59855 matches found
SUSE CVE-2025-40255
In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generichwtstampioctllower The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfigpreparedata - devgethwtstampphylib - vlanhwtstampget -...
SUSE CVE-2025-40256
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...
SUSE CVE-2025-40257
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcppmdeladdtimer mptcppmdeladdtimer can call skstoptimersyncsk, &entry-addtimer while another might have free entry already, as reported by syzbot. Add RCU protection to fix this issue. Also change confusin...
SUSE CVE-2025-40258
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...
SUSE CVE-2025-40259
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function may sleep. Hence, call sgfinishremreq with interrupts enabled instead of disabled...
SUSE CVE-2025-40260
In the Linux kernel, the following vulnerability has been resolved: schedext: Fix scxenable crash on helper kthread creation failure A crash was observed when the schedext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP c00000000028fa58 scxenable.constprop.0+0x358/0x12b...
SUSE CVE-2025-40261
In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...
SUSE CVE-2025-40262
In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imxsckeyaction function is called...
SUSE CVE-2025-40263
In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to buttonsswitchesonly in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in croseckeybprocess when...
SUSE CVE-2025-40264
In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrbparams in case of OS2BMC beinsertvlaninpkt is called with the wrbparams argument being NULL at besendpkttobmc call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific...
SUSE CVE-2025-40265
In the Linux kernel, the following vulnerability has been resolved: vfat: fix missing sbminblocksize return value checks When emulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, but without format, a kernel panic was triggered during the early boot stag...
SUSE CVE-2025-40266
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value U32MAX - sizeofstruct ffacompositememregion + 1, U32MAX is...
SUSE CVE-2025-61727
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...
SUSE CVE-2025-61729
Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...
SUSE CVE-2025-64460
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
SUSE CVE-2025-65955
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick's Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls...
SUSE CVE-2025-66293
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...
SUSE CVE-2025-66399
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...
SUSE CVE-2025-12106
Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...
SUSE CVE-2025-13281
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane's host network including link-local ...
SUSE CVE-2025-13630
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2025-13631
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. Chromium security severity: High...
SUSE CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...
SUSE CVE-2025-13633
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2025-13634
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2025-13635
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2025-13636
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. Chromium security severity: Low...
SUSE CVE-2025-13637
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2025-13638
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2025-13639
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2025-13640
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. Chromium security severity: Low...
SUSE CVE-2025-13720
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2025-13721
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2025-13836
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS...
SUSE CVE-2025-13837
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...
SUSE CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
SUSE CVE-2025-34297
KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kissfftalloc in kissfft.c on platforms where sizet is 32-bit. The nfft parameter is not validated before being used in a size calculation sizeofkissfftcpx nfft - 1, which can wrap to a small value when nfft is large...
SUSE CVE-2025-49642
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory...
SUSE CVE-2025-49643
An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...
SUSE CVE-2025-65404
A buffer overflow in the getSideInfo2 function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via a crafted MP3 stream...
SUSE CVE-2025-65405
A use-after-free in the ADTSAudioFileSource::samplingFrequency function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted ADTS/AAC file...
SUSE CVE-2025-65406
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MKV file...
SUSE CVE-2025-65407
A use-after-free in the MPEG1or2Demux::newElementaryStream function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG Program stream...
SUSE CVE-2025-65408
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted ADTS file...
SUSE CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...
SUSE CVE-2025-66221
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...
SUSE CVE-2025-13699
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors m...
SUSE CVE-2025-61915
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config a...
SUSE CVE-2025-64756
Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...
SUSE CVE-2025-66382
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time...