58583 matches found
SUSE CVE-2025-10999
A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been made public an...
SUSE CVE-2025-11000
A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the file /src/formats/PQSformat.cpp. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been publicly disclosed and may be...
SUSE CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in...
SUSE CVE-2025-53881
A UNIX Symbolic Link Symlink Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1...
SUSE CVE-2025-54468
A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...
SUSE CVE-2025-59341
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a Local File Inclusion LFI issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host filesystem or other...
SUSE CVE-2025-59342
esm.sh is a nobuild content delivery networkCDN for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value is used to build a...
SUSE CVE-2025-59345
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create...
SUSE CVE-2025-59346
Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery SSRF vulnerability that enables users to force DragonFly2's components to make requests to internal services that are otherwise not accessible to...
SUSE CVE-2025-59347
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...
SUSE CVE-2025-59348
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method does not update the structure's usedTraffic field, because an uninitialized variable n is used as a guard to the AddTraffic method call, instead of the...
SUSE CVE-2025-59349
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path...
SUSE CVE-2025-59350
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...
SUSE CVE-2025-59351
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0...
SUSE CVE-2025-59352
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...
SUSE CVE-2025-59354
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...
SUSE CVE-2025-59410
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...
SUSE CVE-2025-59830
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...
SUSE CVE-2025-60018
glib-networking's OpenSSL backend fails to properly check the return value of a call to BIOwrite, resulting in an out of bounds read...
SUSE CVE-2025-60019
glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory location...
SUSE CVE-2023-53165
In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are between 2 and 5 characters long, UDF charset conversion code would read uninitialized memory in the output buffer. The only practical...
SUSE CVE-2024-58260
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts...
SUSE CVE-2024-58267
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher's authentication tokens...
SUSE CVE-2025-8869
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
SUSE CVE-2025-9079
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
SUSE CVE-2025-9081
Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...
SUSE CVE-2025-10630
Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...
SUSE CVE-2025-10920
GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...
SUSE CVE-2025-10921
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
SUSE CVE-2025-10922
GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
SUSE CVE-2025-10923
GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
SUSE CVE-2025-10924
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
SUSE CVE-2025-10925
GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...
SUSE CVE-2025-59343
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...
SUSE CVE-2025-59688
unknown...
SUSE CVE-2023-53215
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in settaskcpu like below: ------------ cut here ------------...
SUSE CVE-2023-53275
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in sndhdacregmapsync The variable codec-regmap is often protected by the lock codec-regmaplock when is accessed. However, it is accessed without holding the lock...
SUSE CVE-2023-53390
In the Linux kernel, the following vulnerability has been resolved: drivers: base: dd: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove...
SUSE CVE-2023-53405
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: grudc: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove...
SUSE CVE-2024-58241
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Disable works on hciunregisterdev This make use of disablework on hciunregisterdev since the hcidev is about to be freed new submissions are not disarable...
SUSE CVE-2025-6921
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...
SUSE CVE-2025-10890
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2025-10891
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2025-10892
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2025-39801
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...
SUSE CVE-2025-39875
In the Linux kernel, the following vulnerability has been resolved: igb: Fix NULL pointer dereference in ethtool loopback test The igb driver currently causes a NULL pointer dereference when executing the ethtool loopback test. This occurs because there is no associated qvector for the test ring...
SUSE CVE-2025-39882
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The foreachchildofnode helper drops the reference it takes to each node as it iterates over children and an explicit ofnodeput is only needed when exiting the loop early. Drop th...
SUSE CVE-2025-39884
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix subvolume deletion lockup caused by inodes xarray race There is a race condition between inode eviction and inode caching that can cause a live struct btrfsinode to be missing from the root-inodes xarray. Specifically,...
SUSE CVE-2025-39888
In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fusedevdowrite. When the number of bytes to be retrieved is truncated to the upper limit by fc-maxpages and there is an offset, the oob is triggered...
SUSE CVE-2025-39889
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder - Invalid Encryption Key Size - 128 bit This tests the security...