Lucene search
K
SusecveRecent

59855 matches found

SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•4 views

SUSE CVE-2025-40196

In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quotareleasework There is a kernel panic due to WARNONCE when paniconwarn is set. This issue occurs when writeback is triggered due to sync call for an opened fileie, writeback reason is...

3.3CVSS6.4AI score0.00183EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/15 12:24 a.m.•9 views

SUSE CVE-2025-47913

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

7.5CVSS7AI score0.00632EPSS
Exploits1References45
SUSE CVE
SUSE CVE
•added 2025/11/15 12:23 a.m.•4 views

SUSE CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS7.1AI score0.00383EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:33 a.m.•4 views

SUSE CVE-2025-12762

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.1CVSS7.8AI score0.12384EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:33 a.m.•3 views

SUSE CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

8.8CVSS8.1AI score0.00845EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:33 a.m.•5 views

SUSE CVE-2025-12764

pgAdmin = 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS...

7.5CVSS7.2AI score0.00396EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/11/14 12:33 a.m.•2 views

SUSE CVE-2025-12765

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

7.4CVSS6.8AI score0.00196EPSS
Exploits0References5
SUSE CVE
SUSE CVE
•added 2025/11/14 12:33 a.m.•4 views

SUSE CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

4.3CVSS6.8AI score0.00222EPSS
Exploits0References32
SUSE CVE
SUSE CVE
•added 2025/11/14 12:33 a.m.•3 views

SUSE CVE-2025-12818

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions...

8.8CVSS7AI score0.00332EPSS
Exploits0References37
SUSE CVE
SUSE CVE
•added 2025/11/14 12:33 a.m.•2 views

SUSE CVE-2025-13120

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sortcmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is...

5.5CVSS4.9AI score0.00142EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•12 views

SUSE CVE-2025-40118

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 "scsi: pm80xx: Set phyattached to zero when device is gone" UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001sas.c:786:...

6.1CVSS6.3AI score0.00207EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•4 views

SUSE CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

5.5CVSS6.4AI score0.00202EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•4 views

SUSE CVE-2025-40121

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This...

6.4CVSS6.5AI score0.00211EPSS
Exploits0References27
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•5 views

SUSE CVE-2025-40128

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6AI score0.00018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•6 views

SUSE CVE-2025-40129

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdrstreamdecodeopaqueauth, zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data in gsskrb5verifymicv2...

7.5CVSS6.4AI score0.00197EPSS
Exploits0References75
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•3 views

SUSE CVE-2025-40130

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpulatencyqosadd/remove/updaterequest interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current...

7CVSS6.4AI score0.00182EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•5 views

SUSE CVE-2025-40132

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent jump to NULL addsidecar callback In createsdwdailink check that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if includesidecar is true, the codec on that...

5.5CVSS6.6AI score0.00194EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•4 views

SUSE CVE-2025-40133

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. mptcpactiveenable is called from subflowfinishconnect, which is icsk-icskafops-skrxdstset and it's not always under RCU. Using skdstgetsk-dev could trigger UAF. Let's use...

6.5CVSS6.5AI score0.00194EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•4 views

SUSE CVE-2025-40134

In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...

4.7CVSS6.2AI score0.00207EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•2 views

SUSE CVE-2025-40135

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6xmit Use RCU in ip6xmit in order to use dstdevrcu to prevent possible UAF...

6.1CVSS6.5AI score0.00197EPSS
Exploits0References25
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•4 views

SUSE CVE-2025-40137

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fstruncate syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs loop0: Wrong SSA boundary, start3584 end4096 blocks3072 F2FS-fs loop0: Can't fi...

6.5AI score0.00197EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•6 views

SUSE CVE-2025-40139

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in in smcclcprfxset. smcclcprfxset is called during connect and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and devdstrcu under rcureadlock after...

7.8CVSS6.5AI score0.00182EPSS
Exploits0References31
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•7 views

SUSE CVE-2025-40142

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spinlockirq on PREEMPTRT sndpcmgrouplockirq acquires a spinlockt and disables interrupts via spinlockirq. This also implicitly disables the handling of softirqs such as TIMERSOFTIRQ. ...

4.7CVSS6.3AI score0.00194EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/14 12:25 a.m.•6 views

SUSE CVE-2025-40143

In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpfsccvisit on speculative path Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state with insnidx in some SCC,...

6.4AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•2 views

SUSE CVE-2025-40144

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6AI score0.00032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40148

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dcstream cursor attribute functions The function dcstreamsetcursorattributes currently dereferences the stream pointer and nested members stream-ctx-dc-currentstate without checking for...

6.7AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•3 views

SUSE CVE-2025-40150

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...

6.5AI score0.00241EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•5 views

SUSE CVE-2025-40151

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current implementation does not support struct argument. This causes a oops when running bpf selftest: $ ./testprogs -a tracingstruct Oops1: CPU -1 Unable t...

