Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•7 views

SUSE CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

3.7CVSS5.8AI score0.0044EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•4 views

SUSE CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

4.8CVSS5.7AI score0.00315EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•6 views

SUSE CVE-2026-34515

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

8.7CVSS5.8AI score0.00433EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•6 views

SUSE CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

5.3CVSS5.7AI score0.0044EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•6 views

SUSE CVE-2026-34517

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

3.1CVSS5.7AI score0.00384EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•6 views

SUSE CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.00337EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•7 views

SUSE CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

3.7CVSS5.7AI score0.00292EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•7 views

SUSE CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

5.3CVSS5.7AI score0.00461EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•8 views

SUSE CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

5.4CVSS5.7AI score0.00288EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•7 views

SUSE CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

8.2CVSS5.7AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•6 views

SUSE CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

5.5CVSS5.7AI score0.00482EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•6 views

SUSE CVE-2026-34544

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...

5.3CVSS5.7AI score0.00244EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•5 views

SUSE CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

7.8CVSS6.6AI score0.00611EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•61 views

SUSE CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

8.8CVSS5.8AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 11:26 p.m.•6 views

SUSE CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

3.3CVSS5.8AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•6 views

SUSE CVE-2026-5190

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted event-stream messages. To remediate this issue, user...

7.7CVSS6.4AI score0.00376EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5272

Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.0045EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•5 views

SUSE CVE-2026-5273

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3CVSS6.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•6 views

SUSE CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00336EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5275

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.5AI score0.0035EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•5 views

SUSE CVE-2026-5276

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.9AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•6 views

SUSE CVE-2026-5277

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00255EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•7 views

SUSE CVE-2026-5278

Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00407EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5279

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0034EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5280

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00395EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5281

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.4AI score0.05036EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5282

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.1CVSS5.9AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•6 views

SUSE CVE-2026-5283

Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.9AI score0.002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5284

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.0028EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•5 views

SUSE CVE-2026-5285

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00403EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•4 views

SUSE CVE-2026-5286

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•6 views

SUSE CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.2AI score0.00417EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•5 views

SUSE CVE-2026-5288

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.9AI score0.00248EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•5 views

SUSE CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.9AI score0.00275EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•3 views

SUSE CVE-2026-5290

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.9AI score0.00248EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•6 views

SUSE CVE-2026-5291

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.9AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:42 a.m.•5 views

SUSE CVE-2026-5292

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.9AI score0.00248EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•7 views

SUSE CVE-2026-23401

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so after dropping/zapping the existing SPTE if it's shadow-present. While commit a54aa15c6bda3 was right about...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•7 views

SUSE CVE-2026-23402

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check against overwriting a shadow-present SPTE with a another SPTE with a different target PFN to only apply to direct MMUs, i.e. on...

5.5CVSS5.7AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•10 views

SUSE CVE-2026-23403

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verifyheader The function sets ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checki...

6.6CVSS5.8AI score0.00177EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•9 views

SUSE CVE-2026-23404

In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested profiles, which can lead to kernel stack exhaustion and system crashes. Reproducer: $ pf='a'; for i=...

5.5CVSS5.8AI score0.00177EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•7 views

SUSE CVE-2026-23405

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying on the user namespace limit. However policy namespaces aren't strictly tied to user namespaces and it...

5.5CVSS5.7AI score0.00181EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•7 views

SUSE CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

6.1CVSS5.8AI score0.00177EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•9 views

SUSE CVE-2026-23407

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•8 views

SUSE CVE-2026-23408

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of nsname in aareplaceprofiles if nsname is NULL after 1071 error = aaunpackudata, &lh, &nsname; and if ent-nsname contains an nsname in 1089 else if ent-nsname then nsname is assigned the ent-nsname 109...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•8 views

SUSE CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

6.3CVSS5.7AI score0.00177EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•8 views

SUSE CVE-2026-23410

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata inodes are not refcounted, an attacker can start opening one of the rawdata files, and at the same...

6.4CVSS5.7AI score0.00141EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/04/02 8:39 a.m.•6 views

SUSE CVE-2026-23411

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to iprivate data on its end after removing the original entry from the file system. However the inode can aand does live beyond that...

6.4CVSS5.7AI score0.00145EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/04/02 8:37 a.m.•6 views

SUSE CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

8.3CVSS5.8AI score0.00834EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/02 8:37 a.m.•5 views

SUSE CVE-2026-32726

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...

8.1CVSS5.8AI score0.00272EPSS
Exploits1References3
Total number of security vulnerabilities59854