Lucene search
K
SusecveMost viewed

59854 matches found

SUSE CVE
SUSE CVE
added 2024/04/11 2:31 a.m.9 views

SUSE CVE-2024-26741

In the Linux kernel, the following vulnerability has been resolved: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished. syzkaller reported a warning 0 in inetcskdestroysock with no repro. WARNONinetsksk-inetnum && !inetcsksk-icskbindhash; However, the syzkaller's log...

5.5CVSS6.6AI score0.0027EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2024/04/05 2:23 a.m.9 views

SUSE CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

5.3CVSS8.8AI score0.91969EPSS
Exploits1References66
SUSE CVE
SUSE CVE
added 2024/04/04 2:17 a.m.9 views

SUSE CVE-2024-26660

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'streamencregs' array is an array of dcn10streamencregisters structures. The array is initialized with four elements, corresponding to the four calls t...

5.5CVSS6.7AI score0.00248EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/03/28 4:15 a.m.9 views

SUSE CVE-2023-52621

In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...

5.5CVSS6.3AI score0.00238EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2024/03/28 4:14 a.m.9 views

SUSE CVE-2024-2883

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS9.2AI score0.0334EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/03/27 4:26 a.m.9 views

SUSE CVE-2021-47149

In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18xgethwinfo, if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure...

5.5CVSS6.3AI score0.00226EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/03/27 4:26 a.m.9 views

SUSE CVE-2021-47150

In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fecenetinit If the memory allocated for cbdbase is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues...

5.5CVSS7.7AI score0.00225EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2024/03/19 3:50 a.m.9 views

SUSE CVE-2021-47113

In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in renameexchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a renameexchange. This happens because we insert the inode re...

5.5CVSS6.3AI score0.00268EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2024/03/19 3:50 a.m.9 views

SUSE CVE-2021-47114

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at...

5.5CVSS8AI score0.00226EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/03/06 4:52 a.m.9 views

SUSE CVE-2021-47105

In the Linux kernel, the following vulnerability has been resolved: ice: xsk: return xsk buffers back to pool when cleaning the ring Currently we only NULL the xdpbuff pointer in the internal SW ring but we never give it back to the xsk buffer pool. This means that buffers can be leaked out of th...

3.3CVSS6.6AI score0.00292EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2024/03/06 4:34 a.m.9 views

SUSE CVE-2023-52503

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdteeclosesession There is a potential race condition in amdteeclosesession that may cause use-after-free in amdteeopensession. For instance, if a session has refcount == 1, and o...

4.5CVSS6.3AI score0.00258EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/03/05 4:49 a.m.9 views

SUSE CVE-2021-47074

In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvmeloopcreatectrl When creating loop ctrl in nvmeloopcreatectrl, if nvmeinitctrl fails, the loop ctrl should be freed before jumping to the "out" label...

3.3CVSS6.2AI score0.00235EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2024/03/05 4:31 a.m.9 views

SUSE CVE-2023-52501

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed th...

5.5CVSS6.5AI score0.0023EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2024/03/05 4:31 a.m.9 views

SUSE CVE-2023-52580

In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETHP1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to skbflowdissect, nhoff value calculation is wrong. For example: hdr-messagelength takes t...

5.5CVSS6AI score0.00225EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/03/02 5:20 a.m.9 views

SUSE CVE-2023-52478

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has four time-of-check vs time-of-use TOCTOU races when it races with itself. hidppconnectevent primarily runs from a workqueue but it also runs o...

5.8CVSS6.3AI score0.00171EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2024/03/01 4:8 a.m.9 views

SUSE CVE-2021-46948

In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...

5.5CVSS6.4AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/03/01 4:7 a.m.9 views

SUSE CVE-2021-46988

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...

5.5CVSS6.4AI score0.0024EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/03/01 4:7 a.m.9 views

SUSE CVE-2021-47004

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...

7.1CVSS6.5AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/03/01 3:47 a.m.9 views

SUSE CVE-2023-52475

In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermateconfigcomplete syzbot has found a use-after-free bug 1 in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermatedevice...

