Lucene search
K
SusecveRecent

59218 matches found

SUSE CVE
SUSE CVE
added 2026/05/22 2:21 a.m.16 views

SUSE CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

3.7CVSS5.8AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:21 a.m.8 views

SUSE CVE-2026-8632

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...

7.8CVSS6.3AI score0.0088EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/22 2:21 a.m.10 views

SUSE CVE-2026-8631

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data...

9.8CVSS6.3AI score0.01333EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/22 2:21 a.m.10 views

SUSE CVE-2026-9100

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

6CVSS5.8AI score0.00281EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.15 views

SUSE CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7CVSS5.9AI score0.00152EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.10 views

SUSE CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

5.5CVSS5.8AI score0.00253EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.10 views

SUSE CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

6.8CVSS5.8AI score0.00302EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.9 views

SUSE CVE-2026-41999

Incorrect Behaviour of Views with TCP PROXY Requests...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-42000

Insufficient Validation of Names During AXFR...

8.6CVSS5.8AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.10 views

SUSE CVE-2026-42001

Insufficient Validation of Autoprimary SOA Queries...

7.5CVSS5.8AI score0.00365EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-42396

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail...

4.9CVSS5.8AI score0.00353EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.10 views

SUSE CVE-2026-43449

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: Fix slab-out-of-bounds in nvmedbbufset dev-onlinequeues is a count incremented in nvmeinitqueue. Thus, valid indices are 0 through dev-onlinequeues − 1. This patch fixes the loop condition to ensure the index stays with...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.13 views

SUSE CVE-2026-43495

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...

6.1CVSS5.9AI score0.00272EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.22 views

SUSE CVE-2026-43496

In the Linux kernel, the following vulnerability has been resolved: net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeued, we could get a kernel panic. When the parent of such qdiscs eg...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.11 views

SUSE CVE-2026-43497

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vmops to dlfbopsmmap to prevent use-after-free dlfbopsmmap uses remappfnrange to map vmalloc framebuffer pages to userspace but sets no vmops on the VMA. This means the kernel cannot track active mmaps. When...

7.8CVSS5.9AI score0.00113EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-43498

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

5.3CVSS5.9AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.10 views

SUSE CVE-2026-43499

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...

7.8CVSS5.8AI score0.00125EPSS
Exploits1References24
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-43501

In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...

7.1CVSS5.8AI score0.00475EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.10 views

SUSE CVE-2026-43502

In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.10 views

SUSE CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

4.8CVSS5.8AI score0.00282EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.9 views

SUSE CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

6.3CVSS6AI score0.00136EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-43618

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

8.1CVSS6AI score0.0078EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.12 views

SUSE CVE-2026-43620

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

6.5CVSS5.8AI score0.00503EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.9 views

SUSE CVE-2026-44057

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

3.1CVSS5.9AI score0.00186EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.8 views

SUSE CVE-2026-44058

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism...

7.2CVSS6AI score0.00532EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.10 views

SUSE CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

4.5CVSS5.8AI score0.00065EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.10 views

SUSE CVE-2026-44060

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.9 views

SUSE CVE-2026-44062

A missing output length bounds check in pullcharsetflags in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data...

7.5CVSS6.2AI score0.00357EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

5.9CVSS5.8AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-44063

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.9 views

SUSE CVE-2026-44064

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00171EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.7 views

SUSE CVE-2026-44065

An off-by-two error in lpwrite in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data...

4.2CVSS5.8AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.14 views

SUSE CVE-2026-44066

Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...

7.1CVSS5.9AI score0.0029EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.15 views

SUSE CVE-2026-44067

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

4.2CVSS5.8AI score0.00292EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.12 views

SUSE CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS5.8AI score0.00094EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

7.6CVSS5.8AI score0.00322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

3.1CVSS5.9AI score0.00318EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.10 views

SUSE CVE-2026-44071

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFYSOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection...

3.7CVSS6AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.12 views

SUSE CVE-2026-44073

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

5CVSS5.8AI score0.00277EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-44072

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

3CVSS5.9AI score0.00091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.13 views

SUSE CVE-2026-44074

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

3.7CVSS5.8AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.9 views

SUSE CVE-2026-44075

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPTATTNQUANT switch case to fall through into DSIOPTSERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI...

3.7CVSS5.8AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.9 views

SUSE CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.7 views

SUSE CVE-2026-44940

unknown...

5.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.9 views

SUSE CVE-2026-45232

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves...

4.2CVSS5.8AI score0.00337EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.10 views

SUSE CVE-2026-47178

unknown...

8.4CVSS5.8AI score0.00025EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.8 views

SUSE CVE-2026-47247

unknown...

6.2CVSS5.8AI score0.00041EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.11 views

SUSE CVE-2026-47254

unknown...

6.8CVSS5.8AI score0.00024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/22 2:19 a.m.12 views

SUSE CVE-2026-47251

unknown...

6.1CVSS5.8AI score0.00019EPSS
Exploits0References5
Total number of security vulnerabilities59218