Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/03/17 12:26 a.m.•4 views

SUSE CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/03/17 12:25 a.m.•6 views

SUSE CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

9.1CVSS5.9AI score0.00548EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/03/17 12:25 a.m.•4 views

SUSE CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

5.9CVSS5.7AI score0.00142EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/03/17 12:24 a.m.•5 views

SUSE CVE-2026-28498

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

9.1CVSS5.8AI score0.00226EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2026/03/17 12:24 a.m.•4 views

SUSE CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/17 12:24 a.m.•5 views

SUSE CVE-2026-32776

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content...

7.5CVSS5.8AI score0.00144EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/17 12:24 a.m.•4 views

SUSE CVE-2026-32778

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...

5.9CVSS5.8AI score0.00143EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/03/16 6:46 p.m.•5 views

SUSE CVE-2025-58266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through = 6.0.0...

5.9CVSS5.9AI score0.00205EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/03/16 6:45 p.m.•4 views

SUSE CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content...

7.5CVSS5.8AI score0.00216EPSS
Exploits1References17
SUSE CVE
SUSE CVE
•added 2026/03/16 5:33 p.m.•3 views

SUSE CVE-2025-61154

Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service DoS via the function decompressR2004section at decode.c...

6.5CVSS6AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•4 views

SUSE CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

4.8CVSS5.8AI score0.00528EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•6 views

SUSE CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.7AI score0.00363EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

5.3CVSS5.8AI score0.00644EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-26127

unknown...

7.5CVSS5.8AI score0.02049EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•4 views

SUSE CVE-2026-26130

unknown...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-29774

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...

5.3CVSS6AI score0.00323EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-29775

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to...

3.7CVSS5.8AI score0.00309EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•4 views

SUSE CVE-2026-29776

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in updatereadcachebitmaporder Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0...

3.1CVSS5.8AI score0.00175EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...

8.2CVSS5.9AI score0.00179EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-31883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...

7.3CVSS5.8AI score0.00317EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-31884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...

5.3CVSS5.8AI score0.00303EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•4 views

SUSE CVE-2026-31885

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

7.1CVSS5.8AI score0.00263EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•4 views

SUSE CVE-2026-31897

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...

3.1CVSS5.8AI score0.00285EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•4 views

SUSE CVE-2026-31899

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...

5.5CVSS5.8AI score0.0049EPSS
Exploits2References5
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•5 views

SUSE CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

9.8CVSS5.8AI score0.00512EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/16 5:32 p.m.•4 views

SUSE CVE-2026-32746

telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full...

9.8CVSS5.9AI score0.23674EPSS
Exploits8References4
SUSE CVE
SUSE CVE
•added 2026/03/16 12:51 a.m.•4 views

SUSE CVE-1999-0512

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...

10CVSS5.8AI score0.12035EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/16 12:49 a.m.•4 views

SUSE CVE-2009-1350

Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer...

10CVSS6.2AI score0.65934EPSS
Exploits7References3
SUSE CVE
SUSE CVE
•added 2026/03/16 12:47 a.m.•3 views

SUSE CVE-2010-4326

Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long 1 REQUEST-STATUS, 2 TZNAME, 3 COMMENT, or 4 RRULE variable in this message...

10CVSS6.4AI score0.10245EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/03/16 12:47 a.m.•3 views

SUSE CVE-2010-5323

Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management ZCM 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST...

10CVSS6AI score0.14456EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/16 12:43 a.m.•9 views

SUSE CVE-2013-1085

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

9.3CVSS6.5AI score0.05591EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•4 views

SUSE CVE-2017-18873

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service channel invisibility via a misformatted post...

5.3CVSS5.8AI score0.01106EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•3 views

SUSE CVE-2017-18903

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled...

8.8CVSS5.8AI score0.00428EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•4 views

SUSE CVE-2017-18906

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account...

8.1CVSS5.8AI score0.00789EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•4 views

SUSE CVE-2017-18907

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header...

6.1CVSS5.8AI score0.0069EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•4 views

SUSE CVE-2017-18908

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address...

9.8CVSS5.8AI score0.01184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•3 views

SUSE CVE-2017-18909

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory...

7.5CVSS5.8AI score0.00656EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•3 views

SUSE CVE-2017-18911

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server...

9.1CVSS5.8AI score0.00669EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•3 views

SUSE CVE-2017-18912

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file...

9.8CVSS5.8AI score0.01387EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•4 views

SUSE CVE-2017-18915

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...

9.8CVSS5.8AI score0.01184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•3 views

SUSE CVE-2017-18916

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction...

5.3CVSS5.8AI score0.00775EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•4 views

SUSE CVE-2017-18917

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens...

7.5CVSS5.8AI score0.00717EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:7 p.m.•3 views

SUSE CVE-2017-18918

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname...

4.9CVSS5.9AI score0.00459EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 11:58 a.m.•6 views

SUSE CVE-2018-17967

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c...

3.3CVSS5.8AI score0.01461EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/03/15 12:28 a.m.•11 views

SUSE CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS5.8AI score0.00472EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/03/15 12:25 a.m.•6 views

SUSE CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

5.3CVSS5.8AI score0.00435EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2026/03/15 12:23 a.m.•4 views

SUSE CVE-2026-31806

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly...

8.8CVSS6.3AI score0.00656EPSS
Exploits1References14
SUSE CVE
SUSE CVE
•added 2026/03/14 12:25 a.m.•7 views

SUSE CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

6.5CVSS6AI score0.0218EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/03/14 12:25 a.m.•5 views

SUSE CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.01629EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/03/14 12:25 a.m.•4 views

SUSE CVE-2026-3910

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.02EPSS
Exploits0References3
Total number of security vulnerabilities59854