6.4AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•6 views

SUSE CVE-2025-40152

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix bootup splat with separategpudrm modparam The drmgemforeachgpuvmbo call from lookupvma accesses drmgemobj.gpuva.list, which is not initialized when the drm driver does not support DRIVERGEMGPUVA feature. Enable it fo...

6.5AI score0.00181EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•10 views

SUSE CVE-2025-40153

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect to a large hugetlb memory area in our customer's workload 300GB hugetlb memory, soft lockup was observed: watchdog: BUG: soft lockup - CPU98...

3.3CVSS6.1AI score0.00193EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•5 views

SUSE CVE-2025-40154

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB...

6.4CVSS6.5AI score0.00193EPSS
Exploits0References30
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40155

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b. SSPTPTR maybe uninitialized or zero in that case and may cause oops like: Oops: general protection fault,...

6.5AI score0.00216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•5 views

SUSE CVE-2025-40156

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe The drv-sramreg pointer could be set to ERRPTR-EPROBEDEFER which would lead to a error pointer dereference. Use ISERRORNULL to check that the pointer is vali...

5.5CVSS6.4AI score0.00183EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•3 views

SUSE CVE-2025-40157

In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nmedac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in...

5.2CVSS6.5AI score0.00224EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•12 views

SUSE CVE-2025-40158

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6output Use RCU in ip6output in order to use dstdevrcu to prevent possible UAF. We can remove rcureadlock/rcureadunlock pairs from ip6finishoutput2...

6.3CVSS6.5AI score0.00212EPSS
Exploits0References25
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•7 views

SUSE CVE-2025-40159

In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdpdesc validation Turned out certain clearly invalid values passed in xdpdesc from userspace can pass xp,unalignedvalidatedesc and then lead to UBs or just invalid frames to be queued for xmit...

7CVSS7AI score0.00181EPSS
Exploits0References80
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40160

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...

3.3CVSS6.5AI score0.00182EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40161

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix SGI cleanup on unbind The driver incorrectly determines SGI vs SPI interrupts by checking IRQ number 16, which fails with dynamic IRQ allocation. During unbind, this causes improper SGI cleanup leading to...

6.1CVSS6.4AI score0.0018EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•3 views

SUSE CVE-2025-40162

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdwutils: avoid NULL deref when devmkasprintf fails devmkasprintf may return NULL on memory allocation failure, but the debug message prints cpus-dainame before checking it. Move the devdbg call after the NULL check to...

5.5CVSS6.5AI score0.0018EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•5 views

SUSE CVE-2025-40163

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dlserver before CPU goes offline IBM CI tool reported kernel warning1 when running a CPU removal operation through drmgr2. i.e "drmgr -c cpu -r -q 1" WARNING: CPU: 0 PID: 0 at kernel/sched/cpudeadline.c:219...

6.4AI score0.0018EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•13 views

SUSE CVE-2025-40164

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smpprocessorid in preemptible code warnings Syzbot reported the following warning: BUG: using smpprocessorid in preemptible 00000000 code: dhcpcd/2879 caller is usbnetskbreturn+0x74/0x490...

4.7CVSS6.7AI score0.00183EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•6 views

SUSE CVE-2025-40165

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

4.7CVSS6.5AI score0.00183EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40166

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and deregistered through the GuC, and freed only after the GuC confirms completion. However, if the driv...

5.5CVSS6.4AI score0.00181EPSS
Exploits0References10
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•5 views

SUSE CVE-2025-40167

In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination syzbot reported a BUGON in ext4escacheextent when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an...

5.5CVSS6.4AI score0.00193EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•5 views

SUSE CVE-2025-40168

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in smcclcprfxmatch. smcclcprfxmatch is called from smclistenwork and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the returned value o...

6.3CVSS6.5AI score0.0017EPSS
Exploits0References24
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40169

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the checkaluop function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check...

5.8CVSS6.4AI score0.00183EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40170

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

6.3CVSS6.5AI score0.00188EPSS
Exploits0References25
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40171

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmetfclsreqop It's possible for more than one async command to be in flight from nvmetfcsendlsreq. For each command, a tgtport reference is taken. In the current code, only one put work item is...

5.3CVSS6.1AI score0.00188EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•8 views

SUSE CVE-2025-40172

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in findandmapuserpages Currently, if findandmapuserpages takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAICTRANSDMAXFERCONT fro...

5.5CVSS6.5AI score0.00183EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/14 12:24 a.m.•4 views

SUSE CVE-2025-40173

In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev-neededheadroom, too. While ipv4 tunnel headroom adjustment growth was limited in commit 5ae1e9922bbd "net: iptunnel: prevent...

4.7CVSS6.2AI score0.00193EPSS
Exploits0References21
Total number of security vulnerabilities59855