Lucene search
K
SusecveRecent

59854 matches found

SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•4 views

SUSE CVE-2025-68783

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•3 views

SUSE CVE-2025-68785

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in pushnsh action The pushnsh action structure looks like this: OVSACTIONATTRPUSHNSHOVSKEYATTRNSHOVSNSHKEYATTRBASE,... The outermost OVSACTIONATTRPUSHNSH attribute is OK'ed by the...

5.7CVSS6.7AI score0.00186EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•5 views

SUSE CVE-2025-68786

In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current isize including 0, the code used to call checklockrangefilp, isize, size - 1, WRITE, which computes size - 1 and can underflow for...

6.8AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•5 views

SUSE CVE-2025-68787

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nrsendmsg syzbot reported a memory leak 1. When function sockallocsendskb return NULL in nroutput, the original skb is not freed, which was allocated in nrsendmsg. Fix this by freeing it before return. ...

6.5AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•5 views

SUSE CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

4.7CVSS6.3AI score0.00173EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•8 views

SUSE CVE-2025-68790

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCAPORTS component Clear hcadevcomcomp in device's private data after unregistering it in LAG teardown. Otherwise a slightly lagging second pass through mlx5unloadone might try to unregister it...

6.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•7 views

SUSE CVE-2025-68791

In the Linux kernel, the following vulnerability has been resolved: fuse: missing copyfinish in fuse-over-io-uring argument copies Fix a possible reference count leak of payload pages during fuse argument copies. Joanne: simplified error cleanup...

6.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•5 views

SUSE CVE-2025-68792

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix out of range indexing in namesize 'namesize' does not have any range checks, and it just directly indexes with TPMALGID, which could lead into memory corruption at worst. Address the issue by only processing...

6.3CVSS6.6AI score0.00166EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•7 views

SUSE CVE-2025-68793

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job-pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue. The gpu recovery function calls drmschedstop and later...

6.3AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•6 views

SUSE CVE-2025-68794

In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomapadjustreadrange assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in the syzbot generated case...

6.3CVSS6.4AI score0.00168EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•4 views

SUSE CVE-2025-68795

In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOLGSSETINFO for the size, ETHTOOLGSTRINGS for the names, and ETHTOOLGSTATS for the values. If the number of...

5.8CVSS7AI score0.00191EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•5 views

SUSE CVE-2025-68796

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs loop0: updateextenttreerange: extent len is zero, type: 0, extent 0, 0, 0, age 0, 0 ------------ cut here ------------ kernel BUG at...

6.4AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•4 views

SUSE CVE-2025-68797

In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in acioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In acioctl, the validation of IndexCard and the check for a valid RamIO pointer are skipped when cmd is 6...

5.5CVSS6.2AI score0.00173EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•7 views

SUSE CVE-2025-68798

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...

4.7CVSS6.4AI score0.00168EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•5 views

SUSE CVE-2025-68799

In the Linux kernel, the following vulnerability has been resolved: caif: fix integer underflow in cffrmlreceive The cffrmlreceive function extracts a length field from the packet header and, when FCS is disabled, subtracts 2 from this length without validating that len = 2. If an attacker sends ...

6.5CVSS6.3AI score0.00173EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•5 views

SUSE CVE-2025-68800

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

6.4CVSS6.5AI score0.00173EPSS
Exploits0References24
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•6 views

SUSE CVE-2025-68801

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumrouter: Fix neighbour use-after-free We sometimes observe use-after-free when dereferencing a neighbour 1. The problem seems to be that the driver stores a pointer to the neighbour, but without holding a reference ...

6.7CVSS6.4AI score0.00173EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/15 12:26 a.m.•4 views

SUSE CVE-2025-68802

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit numsyncs to prevent oversized allocations The exec and vmbind ioctl allow userspace to specify an arbitrary numsyncs value. Without bounds checking, a very large numsyncs can force an excessively large allocation,...

3.3CVSS6.4AI score0.00166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•3 views

SUSE CVE-2025-68804

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread crosecconsolelogwork is still accessing the device, resulting an UAF and crash. The driver doesn't unregister the EC device ...

7CVSS6.5AI score0.00173EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•8 views

SUSE CVE-2025-68805

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...

6.6AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•5 views

SUSE CVE-2025-68806

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2setea function, which handles Extended Attributes EA, was performing buffer validation checks that incorrectly omitted the size of the null...

