Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•18 views

SUSE CVE-2026-43291

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

8.3CVSS5.8AI score0.00269EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:23 a.m.•18 views

SUSE CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:21 a.m.•18 views

SUSE CVE-2026-31736

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkppe: avoid NULL deref when gmac0 is disabled If the gmac0 is disabled, the precheck for a valid ingress device will cause a NULL pointer deref and crash the system. This happens because eth-netdev0 will be NULL...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/07 2:21 a.m.•18 views

SUSE CVE-2026-31748

In the Linux kernel, the following vulnerability has been resolved: comedi: medaq: Fix potential overrun of firmware buffer me2600xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format. ...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:18 a.m.•18 views

SUSE CVE-2026-43105

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately with kzalloc in vc4savehangstate but never freed in vc4freehangstate. Add the missing kfree for the BO array before freeing the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:17 a.m.•18 views

SUSE CVE-2026-43120

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to reregusermr If IBMRREREGTRANS is set during reregusermr, the umem will be released and a new one will be allocated in irdmareregmrtrans. If any step of irdmareregmrtrans fails after the new...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/07 2:17 a.m.•18 views

SUSE CVE-2026-43218

In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9903: Fix potential memory leak in tw9903probe In one of the error paths in tw9903probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. Fix that by calling v4l2ctrlhandlerfree on the...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/07 2:16 a.m.•18 views

SUSE CVE-2026-44405

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...

3.4CVSS5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/05 1:45 a.m.•18 views

SUSE CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.3CVSS5.8AI score0.00201EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/25 1:43 a.m.•18 views

SUSE CVE-2026-6920

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/09 12:23 a.m.•18 views

SUSE CVE-2026-21869

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

9.8CVSS8.3AI score0.00438EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•18 views

SUSE CVE-2022-50825

In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fix fwnode refcount leak in wusb3801probe I got the following report while doing fault injection test: OF: ERROR: memory leak, expected refcount 1 instead of 4, ofnodeget/ofnodeput unbalanced - destroy cset...

5.5CVSS6.9AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2024/08/06 1:59 a.m.•18 views

SUSE CVE-2024-42161

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...

6.4CVSS6.5AI score0.0022EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2024/05/25 2:51 a.m.•18 views

SUSE CVE-2024-31510

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the cryptosignsignature parameter in the /pqcrystals-dilithium-standardml-dsa-44-ipdavx2/sign.c component...

9.8CVSS7.4AI score0.00618EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2023/02/15 6:21 a.m.•18 views

SUSE CVE-2002-1700

Cross-site scripting vulnerability XSS in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message...

4.3CVSS6.9AI score0.24274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 5:49 a.m.•18 views

SUSE CVE-2012-0192

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded 1 JPEG or 2 PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a...

9.3CVSS8AI score0.05203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2023/02/15 3:55 a.m.•18 views

SUSE CVE-2020-20445

FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service...

6.5CVSS7AI score0.01649EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/04 2:31 a.m.•17 views

SUSE CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/03 2:36 a.m.•17 views

SUSE CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

7.5CVSS7AI score0.00569EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/06/02 1:44 a.m.•17 views

SUSE CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

5.3CVSS6.1AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/02 1:42 a.m.•17 views

SUSE CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

7.5CVSS5.9AI score0.00248EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/31 1:35 a.m.•17 views

SUSE CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

6.1CVSS5.7AI score0.00263EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/05/30 2:26 a.m.•17 views

SUSE CVE-2024-43513

unknown...

6.4CVSS5.7AI score0.00631EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:19 a.m.•17 views

SUSE CVE-2026-9879

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:19 a.m.•17 views

SUSE CVE-2026-9885

Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:19 a.m.•17 views

SUSE CVE-2026-9891

Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...

9CVSS5.8AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•17 views

SUSE CVE-2026-9915

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•17 views

SUSE CVE-2026-9918

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:18 a.m.•17 views

SUSE CVE-2026-9923

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•17 views

SUSE CVE-2026-9931

Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•17 views

SUSE CVE-2026-9945

Use after free in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:17 a.m.•17 views

SUSE CVE-2026-9947

Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:15 a.m.•17 views

SUSE CVE-2026-10003

Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00221EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:15 a.m.•17 views

SUSE CVE-2026-10005

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00261EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:15 a.m.•17 views

SUSE CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00185EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:15 a.m.•17 views

SUSE CVE-2026-10020

Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00198EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:7 a.m.•17 views

SUSE CVE-2026-40510

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in pivprocesshistory in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longe...

3.8CVSS6AI score0.00216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:7 a.m.•17 views

SUSE CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/30 2:6 a.m.•17 views

SUSE CVE-2026-42534

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

5.9CVSS5.7AI score0.00519EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/30 2:6 a.m.•17 views

SUSE CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

5.9CVSS5.8AI score0.00339EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/29 1:27 a.m.•17 views

SUSE CVE-2025-34525

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/05/29 1:24 a.m.•17 views

SUSE CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS5.8AI score0.00406EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/05/29 1:23 a.m.•17 views

SUSE CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

7.5CVSS5.8AI score0.01387EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/29 1:22 a.m.•17 views

SUSE CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00515EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•17 views

SUSE CVE-2026-46134

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: Init mutex in Thunderbolt registration crostypecregisterthunderbolt missed initializing the adata-lock mutex. This leads to a NULL dereference when the mutex is later acquired e.g. in...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•17 views

SUSE CVE-2026-46139

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

4.3CVSS5.9AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•17 views

SUSE CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7CVSS5.9AI score0.00142EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•17 views

SUSE CVE-2026-46148

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:16 a.m.•17 views

SUSE CVE-2026-46161

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/29 1:15 a.m.•17 views

SUSE CVE-2026-46163

In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
Total number of security vulnerabilities5000