Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•4 views

SUSE CVE-2026-31932

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.7AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•4 views

SUSE CVE-2026-31933

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.7AI score0.00351EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•3 views

SUSE CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00272EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•4 views

SUSE CVE-2026-31935

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.7AI score0.00272EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•5 views

SUSE CVE-2026-31937

Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15...

7.5CVSS5.7AI score0.00351EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•5 views

SUSE CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.7AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•9 views

SUSE CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

6.5CVSS5.8AI score0.00409EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•8 views

SUSE CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•6 views

SUSE CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

5.3CVSS5.7AI score0.0043EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•6 views

SUSE CVE-2026-34591

Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. It is reachable from untrusted package...

7.1CVSS6.1AI score0.00468EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•9 views

SUSE CVE-2026-34601

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

7.5CVSS5.7AI score0.00472EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:25 p.m.•8 views

SUSE CVE-2026-34610

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...

5.9CVSS5.8AI score0.00162EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•9 views

SUSE CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•5 views

SUSE CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•8 views

SUSE CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.7AI score0.00195EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•12 views

SUSE CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

5.3CVSS5.7AI score0.0038EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•8 views

SUSE CVE-2026-34827

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•10 views

SUSE CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•15 views

SUSE CVE-2026-34830

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...

5.9CVSS5.8AI score0.00209EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•11 views

SUSE CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•11 views

SUSE CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•9 views

SUSE CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator PRNG...

6.7CVSS5.8AI score0.00192EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•10 views

SUSE CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

9.1CVSS5.8AI score0.00204EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•12 views

SUSE CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

9.1CVSS5.8AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•10 views

SUSE CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•14 views

SUSE CVE-2026-34875

An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys...

9.8CVSS6AI score0.00366EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•9 views

SUSE CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...

7.5CVSS5.8AI score0.0039EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•9 views

SUSE CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•8 views

SUSE CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References24
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•6 views

SUSE CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

3.6CVSS6AI score0.00247EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•7 views

SUSE CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

3.1CVSS5.8AI score0.00237EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•6 views

SUSE CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•5 views

SUSE CVE-2026-35414

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

4.2CVSS5.7AI score0.00176EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•8 views

SUSE CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•5 views

SUSE CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•6 views

SUSE CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/03 11:24 p.m.•4 views

SUSE CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:28 p.m.•8 views

SUSE CVE-2026-23412

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF when concurrent process is dumping hooks via nfnetlinkhooks: BUG: KASAN: slab-use-after-free in nfnlhookdumpone.isra.0+0xe71/0x10f0 Read...

7CVSS5.8AI score0.00117EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/04/02 11:28 p.m.•6 views

SUSE CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

6.4CVSS5.7AI score0.00119EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/04/02 11:28 p.m.•6 views

SUSE CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tlsdecryptasyncwait returns, every AEAD operation has completed and the engin...

4.7CVSS5.6AI score0.00238EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/04/02 11:28 p.m.•4 views

SUSE CVE-2026-23415

In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futexkeytonodeopt and vmareplacepolicy During futexkeytonodeopt execution, vma-vmpolicy is read under speculative mmap lock and RCU. Concurrently, mbind may call vmareplacepolicy which frees the old mempoli...

5.7AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:28 p.m.•5 views

SUSE CVE-2026-23416

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in currend, and then upon iterating to the next VMA updated currstart to currend to advance to the next VMA. However, this doesn't take...

5.5CVSS5.7AI score0.00218EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:27 p.m.•6 views

SUSE CVE-2026-23417

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix constant blinding for PROBEMEM32 stores BPFST | BPFPROBEMEM32 immediate stores are not handled by bpfjitblindinsn, allowing user-controlled 32-bit immediates to survive unblinded into JIT-compiled native code when...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/04/02 11:27 p.m.•6 views

SUSE CVE-2026-27489

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0...

8.7CVSS5.9AI score0.00593EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•10 views

SUSE CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS6.4AI score0.01126EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•4 views

SUSE CVE-2026-34397

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.7AI score0.00158EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•4 views

SUSE CVE-2026-34445

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn't check if the...

8.6CVSS5.7AI score0.00288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•4 views

SUSE CVE-2026-34446

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the...

4.7CVSS5.8AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•4 views

SUSE CVE-2026-34447

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0...

5.5CVSS5.7AI score0.00248EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•7 views

SUSE CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References3
Total number of security vulnerabilities59854