Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/01/20 12:26 a.m.•7 views

SUSE CVE-2026-1200

A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the increaseBufferTo function. This vulnerability can lead to memory corruption problems and potentially other consequences...

6.3CVSS5.8AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•5 views

SUSE CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS5.6AI score0.00149EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•6 views

SUSE CVE-2026-22865

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS5.7AI score0.00135EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•2 views

SUSE CVE-2026-23490

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This vulnerability is fixed in 0.6.2...

7.5CVSS5.3AI score0.00679EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•4 views

SUSE CVE-2026-23530

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client-side heap buffer overflow, causing a crash DoS...

7.5CVSS5.9AI score0.00443EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•4 views

SUSE CVE-2026-23531

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData is present, cleardecompress calls freerdpimagecopynooverlap without validating the destination rectangle, allowing an out-of-bounds read/write via crafted RDPGFX surface updates...

7.5CVSS5.9AI score0.00443EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•3 views

SUSE CVE-2026-23532

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client's gdiSurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a...

7.5CVSS6AI score0.00434EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•4 views

SUSE CVE-2026-23533

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes during color output. A malicious server can trigger a...

7.5CVSS6AI score0.00434EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•4 views

SUSE CVE-2026-23534

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a...

7.5CVSS6AI score0.00434EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•4 views

SUSE CVE-2026-23732

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts cbData/remaining length and never validates against the minimum size implied by cx/cy. A malicious server can trigger a client-side global buffer overflow, causing a crash DoS. Versi...

4.3CVSS5.8AI score0.00481EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•5 views

SUSE CVE-2026-23883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew frees cursorPixels on failure, then pointerfree calls xfPointerFree and frees it again, triggering ASan UAF. A malicious server can trigger a client-side use after free, causing a crash DoS and...

7.5CVSS5.7AI score0.00402EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/01/20 12:25 a.m.•5 views

SUSE CVE-2026-23884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves gdi-drawing pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client-side use after free, causing a crash DoS and...

7.5CVSS5.7AI score0.00402EPSS
Exploits1References12
SUSE CVE
SUSE CVE
•added 2026/01/19 12:23 a.m.•6 views

SUSE CVE-2025-68789

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.2AI score0.00032EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/19 12:23 a.m.•10 views

SUSE CVE-2025-71106

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

5.5CVSS6.5AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/19 12:23 a.m.•15 views

SUSE CVE-2025-71115

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...

5.5CVSS6.7AI score0.00108EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/19 12:23 a.m.•6 views

SUSE CVE-2025-71121

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the relevant registers...

5.5CVSS6.4AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/19 12:23 a.m.•11 views

SUSE CVE-2025-71132

In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPTRT When smc91x.c is built with PREEMPTRT, the following splat occurs in FVPRevC: 13.055000 smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000 13.062137 BUG: workqueue leaked...

5.5CVSS6.5AI score0.00114EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/18 12:26 a.m.•5 views

SUSE CVE-2025-29943

Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest...

4.6CVSS7.1AI score0.00202EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/01/18 12:24 a.m.•5 views

SUSE CVE-2025-68817

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdtreeconnectput under concurrency Under high concurrency, A tree-connection object tcon is freed on a disconnect path while another path still holds a reference and later executes put/write on it...

7.8CVSS6.5AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/18 12:24 a.m.•5 views

SUSE CVE-2025-68820

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4rawinode If ext4getinodeloc fails e.g. if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattrinodedecrefall lacks error checking, this will lead to a null pointer...

4.7CVSS6.4AI score0.00173EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/18 12:24 a.m.•4 views

SUSE CVE-2025-71123

In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parseapplysbmountoptions strscpypad can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 "string.h: Introduce memtostr and memtostrpad" provid...

6.5CVSS6.4AI score0.00153EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/18 12:24 a.m.•44 views

SUSE CVE-2025-71133

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent should not dereference anything from "neigh" alias "ptr" until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointe...

