Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•9 views

SUSE CVE-2022-50821

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gssreadproxyverf fails...

5.5CVSS6.5AI score0.00215EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•9 views

SUSE CVE-2022-50835

In the Linux kernel, the following vulnerability has been resolved: jbd2: add miss release buffer head in fcdoonepass In fcdoonepass miss release buffer head after use which will lead to reference count leak...

5.5CVSS6.8AI score0.00201EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•9 views

SUSE CVE-2022-50840

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snictgtcreate Smatch reports a warning as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warn: '&tgt-list' not removed from list If deviceadd fails in snictgtcreate, tgt will be freed, but...

5.5CVSS6.5AI score0.00239EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•9 views

SUSE CVE-2022-50849

In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmaping with VMIOREMAP An oops can be induced by running 'cat /proc/kcore /dev/null' on devices using pstore with the ram backend because kmapatomic assumes lowmem pages are accessible with va. Unable ...

5.5CVSS6.4AI score0.00195EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50867

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

5.5CVSS6.4AI score0.00156EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50885

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50887

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulatordevlookup I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, ofnodeget/ofnodeput unbalanced - destroy cset entry: attach overlay...

5.5CVSS6.5AI score0.00199EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50889

In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dmintegritydtr Dmintegrity also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in dmintegritydtr...

6.4CVSS6.5AI score0.00176EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/31 12:28 a.m.•9 views

SUSE CVE-2023-54199

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Fix null ptr access in adrenogpucleanup Fix the below kernel panic due to null pointer access: 18.504431 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 18.513464 Mem abort inf...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/31 12:27 a.m.•9 views

SUSE CVE-2023-54236

In the Linux kernel, the following vulnerability has been resolved: net/netfailover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary devic...

6.1CVSS6.5AI score0.0018EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:26 a.m.•9 views

SUSE CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

6.6CVSS6.5AI score0.00167EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/30 12:30 a.m.•9 views

SUSE CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS8.2AI score0.00332EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/12/30 12:23 a.m.•9 views

SUSE CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS7AI score0.00104EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/25 1:5 a.m.•9 views

SUSE CVE-2022-50702

In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix possible memory leak in vdpasimnetinit and vdpasimblkinit Inject fault while probing module, if deviceregister fails in vdpasimnetinit or vdpasimblkinit, but the refcount of kobject is not decreased to 0, the name...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/25 1:5 a.m.•9 views

SUSE CVE-2022-50707

In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtiocryptoalgskcipherclosesession 'vcctrlreq' is alloced in virtiocryptoalgskcipherclosesession, and should be freed in the invalid ctrlstatus-status error handling case. Otherwise there is a...

6.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•9 views

SUSE CVE-2022-50728

In the Linux kernel, the following vulnerability has been resolved: s390/lcs: Fix return type of lcsstartxmit With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid ...

5.5CVSS6.5AI score0.00239EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•9 views

SUSE CVE-2022-50737

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

6.4AI score0.002EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•9 views

SUSE CVE-2022-50750

In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure In case mipidsiattach fails, call drmpanelremove to avoid memory leak...

3.3CVSS6.6AI score0.00211EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•9 views

SUSE CVE-2022-50755

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 ... Call Trace: invalidatebhlru+0x99/0x150...

5.1CVSS6.5AI score0.00239EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/25 1:3 a.m.•9 views

SUSE CVE-2022-50764

In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEVSTATSINC to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev-stats.txerror concurrently. This is because sit tunnels are NETIFFLLTX, meaning their ndostartxmit is not protected by a...

6.5AI score0.00209EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/25 12:57 a.m.•9 views

SUSE CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

5.5CVSS6.4AI score0.00164EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/25 12:57 a.m.•9 views

SUSE CVE-2023-54041

In the Linux kernel, the following vulnerability has been resolved: iouring: fix memory leak when removing provided buffers When removing provided buffers, iobuffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in...

5.5CVSS6.4AI score0.00162EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/12/25 12:54 a.m.•9 views

SUSE CVE-2023-54146

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 "x86/kexec: fix memory leak of elf header buffer", freeing image-elfheaders in the error path of crashloadsegments is not needed because kimagefilepostloadcleanup...

