Lucene search
K
SusecveRecent

59855 matches found

SUSE CVE
SUSE CVE
•added 2025/11/28 12:35 a.m.•6 views

SUSE CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

6.5CVSS6.7AI score0.00399EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:27 a.m.•5 views

SUSE CVE-2025-13601

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS7.3AI score0.00306EPSS
Exploits1References18
SUSE CVE
SUSE CVE
•added 2025/11/28 12:23 a.m.•34 views

SUSE CVE-2025-45311

Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is...

8.8CVSS7AI score0.00323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•7 views

SUSE CVE-2025-64330

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires t...

7.5CVSS7AI score0.0032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•8 views

SUSE CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS7AI score0.00278EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•6 views

SUSE CVE-2025-64332

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is enabled. This issue has been patched in version...

7.5CVSS7AI score0.0032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•7 views

SUSE CVE-2025-64333

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata. This issue has been patched in versions...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•14 views

SUSE CVE-2025-64334

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. This issue has been patched in version 8.0.2....

7.5CVSS6.8AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•7 views

SUSE CVE-2025-64335

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...

7.5CVSS6.8AI score0.00359EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•25 views

SUSE CVE-2025-64344

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected wh...

7.5CVSS7AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/28 12:22 a.m.•4 views

SUSE CVE-2025-66040

Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...

3.6CVSS6.4AI score0.00138EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/27 12:42 a.m.•6 views

SUSE CVE-2025-13674

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service...

5.5CVSS6.6AI score0.00096EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/11/27 12:23 a.m.•4 views

SUSE CVE-2025-62348

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

7.8CVSS6.3AI score0.00179EPSS
Exploits0References43
SUSE CVE
SUSE CVE
•added 2025/11/27 12:23 a.m.•4 views

SUSE CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

6.2CVSS5.9AI score0.00407EPSS
Exploits0References43
SUSE CVE
SUSE CVE
•added 2025/11/27 12:23 a.m.•2 views

SUSE CVE-2025-63938

Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the stripreturnport function within src/reqs.c...

6.5CVSS7AI score0.00229EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/27 12:23 a.m.•7 views

SUSE CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

4.8CVSS6.6AI score0.00313EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/26 1:7 a.m.•5 views

SUSE CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to a...

6.5CVSS6.9AI score0.00961EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/26 12:42 a.m.•3 views

SUSE CVE-2025-13502

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

7.5CVSS6.5AI score0.00505EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2025/11/26 12:24 a.m.•4 views

SUSE CVE-2025-59088

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS6.7AI score0.00447EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/11/26 12:24 a.m.•4 views

SUSE CVE-2025-59089

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

5.9CVSS7.1AI score0.00511EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/11/26 12:23 a.m.•7 views

SUSE CVE-2025-64761

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

6.5CVSS6.8AI score0.00315EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:50 a.m.•7 views

SUSE CVE-2023-43000

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS7.5AI score0.03955EPSS
Exploits1References8
SUSE CVE
SUSE CVE
•added 2025/11/25 12:40 a.m.•8 views

SUSE CVE-2025-13609

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

9CVSS7.2AI score0.0038EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/25 12:40 a.m.•3 views

SUSE CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

6.3CVSS6.4AI score0.00276EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•12 views

SUSE CVE-2025-40212

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsdsetfhdentry nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the MOUNT protocol ...

7CVSS6.5AI score0.00161EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•8 views

SUSE CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

6.1CVSS6.5AI score0.00161EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•4 views

SUSE CVE-2025-43392

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin...

6.5CVSS6.5AI score0.0046EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•6 views

SUSE CVE-2025-43419

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS7.3AI score0.00371EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•7 views

SUSE CVE-2025-43421

Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS6.5AI score0.0059EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•4 views

SUSE CVE-2025-43425

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS6.5AI score0.0065EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•5 views

SUSE CVE-2025-43427

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS6.5AI score0.00505EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•4 views

SUSE CVE-2025-43429

A buffer overflow was addressed with improved bounds checking. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS7AI score0.01378EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•9 views

SUSE CVE-2025-43430

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.7AI score0.01EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•6 views

SUSE CVE-2025-43431

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...

7.1CVSS6.9AI score0.00786EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•3 views

SUSE CVE-2025-43432

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.5AI score0.00775EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•6 views

SUSE CVE-2025-43434

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash...

4.3CVSS6.7AI score0.01181EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•6 views

SUSE CVE-2025-43440

This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS6.8AI score0.00463EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•6 views

SUSE CVE-2025-43443

This issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

4.3CVSS6.5AI score0.00664EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2025/11/25 12:25 a.m.•9 views

SUSE CVE-2025-43480

The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin...

6.5CVSS6.9AI score0.00451EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/11/25 12:24 a.m.•4 views

SUSE CVE-2025-62626

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values...

7.2CVSS7.3AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:24 a.m.•3 views

SUSE CVE-2025-64505

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette...

6.8CVSS6.9AI score0.00184EPSS
Exploits2References13
SUSE CVE
SUSE CVE
•added 2025/11/25 12:24 a.m.•4 views

SUSE CVE-2025-64506

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngwriteimage8bit function when processing 8-bit images through t...

6.8CVSS7.1AI score0.00118EPSS
Exploits2References10
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•8 views

SUSE CVE-2025-65018

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread when processing...

6.8CVSS7AI score0.00224EPSS
Exploits4References21
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•3 views

SUSE CVE-2025-65493

NULL pointer dereference in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIOgetdata to return NULL...

7.5CVSS6.7AI score0.00331EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•4 views

SUSE CVE-2025-65494

NULL pointer dereference in getsanorcnfromcert in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes skGENERALNAMEvalue to return NULL...

7.5CVSS6.7AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•2 views

SUSE CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

7.5CVSS6.7AI score0.00219EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•5 views

SUSE CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•5 views

SUSE CVE-2025-65497

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•6 views

SUSE CVE-2025-65498

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•6 views

SUSE CVE-2025-65499

Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...

4.3CVSS6.8AI score0.00226EPSS
Exploits0References3
Total number of security vulnerabilities59855