Lucene search
K
SusecveRecent

59855 matches found

SUSE CVE
SUSE CVE
•added 2025/12/12 12:24 a.m.•6 views

SUSE CVE-2025-66491

Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intending to enable backend TLS certificate verification actually disables...

5.9CVSS6.8AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/12 12:24 a.m.•7 views

SUSE CVE-2025-66628

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...

7.5CVSS7.4AI score0.00456EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/11 12:47 a.m.•10 views

SUSE CVE-2025-7709

An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds...

5.4CVSS6.8AI score0.00322EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•9 views

SUSE CVE-2025-14087

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

7.1CVSS7.4AI score0.00767EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•4 views

SUSE CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS6.9AI score0.00179EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•3 views

SUSE CVE-2025-14321

Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8.8CVSS7.2AI score0.00517EPSS
Exploits1References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•4 views

SUSE CVE-2025-14322

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8.8CVSS7.2AI score0.00287EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•4 views

SUSE CVE-2025-14323

Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8.8CVSS7.2AI score0.00351EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•5 views

SUSE CVE-2025-14324

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8.8CVSS7.2AI score0.0049EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•5 views

SUSE CVE-2025-14325

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8.8CVSS7.1AI score0.00297EPSS
Exploits1References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•11 views

SUSE CVE-2025-14326

Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

6.5CVSS7.3AI score0.00401EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•4 views

SUSE CVE-2025-14327

Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7...

6.1CVSS7.1AI score0.00352EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•5 views

SUSE CVE-2025-14328

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

6.3CVSS7.2AI score0.0034EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•7 views

SUSE CVE-2025-14329

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

6.3CVSS7.2AI score0.0034EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•5 views

SUSE CVE-2025-14330

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

6.1CVSS7.2AI score0.00439EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•6 views

SUSE CVE-2025-14331

Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

5.4CVSS6.6AI score0.00162EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•11 views

SUSE CVE-2025-14332

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146...

8.8CVSS7.2AI score0.0027EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/11 12:46 a.m.•4 views

SUSE CVE-2025-14333

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.8CVSS7.4AI score0.00383EPSS
Exploits0References15
SUSE CVE
SUSE CVE
•added 2025/12/11 12:23 a.m.•4 views

SUSE CVE-2025-62408

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

5.9CVSS6.9AI score0.00396EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/12/11 12:23 a.m.•3 views

SUSE CVE-2025-66002

An Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper...

6.9CVSS6.6AI score0.00144EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/11 12:23 a.m.•3 views

SUSE CVE-2025-66003

An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5...

7.3CVSS6.3AI score0.00111EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/11 12:23 a.m.•4 views

SUSE CVE-2025-66570

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

10CVSS7.1AI score0.00307EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2025/12/11 12:23 a.m.•3 views

SUSE CVE-2025-66577

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

5.3CVSS6.8AI score0.0024EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•13 views

SUSE CVE-2022-50631

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 size 9588: comm "kexec", pid 146, jiffies 4294900634 age 64.788s hex dump first 32 bytes: d0 0d fe ed 00 0...

6.6AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•14 views

SUSE CVE-2022-50632

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...

5.5CVSS6.5AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•4 views

SUSE CVE-2022-50633

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix memory leak in dwc3qcominterconnectinit oficcget alloc resources for path handle, we should release it when not need anymore. Like the release in dwc3qcominterconnectexit function. Add iccput in error handlin...

5.5CVSS6.5AI score0.00174EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•10 views

SUSE CVE-2022-50634

In the Linux kernel, the following vulnerability has been resolved: power: supply: cw2015: Fix potential null-ptr-deref in cwbatprobe cwbatprobe calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: cwbatprobe...

6.5AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•5 views

SUSE CVE-2022-50635

In the Linux kernel, the following vulnerability has been resolved: powerpc/kprobes: Fix null pointer reference in archpreparekprobe I found a null pointer reference in archpreparekprobe: echo 'p cmdlineprocshow' kprobeevents echo 'p cmdlineprocshow+16' kprobeevents Kernel attempted to read user...

5.5CVSS6.3AI score0.00178EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•4 views

SUSE CVE-2022-50636

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcideviceispresent for VFs by checking PF pcideviceispresent previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead...

5.5CVSS6.5AI score0.00184EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•12 views

SUSE CVE-2022-50637

In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom-hw: Fix memory leak in qcomcpufreqhwreadlut If "cpudev" fails to get opp table in qcomcpufreqhwreadlut, the program will return, resulting in "table" resource is not released...

5.5CVSS6.5AI score0.00174EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•5 views

SUSE CVE-2022-50638

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad boot loader inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extentsstatus.c:203! invalid opcode: 0000 1 PREEMP...