6.3CVSS6.3AI score0.00243EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2024/02/29 3:56 a.m.9 views

SUSE CVE-2021-46939

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...

5.5CVSS8AI score0.00246EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/02/29 3:56 a.m.9 views

SUSE CVE-2021-46944

In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imufmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that...

4.7CVSS7.7AI score0.00225EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/02/13 3:51 a.m.9 views

SUSE CVE-2024-1151

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...

5.5CVSS6.9AI score0.0027EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2024/02/13 3:50 a.m.9 views

SUSE CVE-2024-25741

printerwrite in drivers/usb/gadget/function/fprinter.c in the Linux kernel through 6.7.4 does not properly call usbepqueue, which might allow attackers to cause a denial of service or have unspecified other impact...

4.7CVSS6.8AI score0.00314EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/12/01 2:20 a.m.9 views

SUSE CVE-2023-6346

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.3AI score0.0097EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/11/16 1:54 a.m.9 views

SUSE CVE-2023-47627

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...

5.3CVSS8.3AI score0.0085EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/11/02 2:45 a.m.9 views

SUSE CVE-2023-5856

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS9.2AI score0.01172EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/10/31 2:25 a.m.9 views

SUSE CVE-2021-35623

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

2.7CVSS4.3AI score0.01342EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/10/11 1:47 a.m.9 views

SUSE CVE-2023-5479

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.5AI score0.00621EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/08/18 2:12 a.m.9 views

SUSE CVE-2023-4389

A flaw was found in btrfsgetrootref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information...

5.8CVSS6.6AI score0.00254EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/07/19 2:2 a.m.9 views

SUSE CVE-2023-37259

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...

6.1CVSS6AI score0.00448EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/06/28 1:39 a.m.9 views

SUSE CVE-2023-3422

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.00658EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/06/15 12:55 a.m.9 views

SUSE CVE-2023-3217

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.13309EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/05/05 2:0 a.m.9 views

SUSE CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors...

6.6CVSS6.3AI score0.00245EPSS
Exploits0References25
SUSE CVE
SUSE CVE
added 2023/05/04 2:23 a.m.9 views

SUSE CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: Medium...

8.8CVSS9.5AI score0.00763EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/04/26 11:17 p.m.9 views

SUSE CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information...

6.5CVSS6.3AI score0.00926EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/04/20 2:16 a.m.9 views

SUSE CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

4.8CVSS9.4AI score0.14737EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.9 views

SUSE CVE-2023-1814

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.6AI score0.00889EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.9 views

SUSE CVE-2023-1821

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

6.5CVSS8.6AI score0.00847EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/03/28 1:50 a.m.9 views

SUSE CVE-2023-27579

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/03/02 3:59 a.m.9 views

SUSE CVE-2023-1095

In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransdestroy calls listdel, but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference...

5.1CVSS6.9AI score0.00216EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2023/03/02 3:59 a.m.9 views

SUSE CVE-2023-22998

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...

5.5CVSS6.7AI score0.00304EPSS
Exploits0References23
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.9 views

SUSE CVE-2002-2437

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited w...

5CVSS6.4AI score0.01333EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.9 views

SUSE CVE-2003-0434

Various PDF viewers including 1 Adobe Acrobat 5.06 and 2 Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink...

7.5CVSS7.8AI score0.40942EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.9 views

SUSE CVE-2004-0686

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors...

5CVSS7.3AI score0.03666EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.9 views

SUSE CVE-2004-1237

Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service system crash via unknown vectors...

2.1CVSS6.6AI score0.00358EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.9 views

SUSE CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...

9.3CVSS8.1AI score0.19363EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.9 views

SUSE CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

5CVSS7AI score0.12174EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.9 views

SUSE CVE-2006-3014

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet...

5.1CVSS7.4AI score0.30101EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.9 views

SUSE CVE-2006-6737

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

4.3CVSS6.8AI score0.02311EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.9 views

SUSE CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

5CVSS7AI score0.0142EPSS
Exploits0References3
Total number of security vulnerabilities5000