Lucene search
K
SusecveRecent

59855 matches found

SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•5 views

SUSE CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS6.7AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/25 12:23 a.m.•8 views

SUSE CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

4.3CVSS6.8AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/23 12:23 a.m.•7 views

SUSE CVE-2025-40209

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgrouplist in btrfsaddqgrouprelation When btrfsaddqgrouprelation is called with invalid qgroup levels src = dst, the function returns -EINVAL directly without freeing the preallocated qgrouplist structur...

4.7CVSS6.6AI score0.00164EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/23 12:23 a.m.•6 views

SUSE CVE-2025-40210

In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug into it a little, but ...

6.4AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/23 12:23 a.m.•2 views

SUSE CVE-2025-40211

In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpivideoswitchbrightness The switchbrightnesswork delayed work accesses device-brightness and device-backlight, freed by acpivideodevunregisterbacklight during device removal. If the work...

6.3CVSS6.6AI score0.00175EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/22 12:25 a.m.•4 views

SUSE CVE-2025-9820

A flaw was found in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function that handles PKCS11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the applicatio...

4CVSS5.9AI score0.00203EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2025/11/22 12:25 a.m.•5 views

SUSE CVE-2025-12120

Lite XL versions 2.1.8 and prior automatically execute the .liteproject.lua file when opening a project directory, without prompting the user for confirmation. The .liteproject.lua file is intended for project-specific configuration but can contain executable Lua logic. This behavior could allow...

7.3CVSS7.9AI score0.00326EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:25 a.m.•4 views

SUSE CVE-2025-12121

Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in project directory launching core.lua, drag-and-drop file handling rootview.lua, and the "open i...

7.3CVSS7.7AI score0.00341EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:24 a.m.•6 views

SUSE CVE-2025-13425

A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic index out of range and an application crash denial of service in OSV-SCALIBR...

4.8CVSS6.9AI score0.00097EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:24 a.m.•3 views

SUSE CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

8.7CVSS6.8AI score0.00274EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:24 a.m.•6 views

SUSE CVE-2025-13499

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service...

6.1CVSS6.8AI score0.00103EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/22 12:23 a.m.•4 views

SUSE CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

6.1CVSS6.5AI score0.00203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:23 a.m.•6 views

SUSE CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

6.5CVSS8.4AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:23 a.m.•5 views

SUSE CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS8.5AI score0.00256EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:23 a.m.•3 views

SUSE CVE-2025-60799

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...

6.1CVSS7.2AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/22 12:23 a.m.•4 views

SUSE CVE-2025-64524

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0.1 and prior, a heap-buffer-overflow vulnerability in the rastertopclx filter causes the program to crash with a segmentation fault...

6.3CVSS7.8AI score0.00185EPSS
Exploits1References6
SUSE CVE
SUSE CVE
•added 2025/11/22 12:23 a.m.•6 views

SUSE CVE-2025-64751

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 openfga-0.1.34 = Helm chart = openfga-0.2.48, v.1.4.0 = docker = v.1.11.0 are vulnerable to improper policy enforcement when certain Check and...

8.2CVSS6.9AI score0.00261EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/21 12:25 a.m.•4 views

SUSE CVE-2025-13402

unknown...

7AI score
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/21 12:23 a.m.•5 views

SUSE CVE-2025-47914

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

5.3CVSS7AI score0.00484EPSS
Exploits0References29
SUSE CVE
SUSE CVE
•added 2025/11/21 12:23 a.m.•6 views

SUSE CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS7.1AI score0.00533EPSS
Exploits0References29
SUSE CVE
SUSE CVE
•added 2025/11/20 12:56 a.m.•4 views

SUSE CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

7.5CVSS8.8AI score0.05664EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/20 12:31 a.m.•6 views

SUSE CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•2 views

SUSE CVE-2025-54770

A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who...

