Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2023/11/16 1:54 a.m.9 views

SUSE CVE-2023-47627

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...

5.3CVSS8.3AI score0.0085EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/11/02 2:45 a.m.9 views

SUSE CVE-2023-5856

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS9.2AI score0.01172EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/10/31 2:25 a.m.9 views

SUSE CVE-2021-35623

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

2.7CVSS4.3AI score0.01342EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/10/11 1:47 a.m.9 views

SUSE CVE-2023-5479

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.5AI score0.00621EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/08/18 2:12 a.m.9 views

SUSE CVE-2023-4389

A flaw was found in btrfsgetrootref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information...

5.8CVSS6.6AI score0.00254EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/08/05 2:2 a.m.9 views

SUSE CVE-2023-4134

A use-after-free vulnerability was found in the cyttsp4core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdogtimer from the workqueue. This could allow a local user to crash the system, causing a denial of service...

4.1CVSS6.2AI score0.00188EPSS
Exploits0References30
SUSE CVE
SUSE CVE
added 2023/08/04 2:5 a.m.9 views

SUSE CVE-2023-4075

Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.01219EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/07/25 2:19 a.m.9 views

SUSE CVE-2023-3609

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. If an attacker...

7CVSS6.6AI score0.00458EPSS
Exploits1References47
SUSE CVE
SUSE CVE
added 2023/07/19 2:2 a.m.9 views

SUSE CVE-2023-37259

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

6.1CVSS6AI score0.00448EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/06/15 12:55 a.m.9 views

SUSE CVE-2023-3217

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.13309EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/05/09 2:3 a.m.9 views

SUSE CVE-2023-32269

An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free because accept is also allowed for a successfully connected AFNETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the...

5.9CVSS6.7AI score0.0027EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/05/05 2:0 a.m.9 views

SUSE CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...

6.6CVSS6.3AI score0.00245EPSS
Exploits0References25
SUSE CVE
SUSE CVE
added 2023/05/04 2:23 a.m.9 views

SUSE CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: Medium...

8.8CVSS9.5AI score0.00763EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/04/26 11:17 p.m.9 views

SUSE CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information...

6.5CVSS6.3AI score0.00926EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/04/20 2:16 a.m.9 views

SUSE CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

4.8CVSS9.4AI score0.14737EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/04/20 2:6 a.m.9 views

SUSE CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS9.3AI score0.05786EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.9 views

SUSE CVE-2023-1814

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.6AI score0.00889EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.9 views

SUSE CVE-2023-1821

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

6.5CVSS8.6AI score0.00847EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/03/28 1:50 a.m.9 views

SUSE CVE-2023-27579

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/03/02 3:59 a.m.9 views

SUSE CVE-2023-1095

In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransdestroy calls listdel, but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference...

5.1CVSS6.9AI score0.00216EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2023/03/02 3:59 a.m.9 views

SUSE CVE-2023-22998

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...

5.5CVSS6.7AI score0.00304EPSS
Exploits0References23
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.9 views

SUSE CVE-2002-2437

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited w...

5CVSS6.4AI score0.01333EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.9 views

SUSE CVE-2003-0434

Various PDF viewers including 1 Adobe Acrobat 5.06 and 2 Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink...

7.5CVSS7.8AI score0.40942EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.9 views

SUSE CVE-2004-0686

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors...

5CVSS7.3AI score0.03666EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.9 views

SUSE CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service system crash via unknown vectors...

2.1CVSS6.6AI score0.00358EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.9 views

SUSE CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

9.3CVSS8.1AI score0.19363EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.9 views

SUSE CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

5CVSS7AI score0.12174EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.9 views

SUSE CVE-2006-3014

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...

5.1CVSS7.4AI score0.30101EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.9 views

SUSE CVE-2006-6737

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

4.3CVSS6.8AI score0.02311EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

5CVSS7AI score0.0142EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2293

Multiple stack-based buffer overflows in the processsdp function in chansip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long 1 T38FaxRateManagement or 2 T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP...

7.6CVSS8.3AI score0.23878EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2449

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS4.8AI score0.77376EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2789

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

4.3CVSS6.8AI score0.03485EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.9 views

SUSE CVE-2007-3503

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.03051EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.9 views

SUSE CVE-2007-4394

Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors...

2.1CVSS6.6AI score0.00355EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.9 views

SUSE CVE-2007-5377

The 1 tramp-make-temp-file and 2 tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files...

6.9CVSS6.8AI score0.00307EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.9 views

SUSE CVE-2009-0692

Stack-based buffer overflow in the scriptwriteparams method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option...

10CVSS8.3AI score0.2578EPSS
Exploits9References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.9 views

SUSE CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DTRPATH:$ORIGIN...

6.9CVSS7.1AI score0.00781EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.9 views

SUSE CVE-2009-3461

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors...

9.3CVSS6.8AI score0.03273EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.9 views

SUSE CVE-2009-4034

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle...

5.8CVSS7AI score0.0213EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.9 views

SUSE CVE-2010-0084

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

5CVSS6.7AI score0.03162EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.9 views

SUSE CVE-2010-0837

Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

7.5CVSS8.2AI score0.03839EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.9 views

SUSE CVE-2010-0846

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

7.5CVSS8.7AI score0.06581EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.9 views

SUSE CVE-2010-0886

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.69949EPSS
Exploits7References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3558

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.049EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3556

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS6.6AI score0.05193EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.9 views

SUSE CVE-2010-3570

Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

7.6CVSS6.6AI score0.03897EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.9 views

SUSE CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS7.6AI score0.03017EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.9 views

SUSE CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

8.5CVSS6.3AI score0.45576EPSS
Exploits2References3
Total number of security vulnerabilities5000