6.3CVSS6.4AI score0.00168EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/25 12:27 a.m.•9 views

SUSE CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.5AI score0.00396EPSS
Exploits0References44
SUSE CVE
SUSE CVE
•added 2025/12/21 12:23 a.m.•9 views

SUSE CVE-2025-68284

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

7.3CVSS6.6AI score0.00173EPSS
Exploits0References104
SUSE CVE
SUSE CVE
•added 2025/12/20 12:25 a.m.•9 views

SUSE CVE-2025-68297

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in processv2sparseread for encrypted directories The crash in processv2sparseread for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be reproduced...

5.5CVSS6.4AI score0.00176EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/19 12:24 a.m.•9 views

SUSE CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

6.1CVSS6.6AI score0.19769EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•9 views

SUSE CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

4.9CVSS6.8AI score0.00862EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•9 views

SUSE CVE-2017-18902

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

5.3CVSS7AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•9 views

SUSE CVE-2025-40363

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6output and ah6outputdone where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about...

2.5CVSS6.8AI score0.00177EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•9 views

SUSE CVE-2025-14326

Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

6.5CVSS7.3AI score0.00394EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•9 views

SUSE CVE-2025-14332

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

8.8CVSS7.2AI score0.00265EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•9 views

SUSE CVE-2022-50631

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 size 9588: comm "kexec", pid 146, jiffies 4294900634 age 64.788s hex dump first 32 bytes: d0 0d fe ed 00 0...

6.6AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•9 views

SUSE CVE-2022-50634

In the Linux kernel, the following vulnerability has been resolved: power: supply: cw2015: Fix potential null-ptr-deref in cwbatprobe cwbatprobe calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: cwbatprobe...

6.5AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•9 views

SUSE CVE-2022-50642

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: zero out stale pointers crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in...

7.8CVSS6.7AI score0.00168EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50654

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im-image In the scenario where livepatch and kretfunc coexist, the pageattr of im-image is rox after archpreparebpftrampoline in bpftrampolineupdate, and then modifyfentry or registerfentry...

6.5AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50672

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has two issues: 1. The name allocated by devsetname is leaked. 2. The parent of device is not NULL, deviceunregister is called in...

5.5CVSS6.4AI score0.00206EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50673

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in listaddvalid+0x28/0x1a0 Read of size 8 at addr...

7CVSS6.5AI score0.00211EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50675

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 "arm64: mte: Sync tags for pages where PTE is untagged", mtesynctags was only called for ptetagged entries those mapped with PROTMT...

5.5CVSS6.4AI score0.00203EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/10 12:34 a.m.•9 views

SUSE CVE-2023-53845

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfsmdtgetblock If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfsbmaplookupatlevel may return the same...

5.3CVSS6.7AI score0.00217EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/05 12:24 a.m.•9 views

SUSE CVE-2025-66293

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...

7.1CVSS6.8AI score0.00299EPSS
Exploits2References16
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•9 views

SUSE CVE-2025-40212

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsdsetfhdentry nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the MOUNT protocol ...

7CVSS6.5AI score0.00161EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2025/11/14 12:23 a.m.•9 views

SUSE CVE-2025-40194

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...

4.7CVSS6.5AI score0.00175EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•9 views

SUSE CVE-2025-40140

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...

3.3CVSS6.5AI score0.00188EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•9 views

SUSE CVE-2025-64433

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

6.5CVSS6.7AI score0.00475EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/09 12:33 a.m.•9 views

SUSE CVE-2025-27093

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS7AI score0.00217EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/10/29 12:25 a.m.•9 views

SUSE CVE-2025-40044

In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images may set...

6.3CVSS6.4AI score0.00207EPSS
Exploits0References28
SUSE CVE
SUSE CVE
•added 2025/10/28 12:42 a.m.•9 views

SUSE CVE-2025-12199

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and...

7.1AI score0.00012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/10/16 11:24 p.m.•9 views

SUSE CVE-2025-39967

In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcondosetfont Fix integer overflow vulnerabilities in fbcondosetfont where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1...

6.1CVSS7.1AI score0.00156EPSS
Exploits0References26
SUSE CVE
SUSE CVE
•added 2025/10/01 11:31 p.m.•9 views

SUSE CVE-2023-53452

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napiinit and napienable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then...

4.4CVSS6.3AI score0.00104EPSS
Exploits0References7
Total number of security vulnerabilities5000