Lucene search
K
SusecveRecent

59189 matches found

SUSE CVE
SUSE CVE
•added 2026/06/17 2:20 a.m.•7 views

SUSE CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.3AI score0.00435EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:19 a.m.•6 views

SUSE CVE-2026-32737

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

10CVSS6.1AI score0.00386EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:19 a.m.•5 views

SUSE CVE-2026-32805

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

8.3CVSS6.1AI score0.00434EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:18 a.m.•5 views

SUSE CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

9.8CVSS5.4AI score0.00429EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/17 2:17 a.m.•6 views

SUSE CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:17 a.m.•6 views

SUSE CVE-2026-45309

unknown...

5.9CVSS5.2AI score0.00221EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:17 a.m.•7 views

SUSE CVE-2026-45695

unknown...

5.2AI score0.00109EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•14 views

SUSE CVE-2026-46331

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS5.5AI score0.00259EPSS
Exploits9References7
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•8 views

SUSE CVE-2026-46680

unknown...

7CVSS5.1AI score0.00226EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•5 views

SUSE CVE-2026-46715

unknown...

5.2AI score0.00035EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•6 views

SUSE CVE-2026-47180

unknown...

5.2AI score0.0002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•6 views

SUSE CVE-2026-47183

unknown...

6.5CVSS5.2AI score0.0002EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•6 views

SUSE CVE-2026-47184

unknown...

6.5CVSS5.2AI score0.00023EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•6 views

SUSE CVE-2026-47240

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS6AI score0.00491EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•7 views

SUSE CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/17 2:16 a.m.•5 views

SUSE CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS6AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:30 a.m.•10 views

SUSE CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:24 a.m.•6 views

SUSE CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS5.5AI score0.00139EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:23 a.m.•12 views

SUSE CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:23 a.m.•9 views

SUSE CVE-2026-9641

Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used for legacy systems. These versions default to using 1000 iterations. Depending on the chosen algorithm, 220,000 to 1,400,000...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:23 a.m.•9 views

SUSE CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS5.5AI score0.00618EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:23 a.m.•9 views

SUSE CVE-2026-11774

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS5.9AI score0.00539EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•10 views

SUSE CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•9 views

SUSE CVE-2026-41579

unknown...

5.2AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•10 views

SUSE CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:21 a.m.•6 views

SUSE CVE-2026-42851

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal - a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. - can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-44705

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

8.7CVSS5.3AI score0.00354EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-44893

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00578EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-45416

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...

7.5CVSS5.5AI score0.00461EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•9 views

SUSE CVE-2026-45536

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 - 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

4CVSS5.3AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•11 views

SUSE CVE-2026-45674

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-46340

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•9 views

SUSE CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.3CVSS5.8AI score0.00135EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•9 views

SUSE CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•9 views

SUSE CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

8.7CVSS5.3AI score0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-47729

unknown...

5.2AI score
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•8 views

SUSE CVE-2026-47766

unknown...

6.3CVSS5.2AI score0.00024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/16 2:20 a.m.•10 views

SUSE CVE-2026-48006

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate...

7.5CVSS5.3AI score0.00489EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•9 views

SUSE CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

7.5CVSS5.3AI score0.00578EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•9 views

SUSE CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

7.5CVSS5.5AI score0.0059EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•7 views

SUSE CVE-2026-48487

unknown...

5.3AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•10 views

SUSE CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

8.2CVSS5.3AI score0.00496EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•11 views

SUSE CVE-2026-50010

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...

7.5CVSS5.3AI score0.00269EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•9 views

SUSE CVE-2026-50011

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the RESP array element count declared in an array header. That count is taken fro...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•7 views

SUSE CVE-2026-50012

unknown...

5.2AI score
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•6 views

SUSE CVE-2026-50560

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack similar to HTTP/2 Rapid Reset. There is a setting in the http2 specification called...

5.3CVSS5.3AI score0.00302EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•5 views

SUSE CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/16 2:19 a.m.•5 views

SUSE CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

8.2CVSS5.5AI score0.00303EPSS
Exploits0References3
Total number of security vulnerabilities59189