SUSE CVE-2025-50080

unknown...

SUSE CVE-2025-50081

unknown...

SUSE CVE-2025-50082

unknown...

SUSE CVE-2025-50083

unknown...

SUSE CVE-2025-50084

unknown...

SUSE CVE-2025-50085

unknown...

SUSE CVE-2025-50086

unknown...

SUSE CVE-2025-50087

unknown...

SUSE CVE-2025-50088

unknown...

SUSE CVE-2025-50091

unknown...

SUSE CVE-2025-50092

unknown...

SUSE CVE-2025-50093

unknown...

SUSE CVE-2025-50094

unknown...

SUSE CVE-2025-50096

unknown...

SUSE CVE-2025-50097

unknown...

SUSE CVE-2025-50098

unknown...

SUSE CVE-2025-50099

unknown...

SUSE CVE-2025-50100

unknown...

SUSE CVE-2025-50101

unknown...

SUSE CVE-2025-50102

unknown...

SUSE CVE-2025-50104

unknown...

SUSE CVE-2025-53023

unknown...

SUSE CVE-2025-54123

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

SUSE CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly's admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

SUSE CVE-2025-58157

gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been...

SUSE CVE-2025-58158

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

SUSE CVE-2025-58430

listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie session there included nonce. The value is not checked and validated by the backend, removing nonce allows the requests to be...

SUSE CVE-2025-58437

Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt workspaces. Coder automatically generates a session token for a user when a workspace...

SUSE CVE-2025-58445

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...

SUSE CVE-2025-58450

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

SUSE CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

SUSE CVE-2025-59359

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

SUSE CVE-2025-59360

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

SUSE CVE-2025-59361

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

SUSE CVE-2022-50274

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvbunregisterdevice is known that prone to use-after-free. That is, the cleanup from dvbunregisterdevice releases the dvbdevice even if there are pointers stored in file-privatedata still...

SUSE CVE-2022-50289

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2stackglueinit ocfs2tableheader should be free in ocfs2stackglueinit if ocfs2sysfsinit failed, otherwise kmemleak will report memleak. BUG: memory leak unreferenced object 0xffff88810eeb5800 size 128...

SUSE CVE-2022-50369

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkmsrelease A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms-output.composerworkq in vkmsrelease. KASAN: null-ptr-deref in range 0x0000000000000118-0x000000000000011f CP...

SUSE CVE-2022-50375

In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsllpuart: disable dma rx/tx use flags in lpuartdmashutdown lpuartdmashutdown tears down lpuart dma, but lpuartflushbuffer can still occur which in turn tries to access dma apis if lpuartdmatxuse flag is true. At thi...

SUSE CVE-2022-50376

In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefskernel,clientdebuginit When insert and remove the orangefs module, there are memory leaked as below: unreferenced object 0xffff88816b0cc000 size 2048: comm "insmod", pid 783, jiffies 4294813439 a...

SUSE CVE-2022-50377

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2022-50378

In the Linux kernel, the following vulnerability has been resolved: drm/meson: reorder driver deinit sequence to fix use-after-free bug Unloading the driver triggers the following KASAN warning: +0.006275 ============================================================= +0.000029 BUG: KASAN:...

SUSE CVE-2022-50379

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota enable and quota rescan ioctl When enabling quotas, at btrfsquotaenable, after committing the transaction, we change fsinfo-quotaroot to point to the quota root we created and set BTRFSFSQUOTAENABLED...

SUSE CVE-2022-50380

In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smapsrollup: fix no vma's null-deref Commit 258f669e7e88 "mm: /proc/pid/smapsrollup: convert to single value seqfile" introduced a null-deref if there are no vma's in the task in showsmapsrollup...

SUSE CVE-2022-50381

In the Linux kernel, the following vulnerability has been resolved: md: fix a crash in mempoolfree There's a crash in mempoolfree when running the lvm test shell/lvchange-rebuild-raid.sh. The reason for the crash is this: superwritten calls atomicdecandtest&mddev-pendingwrites and...

SUSE CVE-2022-50382

In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running -parallel A deadlock can happen when an overloaded system runs -parallel in the context of the current task: padatadoparallel -parallel pcryptaeadenc/dec padatadoserial...

SUSE CVE-2022-50383

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Can't set dst buffer to done when lat decode error Core thread will call v4l2m2mbufdone to set dst buffer done for lat architecture. If lat call v4l2m2mbufdoneandjobfinish to free dst buffer when lat deco...

SUSE CVE-2022-50385

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfsdautomount When mounting from a NFSv4 referral, path-dentry can end up being a negative dentry, so derive the struct nfsserver from the dentry itself instead...

SUSE CVE-2022-50386

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...

SUSE CVE-2022-50387

In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix the issue of CMDQ memory leaks When hinicsetcmdqdepth fails in hinicinitcmdqs, the cmdq memory is not released correctly. Fix it...

SUSE CVE-2022-50389

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmcrb: Add the missed acpiputtable to fix memory leak In crbacpiadd, we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, shou...