Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.9 views

SUSE CVE-2026-8576

Inappropriate implementation in CORS in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:14 a.m.9 views

SUSE CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 2:19 a.m.9 views

SUSE CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

7.5CVSS7AI score0.74EPSS
Exploits7References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.9 views

SUSE CVE-2026-28383

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.9 views

SUSE CVE-2026-33380

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

7.7CVSS6AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43478

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper to use in rt1011recvspkmodeput to retrieve the DAPM context is sndsoccomponenttodapm, from kcontrol we will receive NULL pointer...

5.7AI score0.001EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43479

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in netifnapidellocked on disconnect Remove redundant netifnapidel call from disconnect path. A WARN may be triggered in netifnapidellocked during USB device disconnect: WARNING: CPU: 0 PID: 11 at...

5.7AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43480

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

5.7AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43482

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

5.7AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43486

In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to detect no-ops. ptepget ORs AF/dirty from all sub-PTEs in the CONT...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43488

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhciirq function and causes...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43489

In the Linux kernel, the following vulnerability has been resolved: liveupdate: luofile: remember retrieve status LUO keeps track of successful retrieve attempts on a LUO file. It does so to avoid multiple retrievals of the same file. Multiple retrievals cause problems because once the file is...

5.6AI score0.00102EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/14 3:9 a.m.9 views

SUSE CVE-2023-4016

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap...

2.5CVSS6.4AI score0.00241EPSS
Exploits0References44
SUSE CVE
SUSE CVE
added 2026/05/13 4:7 p.m.9 views

SUSE CVE-2017-7499

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8933. Reason: This candidate is a reservation duplicate of CVE-2017-8933. Notes: All CVE users should reference CVE-2017-8933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

5.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:54 p.m.9 views

SUSE CVE-2017-100037

unknown...

5.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 2:53 p.m.9 views

SUSE CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

9.1CVSS5.8AI score0.00545EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 2:25 p.m.9 views

SUSE CVE-2026-8449

This CVE ID has been rejected or withdrawn...

5.7AI score0.00179EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/13 2:22 p.m.9 views

SUSE CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

7.5CVSS5.7AI score0.00126EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.9 views

SUSE CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.9 views

SUSE CVE-2026-43268

In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.9 views

SUSE CVE-2026-43297

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rga: Fix possible ERRPTR dereference in rgabufinit rgagetframe can return ERRPTR-EINVAL when buffer type is unsupported or invalid. rgabufinit does not check the return value and unconditionally dereferences the...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.9 views

SUSE CVE-2026-43301

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix PM runtime usage count underflow Replace pmruntimeputsync with pmruntimedontuseautosuspend in the remove path to properly pair with pmruntimeuseautosuspend from probe. This allows pmruntimedisable t...

5.7AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.9 views

SUSE CVE-2026-43307

In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than present in FIFO The interrupt handler reads FIFO entries in batches of N samples, where N is the number of scan elements that have been enabled. However, the sensor fills the...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.9 views

SUSE CVE-2026-43318

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...

5.9AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.9 views

SUSE CVE-2026-43337

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43367

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. cherry picked from commit...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43368

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more is populated with pages allocated from a folio, unsigned int .length attribute of a scatterlist may...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43371

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43382

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...

5.5AI score0.00095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43388

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43396

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly release the user fence reference to prevent a memory leak. cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43422

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.9 views

SUSE CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.9 views

SUSE CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.9 views

SUSE CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.8AI score0.0009EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.9 views

SUSE CVE-2026-43461

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in amlsfcdmabuffersetup error paths: 1. Unnecessary goto: When the first DMA mapping sfc-daddr fails, nothing needs cleanup. Use direct return instead of goto...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.9 views

SUSE CVE-2026-43465

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...

9.8CVSS5.9AI score0.00414EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.9 views

SUSE CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:47 a.m.9 views

SUSE CVE-2025-38241

In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo always /sys/kernel/mm/transparenthugepage/hugepages-64kB/enabled swapon /dev/zram0 zram0 is a 48G swap...

5.5CVSS7.2AI score0.00094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.9 views

SUSE CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

8.1CVSS5.7AI score0.00549EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.9 views

SUSE CVE-2026-43294

In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.9 views

SUSE CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.9 views

SUSE CVE-2026-43313

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpiprocessorerratapiix4 In acpiprocessorerratapiix4, the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pcigetsubsys...,...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.9 views

SUSE CVE-2026-43315

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Remove a user-triggerable WARN on nestedsvmloadcr3 succeeding Drop the WARN in svmsetnestedstate on nestedsvmloadcr3 failing as it is trivially easy to trigger from userspace by modifying CPUID after loading CR3. E.g...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.9 views

SUSE CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.9 views

SUSE CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.9 views

SUSE CVE-2026-43357

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pmruntime error handling The return value of pmruntimegetsync is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:16 p.m.9 views

SUSE CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.3CVSS5.8AI score0.00205EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:15 p.m.9 views

SUSE CVE-2026-33441

This CVE is a duplicate of another CVE: CVE-2026-33079...

7.5CVSS5.8AI score
Exploits0References3
Total number of security vulnerabilities5000