Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2026/05/07 2:18 a.m.9 views

SUSE CVE-2026-43097

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double idafree in hvpciprobe error path If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr, however, during cleanup, the...

5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:18 a.m.9 views

SUSE CVE-2026-43104

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43134

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAPLECONNREQ This adds a check for encryption key size upon receiving L2CAPLECONNREQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAPCRLEBADKEYSIZE...

5.8AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43136

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidppgetreportlength Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be...

5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43146

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...

5.9AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43151

In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stopstreaming when the instance was in IRISINSTERROR, as it caused multiple...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43155

In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and ...

5.7AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43156

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43162

In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in tegrachanneltryformat The state object allocated by v4l2subdevstatealloc must be freed with v4l2subdevstatefree when it is no longer needed. In tegrachanneltryformat, two error paths return...

5.7AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43177

In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...

5.7AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43178

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43194

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

5.8AI score0.00533EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43203

In the Linux kernel, the following vulnerability has been resolved: atm: fore200e: fix use-after-free in tasklets during device removal When the PCA-200E or SBA-200E adapter is being detached, the fore200e is deallocated. However, the txtasklet or rxtasklet may still be running or pending, leadin...

7.5CVSS5.7AI score0.00435EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/07 2:17 a.m.9 views

SUSE CVE-2026-43224

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...

5.7AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.9 views

SUSE CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.9 views

SUSE CVE-2026-43266

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.9 views

SUSE CVE-2026-43269

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomicdestroystate callback After several commits, the slab memory increases. Some drmcrtccommit objects are not freed. The atomicdestroystate callback only put the framebuffer. Use the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.9 views

SUSE CVE-2026-43270

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtkmdpremove In mtkmdpprobe, vpugetplatdevice increases the reference count of the returned platform device. Add platformdeviceput to prevent reference leak...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.9 views

SUSE CVE-2026-43283

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv-rxbuf.allocphys...

5.8AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.9 views

SUSE CVE-2026-44331

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...

8.1CVSS6AI score0.00455EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:55 a.m.9 views

SUSE CVE-2012-0418

Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file...

9.3CVSS6.2AI score0.03753EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/06 1:43 a.m.9 views

SUSE CVE-2026-31729

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsinotifycommon The connector number extracted from CCI via UCSICCICONNECTOR is a 7-bit field 0-127 that is used to index into the connector array in ucsiconnectorchange. However, t...

6.4CVSS5.8AI score0.00129EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/06 1:43 a.m.9 views

SUSE CVE-2026-31746

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: Fix memory leak with CCA cards used as accelerator Tests showed that there is a memory leak if CCA cards are used as accelerator for clear key RSA requests ME and CRT. With the last rework for the memory allocation t...

5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:43 a.m.9 views

SUSE CVE-2026-31750

In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak 1, because commit 4e1da516debb "comedi: Add reference counting for Comedi command handling" did not consider the exceptional exit case in...

5.7AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.9 views

SUSE CVE-2026-31764

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Set buffer sampling frequency for accelerometer only The stlsm6dsxhwfifoodrstore function, which is called when userspace writes the buffer sampling frequency sysfs attribute, calls stlsm6dsxcheckodr, which...

5.9AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.9 views

SUSE CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

7.5CVSS5.8AI score0.0034EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.9 views

SUSE CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.9 views

SUSE CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

7.6CVSS5.3AI score0.00259EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.9 views

SUSE CVE-2026-43034

In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.9 views

SUSE CVE-2026-43036

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.9 views

SUSE CVE-2026-43040

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndiscrauseropt to initialize nduseroptpadX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTMNEWNDUSEROPT netlink message. The nduseroptms...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.9 views

SUSE CVE-2026-43057

In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6CSUM GSO fallback NETIFFIPV6CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software...

7.5CVSS5.7AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.9 views

SUSE CVE-2026-43059

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs" introduced mgmtpendingvalid, which not only validates the pending command but also unlinks it from...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.9 views

SUSE CVE-2026-43061

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA dmaengineterminateasync does not guarantee that the dmatxcomplete callback will run. The callback is currently the only place where dma-txrunning gets cleared. If the transaction is...

5.8AI score0.00091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.9 views

SUSE CVE-2026-43062

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct...

5.8AI score0.00215EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.9 views

SUSE CVE-2026-43067

In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 "ext4: always allocate blocks only from groups inode can use" restricts what blocks will be allocated for indirect block based files...

9.8CVSS5.8AI score0.00403EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:49 a.m.9 views

SUSE CVE-2025-70070

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-41263

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

3.7CVSS5.7AI score0.00369EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-42483

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...

9.8CVSS6.4AI score0.00304EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.9 views

SUSE CVE-2026-31703

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...

5.3CVSS5.5AI score0.00114EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/05/01 2:12 a.m.9 views

SUSE CVE-2026-3832

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.5AI score0.0072EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/01 2:12 a.m.9 views

SUSE CVE-2026-5405

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

8.8CVSS6.2AI score0.00161EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/01 2:12 a.m.9 views

SUSE CVE-2026-5408

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.3AI score0.00143EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/01 2:11 a.m.9 views

SUSE CVE-2026-6523

GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.3AI score0.00124EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/01 2:11 a.m.9 views

SUSE CVE-2026-6528

TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service...

5.5CVSS5.3AI score0.00141EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/01 2:11 a.m.9 views

SUSE CVE-2026-6529

iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.3AI score0.00125EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/01 2:11 a.m.9 views

SUSE CVE-2026-6537

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.3AI score0.0018EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/01 2:11 a.m.9 views

SUSE CVE-2026-6538

BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.3AI score0.0018EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/01 2:11 a.m.9 views

SUSE CVE-2026-7111

Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example afterparse, beforeprint, or...

8.4CVSS5.6AI score0.00158EPSS
Exploits0References5
Total number of security vulnerabilities5000