References37
SUSE CVE
SUSE CVE
•added 2023/02/15 3:48 a.m.•10 views

SUSE CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

4CVSS8.6AI score0.00308EPSS
Exploits0References34
SUSE CVE
SUSE CVE
•added 2023/02/15 3:47 a.m.•10 views

SUSE CVE-2021-4203

A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information...

5.8CVSS6.3AI score0.01747EPSS
Exploits1References22
SUSE CVE
SUSE CVE
•added 2023/02/15 3:46 a.m.•10 views

SUSE CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

2.9CVSS7.5AI score0.01777EPSS
Exploits1References8
SUSE CVE
SUSE CVE
•added 2023/02/15 3:43 a.m.•10 views

SUSE CVE-2021-29553

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

7.1CVSS7AI score0.00198EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:40 a.m.•10 views

SUSE CVE-2021-33909

fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05...

7.8CVSS8AI score0.09729EPSS
Exploits6References43
SUSE CVE
SUSE CVE
•added 2023/02/15 3:38 a.m.•10 views

SUSE CVE-2021-38199

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service hanging of mounts by arranging for those servers to be unreachable during trunking detection...

6.5CVSS6.3AI score0.01245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:36 a.m.•10 views

SUSE CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message...

9.8CVSS9.1AI score0.99999EPSS
Exploits351References23
SUSE CVE
SUSE CVE
•added 2023/02/15 3:35 a.m.•10 views

SUSE CVE-2021-46663

MariaDB through 10.5.13 allows a hamaria::extra application crash via certain SELECT statements...

7.5CVSS8.2AI score0.00403EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:35 a.m.•10 views

SUSE CVE-2021-46665

MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...

5.5CVSS8.2AI score0.004EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•10 views

SUSE CVE-2022-3435

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fibnhmatch of the file net/ipv4/fibsemantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to appl...

5.3CVSS6.7AI score0.03681EPSS
Exploits0References28
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•10 views

SUSE CVE-2022-3623

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function followpagepte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch...

4.7CVSS6.4AI score0.00748EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2023/02/15 3:31 a.m.•10 views

SUSE CVE-2022-3643

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network stack that packet...

6.3CVSS6.5AI score0.00463EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•10 views

SUSE CVE-2022-21313

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to...

2.9CVSS3.4AI score0.01592EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•10 views

SUSE CVE-2022-21489

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS5.8AI score0.78854EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:29 a.m.•10 views

SUSE CVE-2022-21505

In the linux kernel, if IMA appraisal is used with the "imaappraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "imaappraise=log" from the boot param when Secure Boot is enabled, but this does not cover case...

6.7CVSS6.9AI score0.002EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2023/02/15 3:27 a.m.•10 views

SUSE CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS8.3AI score0.00645EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2023/02/15 3:27 a.m.•10 views

SUSE CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

6.2CVSS7.2AI score0.01044EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2023/02/15 3:27 a.m.•10 views

SUSE CVE-2022-25265

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 e.g., with GCC 3.2.2 and Linux kernel 2.4.20. This can cause execution of bytes located in supposedly non-executable regions of a file...

7.8CVSS6.6AI score0.01054EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:26 a.m.•10 views

SUSE CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hidparse error condition...

5.1CVSS6.7AI score0.00381EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:26 a.m.•10 views

SUSE CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

7.5CVSS9.4AI score0.012EPSS
Exploits0References29
SUSE CVE
SUSE CVE
•added 2023/02/15 3:25 a.m.•10 views

SUSE CVE-2022-32091

MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

4.4CVSS8.4AI score0.02082EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2023/02/15 3:23 a.m.•10 views

SUSE CVE-2022-41850

roccatreportevent in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-value is in progress...

4CVSS6.6AI score0.00205EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2023/02/15 3:23 a.m.•10 views

SUSE CVE-2022-42896

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may allow code execution and leaking kernel memory respectively remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via...

6.8CVSS7.4AI score0.02014EPSS
Exploits0References23
SUSE CVE
SUSE CVE
•added 2023/02/15 3:22 a.m.•10 views

SUSE CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...

8.8CVSS7.4AI score0.21314EPSS
Exploits0References82
SUSE CVE
SUSE CVE
•added 2023/02/15 3:22 a.m.•10 views

SUSE CVE-2022-44032

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race condition between cmmopen and cm4000detach...

4.3CVSS7.8AI score0.00323EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 5 days ago•9 views

SUSE CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

7CVSS7.1AI score0.0022EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 6 days ago•9 views

SUSE CVE-2022-46294

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

7.8CVSS7.5AI score0.00863EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/06/30 1:50 a.m.•9 views

SUSE CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS6.6AI score0.00551EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:50 a.m.•9 views

SUSE CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS6AI score0.00477EPSS
Exploits3References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:49 a.m.•9 views

SUSE CVE-2026-13500

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS6.7AI score0.00311EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:42 a.m.•9 views

SUSE CVE-2026-53325

In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error propagation in agpamd64probe A NULL pointer dereference was observed in the AMD64 AGP driver when running in a virtualized environment e.g. qemu/kvm without a physical AMD northbridge. The crash occurs...

4.4CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/30 1:42 a.m.•9 views

SUSE CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53278

In the Linux kernel, the following vulnerability has been resolved: armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS6AI score0.00432EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53285

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DCRUNWITHPREEMPTIONENABLED Why dcn32validatebandwidth wraps dcn32internalvalidatebw with DCFPSTART/DCFPEND. In x86 non-RT, DCFPSTART takes fpregslock, which disables local...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53286

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliarydeviceadd fails in idpfplugvportauxdev or idpfplugcoreauxdev, the errauxdevadd label calls auxiliarydeviceuninit and falls through to errauxdevinit...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:9 a.m.•9 views

SUSE CVE-2026-53296

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:8 a.m.•9 views

SUSE CVE-2026-53303

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:8 a.m.•9 views

SUSE CVE-2026-53306

In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:8 a.m.•9 views

SUSE CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:8 a.m.•9 views

SUSE CVE-2026-53310

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix cross-fabric target timeout lookup When a fabric receives an error interrupt, the error may have occurred on a different fabric. The target timeout lookup was using the wrong base address cbb-regs with offsets...

5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/28 1:8 a.m.•9 views

SUSE CVE-2026-53316

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path. Reported by: Dan Carpenter...

5.8AI score0.001EPSS
Exploits0References3
Total number of security vulnerabilities5000