6.7AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•5 views

SUSE CVE-2025-68807

In the Linux kernel, the following vulnerability has been resolved: block: fix race between wbtenabledefault and IO submission When wbtenabledefault is moved out of queue freezing in elevatorchange, it can cause the wbt inflight counter to become negative -1, leading to hung tasks in the writebac...

6.5AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•4 views

SUSE CVE-2025-68808

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtvchannelsiinit creates a temporary list program, service, event and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through...

5.5CVSS6.2AI score0.00173EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•6 views

SUSE CVE-2025-68809

In the Linux kernel, the following vulnerability has been resolved: ksmbd: vfs: fix race on mflags in vfscache ksmbd maintains delete-on-close and pending-delete state in ksmbdinode-mflags. In vfscache.c this field is accessed under inconsistent locking: some paths read and modify mflags under...

6.4AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•7 views

SUSE CVE-2025-68810

In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVMMEMGUESTMEMFD on an existing memslot Reject attempts to disable KVMMEMGUESTMEMFD on a memslot that was initially created with a guestmemfd binding, as KVM doesn't support toggling KVMMEMGUESTMEMFD on...

5.5CVSS6.4AI score0.00166EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•6 views

SUSE CVE-2025-68811

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•4 views

SUSE CVE-2025-68812

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score0.00027EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•4 views

SUSE CVE-2025-68813

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

7.5CVSS6.6AI score0.00173EPSS
Exploits0References162
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•4 views

SUSE CVE-2025-68814

In the Linux kernel, the following vulnerability has been resolved: iouring: fix filename leak in ioopenatprep ioopenatprep allocates a struct filename using getname. However, for the condition of the file being installed in the fixed file table as well as having OCLOEXEC flag set, the function...

5.5CVSS6.5AI score0.00173EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•4 views

SUSE CVE-2025-68815

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets code isn't checking whether that class was in t...

5.5CVSS6.7AI score0.00173EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•5 views

SUSE CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

5.5CVSS6.7AI score0.00173EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2026/01/15 12:25 a.m.•4 views

SUSE CVE-2025-68822

In the Linux kernel, the following vulnerability has been resolved: Input: alps - fix use-after-free bugs caused by dev3registerwork The dev3registerwork delayed work item is initialized within alpsreconnect and scheduled upon receipt of the first bare PS/2 packet from an external PS/2 device...

5.5CVSS6.4AI score0.00166EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/01/15 12:24 a.m.•4 views

SUSE CVE-2026-0899

Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00382EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:24 a.m.•2 views

SUSE CVE-2026-0900

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:24 a.m.•4 views

SUSE CVE-2026-0901

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:24 a.m.•2 views

SUSE CVE-2026-0902

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.4AI score0.00258EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:24 a.m.•5 views

SUSE CVE-2026-0903

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. Chromium security severity: Medium...

5.4CVSS5.5AI score0.00178EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:24 a.m.•3 views

SUSE CVE-2026-0904

Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.4AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:24 a.m.•2 views

SUSE CVE-2026-0905

Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. Chromium security severity: Medium...

9.8CVSS5.3AI score0.00221EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:23 a.m.•3 views

SUSE CVE-2026-0906

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

9.8CVSS5.5AI score0.00315EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:23 a.m.•4 views

SUSE CVE-2026-0907

Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

9.8CVSS5.4AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:23 a.m.•4 views

SUSE CVE-2026-0908

Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.5AI score0.00314EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/01/15 12:23 a.m.•6 views

SUSE CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

6.1CVSS7AI score0.00237EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2026/01/14 12:34 a.m.•4 views

SUSE CVE-2022-1650

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2...

8.1CVSS7.2AI score0.01799EPSS
Exploits1References2
SUSE CVE
SUSE CVE
•added 2026/01/14 12:34 a.m.•12 views

SUSE CVE-2022-21592

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromi...

4.3CVSS4.8AI score0.00653EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/14 12:34 a.m.•3 views

SUSE CVE-2022-21600

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

7.2CVSS6.3AI score0.01161EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/14 12:34 a.m.•3 views

SUSE CVE-2022-21605

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS5.6AI score0.01024EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/14 12:34 a.m.•2 views

SUSE CVE-2022-21607

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS5.6AI score0.01024EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/14 12:34 a.m.•4 views

SUSE CVE-2022-21635

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

6.5CVSS6.1AI score0.01027EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/01/14 12:34 a.m.•4 views

SUSE CVE-2022-21638

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS4.9AI score0.00962EPSS
Exploits0References2
Total number of security vulnerabilities59854