Lucene search
K
SusecveRecent

59189 matches found

SUSE CVE
SUSE CVE
added 2026/06/06 4:57 a.m.4 views

SUSE CVE-2023-26930

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”...

5.5CVSS6.5AI score0.00336EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/06 4:49 a.m.43 views

SUSE CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system's configuration, which also includes some debug functions...

8.8CVSS7.2AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 4:14 a.m.5 views

SUSE CVE-2024-22119

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section...

5.4CVSS5.8AI score0.00659EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/06/06 3:48 a.m.5 views

SUSE CVE-2024-44976

In the Linux kernel, the following vulnerability has been resolved: ata: patamacio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 "ata: patamacio: Fix maxsegmentsize with PAGESIZE == 64K". For example: kernel B...

5.5CVSS5AI score0.00196EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 3:26 a.m.7 views

SUSE CVE-2025-1296

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS5.8AI score0.00449EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 3:25 a.m.4 views

SUSE CVE-2025-6004

Vault and Vault Enterprise's “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS5.8AI score0.00394EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 3:19 a.m.5 views

SUSE CVE-2025-22242

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

4.4CVSS5.8AI score0.00122EPSS
Exploits0References23
SUSE CVE
SUSE CVE
added 2026/06/06 3:18 a.m.4 views

SUSE CVE-2025-24784

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it's considere...

4.3CVSS7AI score0.00282EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 3:2 a.m.6 views

SUSE CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

6.5CVSS5.6AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:54 a.m.10 views

SUSE CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

7.5CVSS5.4AI score0.00606EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

5.5CVSS4.9AI score0.00179EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.6 views

SUSE CVE-2026-10891

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.6AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-10894

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00286EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-10899

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS5.6AI score0.00286EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.13 views

SUSE CVE-2026-10972

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00325EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.8 views

SUSE CVE-2026-11000

Use after free in Fonts in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.00361EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-11051

Out of bounds read in ANGLE in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.8 views

SUSE CVE-2026-11053

unknown...

5.4AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.8 views

SUSE CVE-2026-11071

Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.5AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-11074

Use after free in WebRTC in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.1AI score0.00355EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.7 views

SUSE CVE-2026-11099

unknown...

5.4AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-11112

Insufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.12 views

SUSE CVE-2026-11160

Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.7 views

SUSE CVE-2026-11170

Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

8.1CVSS5.5AI score0.00238EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.8 views

SUSE CVE-2026-11224

Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Low...

8.1CVSS6AI score0.00244EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.8 views

SUSE CVE-2026-11282

Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.5AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:53 a.m.9 views

SUSE CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/06 2:48 a.m.8 views

SUSE CVE-2026-36499

A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...

6.5CVSS5.4AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:48 a.m.6 views

SUSE CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00153EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:46 a.m.6 views

SUSE CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

7.4CVSS5.4AI score0.0016EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.10 views

SUSE CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

6.5CVSS5.5AI score0.00196EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-49941

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

7.5CVSS5.4AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-49942

Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...

7.3CVSS5.5AI score0.00312EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-50142

unknown...

6.2CVSS5.4AI score0.00089EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-50256

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

7.8CVSS5.8AI score0.00157EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-50257

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...

7.8CVSS5.4AI score0.00142EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.7 views

SUSE CVE-2026-50258

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel XkbNumKbdGroups but CheckKeyTypes does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.10 views

SUSE CVE-2026-50259

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

7.8CVSS6AI score0.00165EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.7 views

SUSE CVE-2026-50260

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00154EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.5 views

SUSE CVE-2026-50261

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS5.4AI score0.0014EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.9 views

SUSE CVE-2026-50262

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS5.4AI score0.00127EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.7 views

SUSE CVE-2026-50263

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS5.4AI score0.00136EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.9 views

SUSE CVE-2026-50264

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00148EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

7.1CVSS5.5AI score0.00112EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/05 3:39 a.m.10 views

SUSE CVE-2024-50102

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Litetm" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user...

5.5CVSS6.7AI score0.00239EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/06/05 3:31 a.m.16 views

SUSE CVE-2025-21910

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...

5.5CVSS6.2AI score0.002EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.11 views

SUSE CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS6AI score0.00197EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.11 views

SUSE CVE-2026-8829

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and...

4.8CVSS5.9AI score0.0031EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/05 3:16 a.m.11 views

SUSE CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

6.7CVSS5.7AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.8 views

SUSE CVE-2026-24190

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, a...

7.8CVSS5.9AI score0.00177EPSS
Exploits0References3
Total number of security vulnerabilities59189