6.3CVSS6.5AI score0.00213EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•16 views

SUSE CVE-2022-50639

In the Linux kernel, the following vulnerability has been resolved: io-wq: Fix memory leak in worker creation If the CPU mask allocation for a node fails, then the memory allocated for the 'iowqe' struct of the current node doesn't get freed on the error handling path, since it has not yet been...

5.5CVSS6.4AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•3 views

SUSE CVE-2022-50640

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the...

5.5CVSS6.7AI score0.00184EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•3 views

SUSE CVE-2022-50641

In the Linux kernel, the following vulnerability has been resolved: HSI: omapssi: Fix refcount leak in ssiprobe When returning or breaking early from a foreachavailablechildofnode loop, we need to explicitly call ofnodeput on the child node to possibly release the node...

3.3CVSS6.6AI score0.00207EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•9 views

SUSE CVE-2022-50642

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: zero out stale pointers crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in...

7.8CVSS6.7AI score0.00174EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•13 views

SUSE CVE-2022-50643

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscopyfilerange If the file is used by swap, before return -EOPNOTSUPP, should free the xid, otherwise, the xid will be leaked...

3.3CVSS6.5AI score0.00174EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•9 views

SUSE CVE-2022-50644

In the Linux kernel, the following vulnerability has been resolved: clk: ti: dra7-atl: Fix reference leak in ofdra7atlclkprobe pmruntimegetsync will increment pm usage counter. Forgetting to putting operation will result in reference leak. Add missing pmruntimeputsync in some error paths...

3.3CVSS6.4AI score0.00207EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•12 views

SUSE CVE-2022-50645

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: fix refcount leak in pcigetdevwrapper As the comment of pcigetdomainbusandslot says, it returns a PCI device with refcount incremented, so it doesn't need to call an extra pcidevget in pcigetdevwrapper, and the PCI...

3.3CVSS6.5AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•6 views

SUSE CVE-2022-50646

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the hpsainitone jumps to clean1 directly, which frees h and leaks the...

3.3CVSS6.5AI score0.00179EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/12/10 12:39 a.m.•19 views

SUSE CVE-2022-50647

In the Linux kernel, the following vulnerability has been resolved: RISC-V: Make port I/O string accessors actually work Fix port I/O string accessors such as insb', outsb', etc. which use the physical PCI port I/O address rather than the corresponding memory mapping to get at the requested...

6.3AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•20 views

SUSE CVE-2022-50648

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...

6.3AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•6 views

SUSE CVE-2022-50649

In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is masked with 0x07, which means a length of 8, but adp5061chgtype array size is 4, may end up reading 4 elements beyond the end of th...

5.5CVSS6.5AI score0.00183EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•11 views

SUSE CVE-2022-50650

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once, i.e. it explores execution state as if the function was being called...

6CVSS6.5AI score0.00188EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•5 views

SUSE CVE-2022-50651

In the Linux kernel, the following vulnerability has been resolved: ethtool: eeprom: fix null-deref on genlinfo in dump The similar fix as commit 46cdedf2a0fa "ethtool: pse-pd: fix null-deref on genlinfo in dump" is also needed for ethtool eeprom...

6.5AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•5 views

SUSE CVE-2022-50652

In the Linux kernel, the following vulnerability has been resolved: uio: uiodmemgenirq: Fix missing unlock in irq configuration Commit b74351287d4b "uio: fix a sleep-in-atomic-context bug in uiodmemgenirqirqcontrol" started calling disableirq without holding the spinlock because it can sleep...

5.5CVSS6.3AI score0.00203EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•16 views

SUSE CVE-2022-50653

In the Linux kernel, the following vulnerability has been resolved: mmc: atmel-mci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...

5.5CVSS6.5AI score0.00179EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•11 views

SUSE CVE-2022-50654

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix panic due to wrong pageattr of im-image In the scenario where livepatch and kretfunc coexist, the pageattr of im-image is rox after archpreparebpftrampoline in bpftrampolineupdate, and then modifyfentry or registerfentry...

6.5AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•9 views

SUSE CVE-2022-50655

In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e, &0x7f00000000c0...

6.5AI score0.00183EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•13 views

SUSE CVE-2022-50656

In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Clear nfctarget before being used Fix a slab-out-of-bounds read that occurs in nlaput called from nfcgenlsendtarget when target-sensbreslen, which is duplicated from an nfctarget in pn533, is too large as the nfctarge...

6.1CVSS6.5AI score0.00203EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/12/10 12:38 a.m.•13 views

SUSE CVE-2022-50657

In the Linux kernel, the following vulnerability has been resolved: riscv: mm: add missing memcpy in kasaninit Hi Atish, It seems that the panic is due to the missing memcpy during kasaninit. Could you please check whether this patch is helpful? When doing kasanpopulate, the new allocated...

6.5AI score0.00197EPSS
Exploits0References3
Total number of security vulnerabilities59855