5.5CVSS6.4AI score0.00153EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/18 12:24 a.m.•8 views

SUSE CVE-2025-71143

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 "clk: Annotate struct clkhwonecelldata with countedby" annotated the hws member of 'struct clkhwonecelldata' with countedby, which informs the...

5.5CVSS6.4AI score0.00122EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•8 views

SUSE CVE-2017-18891

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link...

6.1CVSS7AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•5 views

SUSE CVE-2017-18893

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS...

6.1CVSS7AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•6 views

SUSE CVE-2017-18894

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover...

8.1CVSS7AI score0.00821EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•10 views

SUSE CVE-2017-18895

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

5.3CVSS6.6AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•8 views

SUSE CVE-2017-18896

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint...

5.3CVSS6.9AI score0.00769EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•8 views

SUSE CVE-2017-18897

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection...

6.1CVSS7AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•5 views

SUSE CVE-2017-18898

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang...

5.3CVSS6.9AI score0.01096EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•7 views

SUSE CVE-2017-18900

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

9.8CVSS7.4AI score0.01285EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•7 views

SUSE CVE-2017-18901

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document...

5.3CVSS7AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•4 views

SUSE CVE-2017-18904

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file...

6.1CVSS6.2AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:51 a.m.•12 views

SUSE CVE-2017-18905

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled...

5.3CVSS7AI score0.00769EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:47 a.m.•11 views

SUSE CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS4.6AI score0.00911EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:33 a.m.•20 views

SUSE CVE-2024-6717

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

8.6CVSS6.9AI score0.00388EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:32 a.m.•15 views

SUSE CVE-2025-14273

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

8.3CVSS7.1AI score0.00227EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:32 a.m.•7 views

SUSE CVE-2025-14986

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.9AI score0.00415EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:32 a.m.•9 views

SUSE CVE-2025-14987

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS7.3AI score0.00358EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:31 a.m.•22 views

SUSE CVE-2025-15107

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

8.1CVSS6.5AI score0.00564EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:28 a.m.•10 views

SUSE CVE-2025-60538

A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack...

6.5CVSS7.1AI score0.00367EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:28 a.m.•5 views

SUSE CVE-2025-61726

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

6.5CVSS7.3AI score0.01945EPSS
Exploits0References52
SUSE CVE
SUSE CVE
•added 2026/01/17 12:28 a.m.•4 views

SUSE CVE-2025-61728

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

5.5CVSS7.3AI score0.00643EPSS
Exploits1References26
SUSE CVE
SUSE CVE
•added 2026/01/17 12:28 a.m.•1 views

SUSE CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

3.7CVSS7.2AI score0.00276EPSS
Exploits0References14
SUSE CVE
SUSE CVE
•added 2026/01/17 12:28 a.m.•3 views

SUSE CVE-2025-61731

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

7CVSS7.3AI score0.00532EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2026/01/17 12:28 a.m.•4 views

SUSE CVE-2025-62690

Mattermost versions 10.11.x = 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab...

6.1CVSS6.7AI score0.00125EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/17 12:27 a.m.•2 views

SUSE CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.8AI score0.00335EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2026/01/17 12:27 a.m.•13 views

SUSE CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

7.4CVSS8.2AI score0.00765EPSS
Exploits1References62
SUSE CVE
SUSE CVE
•added 2026/01/17 12:26 a.m.•6 views

SUSE CVE-2025-68784

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

4.7CVSS6.4AI score0.00166EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/01/17 12:26 a.m.•6 views

SUSE CVE-2025-68821

In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim deadlock Commit e26ee4efbc79 "fuse: allocate ff-releaseargs only if release is needed" skips allocating ff-releaseargs if the server does not implement open. However in doing so, fusepreparerelease now...

5.5CVSS6AI score0.00173EPSS
Exploits0References7
Total number of security vulnerabilities59854