Lucene search
K
SusecveRecent

59855 matches found

SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•5 views

SUSE CVE-2025-40112

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for Niagara The referenced commit introduced exception handlers on user-space memory references in copyfromuser and copytouser. These handlers return from the respective...

6.5AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•4 views

SUSE CVE-2025-40113

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E The ADSP firmware on X1E has separate firmware binaries for the main firmware and the DTB. The same applies for the "lite" firmware loaded by the boot firmware. When preparing ...

6.5AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•16 views

SUSE CVE-2025-40115

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against &mpt3sasport-port-dev. At this point the SAS transport device may already be...

5.5CVSS6.4AI score0.00211EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•5 views

SUSE CVE-2025-40116

In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers so the max3421hcd-spithread pointer can be either error pointers or NULL. Check for both before dereferencing i...

5.5CVSS6.5AI score0.00207EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•4 views

SUSE CVE-2025-40117

In the Linux kernel, the following vulnerability has been resolved: misc: pciendpointtest: Fix array underflow in pciendpointtestioctl Commit eefb83790a0d "misc: pciendpointtest: Add doorbell test case" added NOBAR -1 to the pcibarno enum which, in practical terms, changes the enum from an unsign...

6.5AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•3 views

SUSE CVE-2025-40122

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...

6.4AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•3 views

SUSE CVE-2025-40123

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

5.5CVSS6.5AI score0.00197EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•6 views

SUSE CVE-2025-40124

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga tracked down that a BUGON in ext4 code with large folios enabled resulted from copyfromuser returning impossibly large values greater tha...

6.6AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•12 views

SUSE CVE-2025-40125

In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject stateinsysfs before deleting in blkmqunregisterhctx In blkmqupdatenrhwqueues the return value of blkmqsysfsregisterhctxs is not checked. If sysfs creation for hctx fails, later changing the number of hwqueue...

6.5AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•5 views

SUSE CVE-2025-40126

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copyfromuser and copytouser. These handlers return from the respectiv...

6.5AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•5 views

SUSE CVE-2025-40127

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

5.5CVSS6.8AI score0.00202EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•6 views

SUSE CVE-2025-40131

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix peer lookup in ath12kdpmonrxdelivermsdu In ath12kdpmonrxdelivermsdu, peer lookup fails because rxcb-peerid is not updated with a valid value. This is expected in monitor mode, where RX frames bypass the regular ...

6.4AI score0.00193EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•11 views

SUSE CVE-2025-40140

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...

3.3CVSS6.5AI score0.00207EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•7 views

SUSE CVE-2025-40141

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on isoconnfree This attempt to fix similar issue to scoconnfree where if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

6.3CVSS6.5AI score0.00197EPSS
Exploits0References22
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•3 views

SUSE CVE-2025-40145

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

6.5AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•5 views

SUSE CVE-2025-40146

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix potential deadlock while nrrequests grown Allocate and free schedtags while queue is freezed can deadlock1, this is a long term problem, hence allocate memory before freezing queue and free memory after queue is...

6.6AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:24 a.m.•11 views

SUSE CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

6.3CVSS6.5AI score0.00157EPSS
Exploits0References21
SUSE CVE
SUSE CVE
•added 2025/11/13 12:23 a.m.•5 views

SUSE CVE-2025-57812

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17...

5CVSS7.1AI score0.0044EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2025/11/13 12:23 a.m.•4 views

SUSE CVE-2025-64486

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

9.3CVSS7.8AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/13 12:23 a.m.•5 views

SUSE CVE-2025-64503

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x's pdftoraster tool to...

3.3CVSS7AI score0.00208EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2025/11/12 12:19 a.m.•2 views

SUSE CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

8CVSS6.9AI score0.00285EPSS
Exploits1References9
SUSE CVE
SUSE CVE
•added 2025/11/12 12:19 a.m.•4 views

SUSE CVE-2025-64181

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...

4CVSS6.8AI score0.00373EPSS
Exploits1References4
SUSE CVE
SUSE CVE
•added 2025/11/12 12:19 a.m.•2 views

SUSE CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

6.2CVSS6.9AI score0.00294EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/12 12:19 a.m.•2 views

SUSE CVE-2025-64182

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...

7.7CVSS8.1AI score0.00237EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/12 12:19 a.m.•7 views

SUSE CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS7.1AI score0.00164EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/12 12:19 a.m.•5 views

SUSE CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

7.8CVSS7.4AI score0.00314EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/11 12:40 a.m.•4 views

SUSE CVE-2025-12863

This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...

6.6AI score0.00068EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/11 12:40 a.m.•5 views

SUSE CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

7.8CVSS5.6AI score0.00158EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/11 12:24 a.m.•4 views

SUSE CVE-2025-40108

In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 "serial: qcom-geni: Enable PM runtime for serial driver" and its dependent commit 86fa39dd6fb7 "serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms" becaus...

6.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2025/11/11 12:24 a.m.•4 views

SUSE CVE-2025-40109

In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...

5.5CVSS6.6AI score0.00205EPSS
Exploits0References20
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•4 views

SUSE CVE-2025-59777

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

7.5CVSS6.8AI score0.00422EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•4 views

SUSE CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

7.5CVSS6.8AI score0.00422EPSS
Exploits0References8
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•4 views

SUSE CVE-2025-64432

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discovered that the virt-api component fails to...

5.8CVSS6.9AI score0.00139EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•10 views

SUSE CVE-2025-64433

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM...

6.5CVSS6.7AI score0.00475EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•4 views

SUSE CVE-2025-64434

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler via verifyPeerCert, an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileg...

6.3CVSS7AI score0.00181EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•4 views

SUSE CVE-2025-64435

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

5.9CVSS6.8AI score0.00347EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•7 views

SUSE CVE-2025-64436

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

6.9CVSS6.8AI score0.00254EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2025/11/11 12:23 a.m.•3 views

SUSE CVE-2025-64437

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

3.9CVSS7AI score0.0021EPSS
Exploits1References7
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•3 views

SUSE CVE-2016-11063

An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview...

6.1CVSS6.5AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•4 views

SUSE CVE-2016-11066

An issue was discovered in Mattermost Server before 3.2.0. The initialload API disclosed unnecessary personal information...

7.5CVSS7AI score0.01143EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•4 views

SUSE CVE-2016-11067

An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang...

5.3CVSS6.9AI score0.01096EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•3 views

SUSE CVE-2016-11068

An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection...

5.3CVSS7AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•2 views

SUSE CVE-2016-11069

An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change...

7.5CVSS7.2AI score0.00891EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•3 views

SUSE CVE-2016-11070

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values...

5.4CVSS6.3AI score0.00556EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•6 views

SUSE CVE-2016-11071

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•2 views

SUSE CVE-2016-11072

An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled...

6.5CVSS7AI score0.00722EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•3 views

SUSE CVE-2016-11073

An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting...

6.1CVSS6.2AI score0.00685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•5 views

SUSE CVE-2016-11074

An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused...

9.8CVSS7AI score0.01175EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•2 views

SUSE CVE-2016-11075

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API...

5.3CVSS6.6AI score0.0092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
•added 2025/11/09 2:28 a.m.•5 views

SUSE CVE-2016-11076

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL...

5.3CVSS7AI score0.00872EPSS
Exploits0References2
Total number of security vulnerabilities59855