Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43367

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. cherry picked from commit...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43368

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more is populated with pages allocated from a folio, unsigned int .length attribute of a scatterlist may...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43371

In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time to recover after a suspend. Upon investigation, it was determined that...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43382

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...

5.5AI score0.00095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43388

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43396

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly release the user fence reference to prevent a memory leak. cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43422

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.2AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:34 a.m.•9 views

SUSE CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43446

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pmruntimeresumeandget, it can...

5.8AI score0.0009EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43461

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: Fix DMA mapping error handling Fix three bugs in amlsfcdmabuffersetup error paths: 1. Unnecessary goto: When the first DMA mapping sfc-daddr fails, nothing needs cleanup. Use direct return instead of goto...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-43465

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...

9.8CVSS5.9AI score0.00414EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/13 3:33 a.m.•9 views

SUSE CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:47 a.m.•9 views

SUSE CVE-2025-38241

In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo always /sys/kernel/mm/transparenthugepage/hugepages-64kB/enabled swapon /dev/zram0 zram0 is a 48G swap...

5.5CVSS7.2AI score0.00094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

8.1CVSS5.7AI score0.00549EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-43294

In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:31 a.m.•9 views

SUSE CVE-2026-43313

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: Fix NULL-pointer dereference in acpiprocessorerratapiix4 In acpiprocessorerratapiix4, the pointer dev is first assigned an IDE device and then reassigned an ISA device: dev = pcigetsubsys...,...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43315

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Remove a user-triggerable WARN on nestedsvmloadcr3 succeeding Drop the WARN in svmsetnestedstate on nestedsvmloadcr3 failing as it is trivially easy to trigger from userspace by modifying CPUID after loading CR3. E.g...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43316

In the Linux kernel, the following vulnerability has been resolved: media: solo6x10: Check for out of bounds chipid Clang with CONFIGUBSANSHIFT=y noticed a condition where a signed type literal "1" is an "int" could end up being shifted beyond 32 bits, so instrumentation was added and due to the...

5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/12 3:30 a.m.•9 views

SUSE CVE-2026-43357

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pmruntime error handling The return value of pmruntimegetsync is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented...

5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:16 p.m.•9 views

SUSE CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.3CVSS5.8AI score0.00205EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:15 p.m.•9 views

SUSE CVE-2026-33441

This CVE is a duplicate of another CVE: CVE-2026-33079...

7.5CVSS5.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:14 p.m.•9 views

SUSE CVE-2026-43300

In the Linux kernel, the following vulnerability has been resolved: drm/panel: Fix a possible null-pointer dereference in jdipaneldsiremove In jdipaneldsiremove, jdi is explicitly checked, indicating that it may be NULL: if !jdi mipidsidetachdsi; However, when jdi is NULL, the function does not...

5.7AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43409

In the Linux kernel, the following vulnerability has been resolved: kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe probes. BUG: unable to handle page fault for address: fffffbfff805000d...

5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/11 2:13 p.m.•9 views

SUSE CVE-2026-43474

In the Linux kernel, the following vulnerability has been resolved: fs: init flagsvalid before calling vfsfileattrget syzbot reported a uninit-value bug in 1. Similar to the "get" context where the kernel's internal filekattr structure is initialized before calling vfsfileattrget, we should use t...

5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/10 1:6 a.m.•9 views

SUSE CVE-2026-42030

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

6.1CVSS5.9AI score0.00247EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:56 a.m.•9 views

SUSE CVE-2023-47268

In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported...

5.3CVSS6.2AI score0.0072EPSS
Exploits4References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:48 a.m.•9 views

SUSE CVE-2025-71291

In the Linux kernel, the following vulnerability has been resolved: misc: bcmvk: Fix possible null-pointer dereferences in bcmvkread In the function bcmvkread, the pointer entry is checked, indicating that it can be NULL. If entry is NULL and rc is set to -EMSGSIZE, the following code may cause...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:46 a.m.•9 views

SUSE CVE-2026-8087

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

7.8CVSS5.8AI score0.00223EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:43 a.m.•9 views

SUSE CVE-2026-36365

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...

7.8CVSS6.2AI score0.00137EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:43 a.m.•9 views

SUSE CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS5.9AI score0.0017EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/05/09 2:43 a.m.•9 views

SUSE CVE-2026-40883

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because...

8.1CVSS5.8AI score0.00143EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:43 a.m.•9 views

SUSE CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.5AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•9 views

SUSE CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

5.5CVSS6.1AI score0.00426EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•9 views

SUSE CVE-2026-43132

In the Linux kernel, the following vulnerability has been resolved: dm-verity: correctly handle dmbufioclientcreate failure If either of the calls to dmbufioclientcreate in verityfecctr fails, then dmbufioclientdestroy is later called with an ERRPTR argument. That causes a crash. Fix this...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•9 views

SUSE CVE-2026-43133

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...

7.9CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:42 a.m.•9 views

SUSE CVE-2026-43143

In the Linux kernel, the following vulnerability has been resolved: mfd: core: Add locking around 'mfdofnodelist' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfdofnodelist' to prevent possible crashes...

5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•9 views

SUSE CVE-2026-43183

In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix a resource leak in cx25821devsetup Add releasememregion if ioremap fails to release the memory region obtained by cx25821getresources...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•9 views

SUSE CVE-2026-43187

In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 "xfs: fix attr leaf header freemap.size underflow", Brian Foster observed that it's possible for a small freemap at the end of the end of the xattr...

6.3CVSS5.7AI score0.00469EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•9 views

SUSE CVE-2026-43188

In the Linux kernel, the following vulnerability has been resolved: ceph: do not propagate page array emplacement errors as batch errors When fscrypt is enabled, movedirtyfolioinpagearray may fail because it needs to allocate bounce buffers to store the encrypted versions of each folio. Each foli...

5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•9 views

SUSE CVE-2026-43189

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-async: Fix error handling on steps after finding a match Once an async connection is found to be matching with an fwnode, a sub-device may be registered in case it wasn't already, its bound operation is called,...

5.7AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:41 a.m.•9 views

SUSE CVE-2026-43200

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pciprimary/secondaryepcepfunlink functions struct configfsitemoperations callbacks are defined like the following: int allowlinkstruct configitem src, struct configitem target; void...

5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•9 views

SUSE CVE-2026-43219

In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Fix potential unregister of netdev that has not been registered yet If an error occurs during registernetdev for the first MAC in cpswregisterports, even though cpsw-slaves0.ndev is set to NULL, cpsw-slaves1.ndev...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•9 views

SUSE CVE-2026-43228

In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUGON with error handling for CNID count checks In a06ec283e125 nextid, foldercount, and filecount in the super block info were expanded to 64 bits, and BUGONs were added to detect overflow. This triggered an error...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•9 views

SUSE CVE-2026-43231

In the Linux kernel, the following vulnerability has been resolved: media: radio-keene: fix memory leak in error path Fix a memory leak in usbkeeneprobe. The v4l2 control handler is initialized and controls are added, but if v4l2deviceregister or videoregisterdevice fails afterward, the handler w...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/05/09 2:40 a.m.•9 views

SUSE CVE-2026-43236

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drmcrtccommit after release The atmelhlcdcplaneatomicduplicatestate callback was copying the atmelhlcdcplane state structure without properly duplicating the drmplanestate. In particular,...

7.8CVSS5.7AI score0.00135EPSS
Exploits0References3
Total number of security vulnerabilities5000