4.9CVSS7.1AI score0.0013EPSS
Exploits0References9
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•4 views

SUSE CVE-2025-54771

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

4.9CVSS6.9AI score0.0013EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•3 views

SUSE CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

4.8CVSS6.4AI score0.00172EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•7 views

SUSE CVE-2025-61662

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

4.9CVSS7AI score0.00194EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•5 views

SUSE CVE-2025-61663

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

4.9CVSS7.1AI score0.00115EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•7 views

SUSE CVE-2025-61664

A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...

4.9CVSS7AI score0.00124EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•3 views

SUSE CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

7.1CVSS7.1AI score0.00422EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2025/11/20 12:23 a.m.•8 views

SUSE CVE-2025-64324

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

7.7CVSS6.9AI score0.00212EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/20 12:22 a.m.•5 views

SUSE CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS6.6AI score0.00329EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/19 12:57 a.m.•6 views

SUSE CVE-2022-50341

In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred on an arm64 system Unable to handle kernel write to read-only memory at virtual address ffff0001221cf000 Mem abort info: ESR =...

5.5CVSS6.6AI score0.00096EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/11/19 12:35 a.m.•4 views

SUSE CVE-2025-12495

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.8AI score0.00158EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/11/19 12:35 a.m.•2 views

SUSE CVE-2025-12839

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.8AI score0.00158EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/11/19 12:35 a.m.•3 views

SUSE CVE-2025-12840

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.8AI score0.00158EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2025/11/19 12:35 a.m.•4 views

SUSE CVE-2025-13193

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability...

5.5CVSS6AI score0.00107EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2025/11/19 12:35 a.m.•3 views

SUSE CVE-2025-13223

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.04835EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/19 12:35 a.m.•5 views

SUSE CVE-2025-13224

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.00443EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/18 12:27 a.m.•6 views

SUSE CVE-2025-9479

Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS7.1AI score0.00174EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/18 12:25 a.m.•6 views

SUSE CVE-2025-63744

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load function of bindyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program...

4.3CVSS6.8AI score0.00251EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/18 12:25 a.m.•36 views

SUSE CVE-2025-63745

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...

5.5CVSS6.7AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•7 views

SUSE CVE-2025-40119

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4mbinit In ext4mbinit, ext4mbavgfragmentsizedestroy may be called when sbi-smbavgfragmentsize remains uninitialized e.g., if groupinfo slab cache allocation fails. Since...

6.4AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40136

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - request reserved interrupt for virtual function The device interrupt vector 3 is an error interrupt for physical function and a reserved interrupt for virtual function. However, the driver has not registere...

4.4CVSS6.5AI score0.00182EPSS
Exploits0References6
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40138

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fscheckquotaconsistency syzbot reported a f2fs bug as below: Oops: gen 107.736417 T5848 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 ...

6.4AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40147

In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blkshouldthrotl when throttling is consulted before the throttle policy is fully enabled for the...

5.5CVSS6.3AI score0.00238EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40187

In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce If newasoc-peer.adaptationind=0 and sctpulpeventmakeauthkey=0 and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero and the zero will be...

4.1CVSS6.5AI score0.00207EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40190

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4xattrinodeupdateref reads an EA inode refcount that is already ref underflow: refcount=-1 refchange=-1 EXT4-fs warning: eainode dec...

6.1CVSS6.5AI score0.00207EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40192

In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc. This patch has a subtle bug that can cause the IPMI driver to go into an infinite loop if the BMC misbehaves in ...

5.5CVSS6.5AI score0.00182EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•7 views

SUSE CVE-2025-40193

In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in procwritesimdisk A malicious user could pass an arbitrarily bad value to memdupusernul, potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 "netdevsim:...

6.4AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40195

In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mntnsrelease When calling in listmount mntnsrelease may be passed a NULL pointer. Handle that case gracefully...

4.4CVSS6.5AI score0.00181EPSS
Exploits0References7
Total number of security vulnerabilities59855