Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
•added 2026/01/09 12:35 a.m.•9 views

SUSE CVE-2024-53866

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data including on first...

9.8CVSS7.9AI score0.00942EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/07 12:25 a.m.•9 views

SUSE CVE-2025-15271

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS8.8AI score0.00581EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/06 12:28 a.m.•9 views

SUSE CVE-2025-13888

A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources CRs that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged...

9.1CVSS6.7AI score0.0063EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:27 a.m.•9 views

SUSE CVE-2025-34410

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the Change Username functionality available from the settings panel /settings/panel. The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can...

7.1CVSS6.8AI score0.00128EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:27 a.m.•9 views

SUSE CVE-2025-34429

1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...

7.1CVSS7.1AI score0.00144EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:25 a.m.•9 views

SUSE CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

5.4CVSS6.9AI score0.00151EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/06 12:23 a.m.•9 views

SUSE CVE-2025-68938

Gitea before 1.25.2 mishandles authorization for deletion of releases...

5.3CVSS7AI score0.00349EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•9 views

SUSE CVE-2022-50821

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Don't leak netobj memory when gssreadproxyverf fails...

5.5CVSS6.5AI score0.00215EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•9 views

SUSE CVE-2022-50835

In the Linux kernel, the following vulnerability has been resolved: jbd2: add miss release buffer head in fcdoonepass In fcdoonepass miss release buffer head after use which will lead to reference count leak...

5.5CVSS6.8AI score0.00201EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/31 12:31 a.m.•9 views

SUSE CVE-2022-50840

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snictgtcreate Smatch reports a warning as follows: drivers/scsi/snic/snicdisc.c:307 snictgtcreate warn: '&tgt-list' not removed from list If deviceadd fails in snictgtcreate, tgt will be freed, but...

5.5CVSS6.5AI score0.00239EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50867

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

5.5CVSS6.4AI score0.00156EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50885

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50887

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix unbalanced of node refcount in regulatordevlookup I got the the following report: OF: ERROR: memory leak, expected refcount 1 instead of 2, ofnodeget/ofnodeput unbalanced - destroy cset entry: attach overlay...

5.5CVSS6.5AI score0.00199EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/31 12:30 a.m.•9 views

SUSE CVE-2022-50889

In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dmintegritydtr Dmintegrity also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in dmintegritydtr...

6.4CVSS6.5AI score0.00176EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/31 12:28 a.m.•9 views

SUSE CVE-2023-54199

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Fix null ptr access in adrenogpucleanup Fix the below kernel panic due to null pointer access: 18.504431 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 18.513464 Mem abort inf...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/31 12:28 a.m.•9 views

SUSE CVE-2023-54211

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix warning in tracebufferedeventdisable Warning happened in tracebufferedeventdisable at WARNONONCE!tracebufferedeventref Call Trace: ? warn+0xa5/0x1b0 ? tracebufferedeventdisable+0x189/0x1b0...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2025/12/31 12:25 a.m.•9 views

SUSE CVE-2023-54320

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fix memory leak in amdpmcstbdebugfsopenv2 Function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism enabled. When amdpmcsendcmd fails, the 'buf' needs to be released...

4.7CVSS6.5AI score0.00159EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/12/30 12:30 a.m.•9 views

SUSE CVE-2018-25154

GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...

9.8CVSS8.2AI score0.00332EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/12/30 12:23 a.m.•9 views

SUSE CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS7AI score0.00104EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/25 1:5 a.m.•9 views

SUSE CVE-2022-50702

In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix possible memory leak in vdpasimnetinit and vdpasimblkinit Inject fault while probing module, if deviceregister fails in vdpasimnetinit or vdpasimblkinit, but the refcount of kobject is not decreased to 0, the name...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/25 1:5 a.m.•9 views

SUSE CVE-2022-50707

In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtiocryptoalgskcipherclosesession 'vcctrlreq' is alloced in virtiocryptoalgskcipherclosesession, and should be freed in the invalid ctrlstatus-status error handling case. Otherwise there is a...

6.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•9 views

SUSE CVE-2022-50728

In the Linux kernel, the following vulnerability has been resolved: s390/lcs: Fix return type of lcsstartxmit With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid ...

5.5CVSS6.5AI score0.00239EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•9 views

SUSE CVE-2022-50737

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

6.4AI score0.002EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/25 1:4 a.m.•9 views

SUSE CVE-2022-50755

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 ... Call Trace: invalidatebhlru+0x99/0x150...

5.1CVSS6.5AI score0.00239EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/25 1:3 a.m.•9 views

SUSE CVE-2022-50764

In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEVSTATSINC to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev-stats.txerror concurrently. This is because sit tunnels are NETIFFLLTX, meaning their ndostartxmit is not protected by a...

