Lucene search
K
SusecveRecent

59218 matches found

SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.11 views

SUSE CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46253

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistentramsaveold persistentramsaveold can be called multiple times for the same persistentramzone e.g., via ramoopspstoreread - ramoopsgetnextprz for PSTORETYPEDMESG records. Currently, the...

5.9AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46255

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which automatically cleans these resources up, but these clocks are also manual...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46254

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

5.8AI score0.00099EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46257

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

5.8AI score0.001EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46258

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a statement like this: retainandnullptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the cras...

5.8AI score0.001EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46259

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...

5.5CVSS5.8AI score0.0012EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

5.8AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46261

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcmfiuprobe platformgetresourcebyname can return NULL, which would cause a crash when passed the pointer to resourcesize. Move the fiu-memorysize assignment after the erro...

5.8AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46263

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 engid can be negative and that streamencregs can be indexed out of bounds. engid is used directly as an index into streamencregs, which has only 5 entries. When engid is ...

5.7AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46262

In the Linux kernel, the following vulnerability has been resolved: ASoC: fslxcvr: Revert fix missing lock in fslxcvrmodeput This reverts commit f51424872760 "ASoC: fslxcvr: fix missing lock in fslxcvrmodeput". The original patch attempted to acquire the card-controlsrwsem lock in fslxcvrmodeput...

5.8AI score0.00091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46264

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

5.8AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46265

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQMEMRECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQMEMRECLAIM xprtiod:xprtrdmaconnectworker rpcrdma is flushing !WQMEMRECLAIM...

5.8AI score0.00371EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46266

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...

9.1CVSS5.8AI score0.00346EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46267

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...

5.7AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

5.7AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.9 views

SUSE CVE-2026-46269

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: 0.732084 Unable to handle kernel NULL point...

5.8AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46270

In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

5.7AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-46271

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it...

5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.9 views

SUSE CVE-2026-46272

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at...

5.9AI score0.00088EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.11 views

SUSE CVE-2026-46273

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

5.5CVSS5.6AI score0.00389EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

5.3CVSS5.8AI score0.0015EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.9 views

SUSE CVE-2026-48095

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...

7.8CVSS6.4AI score0.00938EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.7 views

SUSE CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.9CVSS5.8AI score0.00354EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.93 views

SUSE CVE-2026-49261

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

9CVSS5.5AI score0.00998EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.7 views

SUSE CVE-2026-49271

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

5.5CVSS5.8AI score0.00199EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.9 views

SUSE CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.8 views

SUSE CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

7.5CVSS5.4AI score0.11471EPSS
Exploits7References9
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.13 views

SUSE CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.8AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:36 a.m.16 views

SUSE CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

7.5CVSS7AI score0.00569EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/03 2:35 a.m.11 views

SUSE CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS6AI score0.00521EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:32 a.m.15 views

SUSE CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

8.1CVSS6.7AI score0.00437EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:29 a.m.14 views

SUSE CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.4AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:25 a.m.14 views

SUSE CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

4.6CVSS5.9AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:25 a.m.14 views

SUSE CVE-2026-33244

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:24 a.m.9 views

SUSE CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

5.8AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:24 a.m.14 views

SUSE CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:24 a.m.10 views

SUSE CVE-2026-42795

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.13 views

SUSE CVE-2026-43965

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::readfromdisc are passed without validation to paths.buildpackagespackage, whi...

5.6CVSS5.9AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.16 views

SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

7.5CVSS5.7AI score0.00295EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.14 views

SUSE CVE-2026-45157

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.11 views

SUSE CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.12 views

SUSE CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

6.5CVSS6.7AI score0.00247EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.14 views

SUSE CVE-2026-10197

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local...

3.3CVSS5.4AI score0.00115EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.11 views

SUSE CVE-2026-10198

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit ha...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.12 views

SUSE CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

3.3CVSS5.2AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.12 views

SUSE CVE-2026-10200

A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has bee...

5.3CVSS6AI score0.00124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.18 views

SUSE CVE-2026-10201

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has be...

4.8CVSS5.3AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.16 views

SUSE CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

5.3CVSS6.1AI score0.00125EPSS
Exploits0References3
Total number of security vulnerabilities59218