Lucene search
K
SusecveRecent

59855 matches found

SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•9 views

SUSE CVE-2017-18871

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service application crash via an @ character before a JavaScript field name...

7.5CVSS6.8AI score0.01114EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•8 views

SUSE CVE-2017-18875

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...

4.9CVSS6.9AI score0.00723EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•12 views

SUSE CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

4.9CVSS6.8AI score0.00862EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•9 views

SUSE CVE-2017-18877

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•8 views

SUSE CVE-2017-18879

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the authorlink field of a Slack attachment...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•5 views

SUSE CVE-2017-18883

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data...

9.1CVSS7AI score0.01125EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•4 views

SUSE CVE-2017-18884

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens...

8.1CVSS7.3AI score0.00806EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 2:19 a.m.•9 views

SUSE CVE-2017-18902

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

5.3CVSS7AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/12/17 1:37 a.m.•2 views

SUSE CVE-2022-25836

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing...

7.5CVSS7.6AI score0.00353EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 1:37 a.m.•2 views

SUSE CVE-2022-25837

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM...

7.5CVSS7.7AI score0.00353EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:32 a.m.•3 views

SUSE CVE-2025-40217

In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls Validate extensible ioctls stricter than we do now...

6.6AI score0.0015EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•6 views

SUSE CVE-2025-40346

In the Linux kernel, the following vulnerability has been resolved: archtopology: Fix incorrect error check in topologyparsecpucapacity Fix incorrect use of PTRERRORZERO in topologyparsecpucapacity which causes the code to proceed with NULL clock pointers. The current logic uses !PTRERRORZEROcpuc...

5.5CVSS6.7AI score0.00173EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•5 views

SUSE CVE-2025-40347

In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetcmdiolock After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the read lock enetcmdiolock...

5.5CVSS6.3AI score0.00168EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•4 views

SUSE CVE-2025-40348

In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab-objexts in allocslabobjexts If two competing threads enter allocslabobjexts and one of them fails to allocate the object extension vector, it might override the valid slab-objexts allocated by the other...

6.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•2 views

SUSE CVE-2025-40349

In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplusbmapalloc hfsplusbmapalloc can trigger a crash if a record offset or length is larger than nodesize 15.264282 BUG: KASAN: slab-out-of-bounds in hfsplusbmapalloc+0x887/0x8b0 15.265192 Read of...

5.5CVSS6.7AI score0.00177EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•7 views

SUSE CVE-2025-40350

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...

5.5CVSS6.4AI score0.00168EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•4 views

SUSE CVE-2025-40351

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported issue in hfsplusdeletecat: 70.682285 T9333 ===================================================== 70.682943 T9333 BUG: KMSAN: uninit-value in...

5.5CVSS6.3AI score0.00177EPSS
Exploits0References18
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•2 views

SUSE CVE-2025-40352

In the Linux kernel, the following vulnerability has been resolved: platform/mellanox: mlxbf-pmc: add sysfsattrinit to countclock init The lock-related debug logic CONFIGLOCKSTAT in the kernel is noting the following warning when the BlueField-3 SOC is booted: BUG: key ffff00008a3402a8 has not be...

6.4AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•3 views

SUSE CVE-2025-40353

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not MTE-tagged PGmtetagged unset and warns accordingly. However, following comm...

3.3CVSS6.4AI score0.00166EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•4 views

SUSE CVE-2025-40354

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link-enc NULL pointer access why 1. dc-linksMAXLINKS array size smaller than actual requested. maxconnector + maxdpia + 4 virtual = 14. increase from 12 to 14. 2. hwinit access nul...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•5 views

SUSE CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

5.5CVSS6.5AI score0.00155EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•4 views

SUSE CVE-2025-40356

In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix DMA-API usage Use DMA-API dmamapsingle call for getting the DMA address of the transfer buffer instead of hacking with virttophys. This fixes the following DMA-API debug warning: ------------ cut here...

6.7AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•4 views

SUSE CVE-2025-40357

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix general protection fault in smcdiagdump The syzbot report a crash: Oops: general protection fault, probably for non-canonical address 0xfbd5a5d5a0000003: 0000 1 SMP KASAN NOPTI KASAN: maybe wild-memory-access in rang...

6.1CVSS6.4AI score0.00166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•6 views

SUSE CVE-2025-40358

In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walkstackframe+0x41c/0x460" There is a same issue on x86 and has bee...

6.4AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•6 views

SUSE CVE-2025-40359

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix KASAN global-out-of-bounds warning When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. ================================================================== BUG:...