6.5AI score0.00209EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/25 12:57 a.m.•9 views

SUSE CVE-2023-54020

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: pdmadesc memory leak fix Commit b2cc5c465c2c "dmaengine: sf-pdma: Add multithread support for a DMA channel" changed sfpdmaprepdmamemcpy to unconditionally allocate a new sfpdmadesc each time it is called. The...

5.5CVSS6.4AI score0.00164EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/25 12:57 a.m.•9 views

SUSE CVE-2023-54041

In the Linux kernel, the following vulnerability has been resolved: iouring: fix memory leak when removing provided buffers When removing provided buffers, iobuffer structs are not being disposed of, leading to a memory leak. They can't be freed individually, because they are allocated in...

5.5CVSS6.4AI score0.00162EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/12/25 12:54 a.m.•9 views

SUSE CVE-2023-54146

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 "x86/kexec: fix memory leak of elf header buffer", freeing image-elfheaders in the error path of crashloadsegments is not needed because kimagefilepostloadcleanup...

6.3CVSS6.4AI score0.00168EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/25 12:27 a.m.•9 views

SUSE CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.5AI score0.00396EPSS
Exploits0References44
SUSE CVE
SUSE CVE
•added 2025/12/21 12:23 a.m.•9 views

SUSE CVE-2025-68284

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

7.3CVSS6.6AI score0.00173EPSS
Exploits0References104
SUSE CVE
SUSE CVE
•added 2025/12/19 12:24 a.m.•9 views

SUSE CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

6.1CVSS6.6AI score0.19769EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•9 views

SUSE CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

4.9CVSS6.8AI score0.00862EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•9 views

SUSE CVE-2017-18902

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

5.3CVSS7AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•9 views

SUSE CVE-2025-40363

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6output and ah6outputdone where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about...

2.5CVSS6.8AI score0.00177EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•9 views

SUSE CVE-2025-14332

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

8.8CVSS7.2AI score0.00265EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•9 views

SUSE CVE-2022-50631

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 size 9588: comm "kexec", pid 146, jiffies 4294900634 age 64.788s hex dump first 32 bytes: d0 0d fe ed 00 0...

6.6AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•9 views

SUSE CVE-2022-50642

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: zero out stale pointers crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in...

7.8CVSS6.7AI score0.00168EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50655

In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e, &0x7f00000000c0...

6.5AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50672

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has two issues: 1. The name allocated by devsetname is leaked. 2. The parent of device is not NULL, deviceunregister is called in...

5.5CVSS6.4AI score0.00206EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50673

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in listaddvalid+0x28/0x1a0 Read of size 8 at addr...

7CVSS6.5AI score0.00211EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50675

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags cleared or restored Prior to commit 69e3b846d8a7 "arm64: mte: Sync tags for pages where PTE is untagged", mtesynctags was only called for ptetagged entries those mapped with PROTMT...

5.5CVSS6.4AI score0.00203EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/10 12:34 a.m.•9 views

SUSE CVE-2023-53845

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix infinite loop in nilfsmdtgetblock If the disk image that nilfs2 mounts is corrupted and a virtual block address obtained by block lookup for a metadata file is invalid, nilfsbmaplookupatlevel may return the same...

5.3CVSS6.7AI score0.00217EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/14 12:23 a.m.•9 views

SUSE CVE-2025-40194

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...

4.7CVSS6.5AI score0.00175EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•9 views

SUSE CVE-2025-40140

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...

3.3CVSS6.5AI score0.00188EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/09 12:33 a.m.•9 views

SUSE CVE-2025-27093

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS7AI score0.00217EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/10/29 12:25 a.m.•9 views

SUSE CVE-2025-40044

In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images may set...

6.3CVSS6.4AI score0.00207EPSS
Exploits0References28
SUSE CVE
SUSE CVE
•added 2025/10/28 12:42 a.m.•9 views

SUSE CVE-2025-12199

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and...

7.1AI score0.00012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/10/01 11:31 p.m.•9 views

SUSE CVE-2023-53452

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napiinit and napienable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then...

4.4CVSS6.3AI score0.00104EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/10/01 11:22 p.m.•9 views

SUSE CVE-2025-39923

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-power...

6.1CVSS6.2AI score0.0014EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2025/09/19 11:34 p.m.•9 views

SUSE CVE-2023-53394

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix crash on regular rq reactivation When the regular rq is reactivated after the XSK socket is closed it could be reading stale cqes which eventually corrupts the rq. This leads to no more traffic being received ...

5.5CVSS6.6AI score0.00119EPSS
Exploits0References15
Total number of security vulnerabilities5000