Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
added 2026/03/31 8:38 a.m.5 views

SUSE CVE-2026-4176

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...

9.8CVSS5.9AI score0.00676EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/31 8:37 a.m.7 views

SUSE CVE-2026-5037

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...

4.8CVSS6.2AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/31 8:37 a.m.5 views

SUSE CVE-2026-5107

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function processtype2route of the file bgpd/bgpevpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

4.2CVSS5.3AI score0.00279EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/03/31 8:37 a.m.7 views

SUSE CVE-2026-5119

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

5.9CVSS5.9AI score0.00254EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/03/31 8:31 a.m.8 views

SUSE CVE-2026-27876

A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...

9.1CVSS6.6AI score0.01929EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/31 8:31 a.m.7 views

SUSE CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/03/31 8:31 a.m.6 views

SUSE CVE-2026-27879

A resample query can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/31 8:31 a.m.10 views

SUSE CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

7.5CVSS5.8AI score0.00772EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/31 8:31 a.m.6 views

SUSE CVE-2026-28375

A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/30 11:30 p.m.13 views

SUSE CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

8.8CVSS6.2AI score0.02709EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/30 11:28 p.m.6 views

SUSE CVE-2026-33433

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when headerField is configured with a non-canonical HTTP header name e.g., x-auth-user instead of X-Auth-User, an authenticated attacker can inject their own canonical version of that header to...

8.8CVSS5.9AI score0.00469EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/30 11:27 p.m.7 views

SUSE CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/30 11:27 p.m.7 views

SUSE CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/30 11:27 p.m.4 views

SUSE CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

5.9CVSS5.9AI score0.01125EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/30 11:27 p.m.6 views

SUSE CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/03/30 8:30 a.m.6 views

SUSE CVE-2019-8400

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error errorhint parameter...

6.1CVSS5.9AI score0.01322EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/30 8:28 a.m.6 views

SUSE CVE-2020-14391

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Custom...

5.5CVSS5.8AI score0.00318EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/29 11:23 p.m.7 views

SUSE CVE-2026-23400

In the Linux kernel, the following vulnerability has been resolved: rustbinder: call setnotificationdone without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local process invokes the...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/29 12:29 a.m.5 views

SUSE CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

5.3CVSS5.9AI score0.00447EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/29 12:29 a.m.4 views

SUSE CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/29 12:29 a.m.6 views

SUSE CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

7.5CVSS5.9AI score0.00703EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2026/03/28 6:29 p.m.10 views

SUSE CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.5 views

SUSE CVE-2026-2455

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to canonicalize IPv4-mapped IPv6 addresses before reserved IP validation which allows an attacker to perform SSRF attacks against internal services via IPv4-mapped IPv6 literals e.g., ::ffff:127.0.0.1.. Mattermost...

4.3CVSS5.9AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.5 views

SUSE CVE-2026-2456

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.7 views

SUSE CVE-2026-2457

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.4 views

SUSE CVE-2026-2458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.5 views

SUSE CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

4.3CVSS5.9AI score0.00162EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.5 views

SUSE CVE-2026-2463

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to filter invite IDs based on user permissions, which allows regular users to bypass access control restrictions and register unauthorized accounts via leaked invite IDs during team creation.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.5 views

SUSE CVE-2026-2476

Mattermost Plugins versions =2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-2026-00606...

7.6CVSS5.9AI score0.0018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.3 views

SUSE CVE-2026-2578

Mattermost versions 11.3.x = 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.8 views

SUSE CVE-2026-3650

A memory leak exists in the Grassroots DICOM library GDCM. The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously...

8.7CVSS5.8AI score0.00358EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.4 views

SUSE CVE-2026-4265

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to validate team-specific uploadfile permissions which allows a guest user to post files in channels where they lack uploadfile permission via uploading files in a team where they have permission and reusing the file...

4.3CVSS5.9AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.8 views

SUSE CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.6 views

SUSE CVE-2026-4948

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication,...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.6 views

SUSE CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.5 views

SUSE CVE-2026-21386

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexisten...

4.3CVSS5.9AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.6 views

SUSE CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.6 views

SUSE CVE-2026-22545

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

3.5CVSS5.9AI score0.00148EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 6:19 p.m.7 views

SUSE CVE-2026-23399

In the Linux kernel, the following vulnerability has been resolved: nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then the first stateful expression remains in place without being released...

4.7CVSS5.8AI score0.00121EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.7 views

SUSE CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

7.7CVSS5.9AI score0.00395EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.3 views

SUSE CVE-2026-24458

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.9 views

SUSE CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

8.8CVSS6.3AI score0.02502EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.9 views

SUSE CVE-2026-24692

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

4.3CVSS5.9AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.8 views

SUSE CVE-2026-25780

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.8 views

SUSE CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.9AI score0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.6 views

SUSE CVE-2026-26246

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.5 views

SUSE CVE-2026-26304

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2 fail to verify runcreate permission for empty playbookId, which allows team members to create unauthorized runs via the playbook run API. Mattermost Advisory ID: MMSA-2025-00542...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.8 views

SUSE CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.7 views

SUSE CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

7.4CVSS5.9AI score0.00392EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/28 12:28 a.m.5 views

SUSE CVE-2026-27857

Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...

4.3CVSS5.9AI score0.00667EPSS
Exploits1References11
Total number of security vulnerabilities59854