2.5CVSS6.8AI score0.00166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•3 views

SUSE CVE-2025-40360

In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference NULL pointer in plane reset The plane state in drmgemresetshadowplane can be NULL. Do not deref that pointer, but forward NULL to the other plane-reset helpers. Clears plane-state to NULL. v2: - fix...

5.5CVSS6.5AI score0.00173EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•5 views

SUSE CVE-2025-40361

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.1AI score0.00032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•5 views

SUSE CVE-2025-40362

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph...

7CVSS6.6AI score0.00199EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/17 12:30 a.m.•9 views

SUSE CVE-2025-40363

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6output and ah6outputdone where extension headers are copied to/from IPv6 address fields, triggering fortify-string warnings about...

2.5CVSS6.8AI score0.00177EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•6 views

SUSE CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS7.3AI score0.00292EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•5 views

SUSE CVE-2025-68167

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•6 views

SUSE CVE-2025-68168

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit was not properly initializing TxBlock0.waitor waitqueue, causing a crash when txEnd0 is called on read-only filesystems. Whe...

5.5CVSS6.4AI score0.00177EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•6 views

SUSE CVE-2025-68169

In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix deadlock in memory allocation under spinlock Fix a AA deadlock in refillskbs where memory allocation while holding skbpool-lock can trigger a recursive lock acquisition attempt. The deadlock scenario occurs when the...

6.5AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•4 views

SUSE CVE-2025-68170

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not kfree devres managed rdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc rdev is managed by devres and we shouldn't be calling kfree on it. This fixes things exploding if the...

5.5CVSS6.5AI score0.00166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•5 views

SUSE CVE-2025-68171

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure XFD state on signal delivery Sean reported 1 the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfdvalidatestate+0x65/0x70 Call Trace: fpuclearuserstates+0x9c/0x100...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•5 views

SUSE CVE-2025-68172

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

5.5CVSS6.6AI score0.00168EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•5 views

SUSE CVE-2025-68173

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftracemoduleenable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsymslookup can spend too much time in RCU critical section and...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•5 views

SUSE CVE-2025-68174

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...

5.5CVSS6.4AI score0.00155EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•3 views

SUSE CVE-2025-68175

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix streaming cleanup on release The current implementation unconditionally calls mxcisivideocleanupstreaming in mxcisivideorelease. This can lead to situations where any release call like from a simple...

6.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•4 views

SUSE CVE-2025-68176

In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdnspcie::ops before using it cdnspcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doesn't set the ops...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•4 views

SUSE CVE-2025-68177

In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handle NULL policy in longhaulexit longhaulexit was calling cpufreqcpuget0 without checking for a NULL policy pointer. On some systems, this could lead to a NULL dereference and a kernel warning or panic. This...

6.3AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•3 views

SUSE CVE-2025-68178

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 1665 Not tainted...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•4 views

SUSE CVE-2025-68179

In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCHWANTOPTIMIZEHUGETLBVMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashes. The problem is that kernel page tables are modified without flushing corresponding TLB entries. Even ...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•3 views

SUSE CVE-2025-68180

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref in debugfs odmcombinesegments When a connector is connected but inactive e.g., disabled by desktop environments, pipectx-streamres.tg will be destroyed. Then, reading odmcombinesegments causes kern...

5.5CVSS6.3AI score0.00166EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•3 views

SUSE CVE-2025-68181

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drmputdev Since the allocation of the drivers main structure was changed to devmdrmdevalloc drmputdev'ing to trigger it to be free'd should be done by devres. However, drmputdev is still in the probe...

5.5CVSS6.4AI score0.00166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•2 views

SUSE CVE-2025-68182

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix potential use after free in iwlmldremovelink This code frees "link" by calling kfreerculink, rcuhead and then it dereferences "link" to get the "link-fwid". Save the "link-fwid" first to avoid a potential use...

6.8AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•5 views

SUSE CVE-2025-68183

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

6.1CVSS6.4AI score0.00168EPSS
Exploits0References28
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•3 views

SUSE CVE-2025-68184

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 "drm/mediatek: Add AFBC support to Mediatek DRM driver" added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modifier. However, this is...

5.5CVSS6.5AI score0.00168EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/17 12:26 a.m.•4 views

SUSE CVE-2025-68185

In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy...

5.5CVSS6.5AI score0.00177EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2025/12/17 12:25 a.m.•4 views

SUSE CVE-2025-68186

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...

5.5CVSS6.4AI score0.00166EPSS
Exploits0References7
Total number of security vulnerabilities59855