Lucene search
K
SusecveRecent

59218 matches found

SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.11 views

SUSE CVE-2026-24194

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.10 views

SUSE CVE-2026-24195

NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service...

7.1CVSS5.8AI score0.00162EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.13 views

SUSE CVE-2026-24196

NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.9 views

SUSE CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU MIG partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.10 views

SUSE CVE-2026-24198

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of...

5.6CVSS5.8AI score0.00155EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.9 views

SUSE CVE-2026-24199

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service...

4.7CVSS5.8AI score0.00092EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.17 views

SUSE CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.13 views

SUSE CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS5.7AI score0.00301EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.14 views

SUSE CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

5.5CVSS5.7AI score0.0032EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.15 views

SUSE CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

7.8CVSS5.8AI score0.00514EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.14 views

SUSE CVE-2026-32741

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When decoding a HEIF file containing a mask image mski, the function copies the full iloc extent data into a pixel buffer using memcpydst,...

6.1CVSS5.9AI score0.00343EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.16 views

SUSE CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

5.5CVSS5.7AI score0.00303EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.13 views

SUSE CVE-2026-32882

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay in libheif/pixelimage.cc. When compositing an overlay image iovl whose child image has a different bit depth for the alpha channel than for the color...

6.1CVSS5.8AI score0.00323EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.14 views

SUSE CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.21 views

SUSE CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.14 views

SUSE CVE-2026-42450

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, FileFormatSpi3D.cpp:163 uses sscanf with %s into 64-byte stack buffers when parsing LUT data lines. Input comes from lineBuffer4096, so a crafted .spi3d file can overflow by 4000 bytes on...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.24 views

SUSE CVE-2026-44933

PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...

7.8CVSS5.9AI score0.00214EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.11 views

SUSE CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

7CVSS6.5AI score0.00529EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.13 views

SUSE CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

7CVSS5.8AI score0.00478EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.12 views

SUSE CVE-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/21 2:28 a.m.14 views

SUSE CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.0055EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/20 3:7 a.m.4 views

SUSE CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

3.7CVSS6.8AI score0.01034EPSS
Exploits0References29
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.8 views

SUSE CVE-2025-4922

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

8.1CVSS6AI score0.00484EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.10 views

SUSE CVE-2025-5264

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...

4.8CVSS7AI score0.00135EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.3 views

SUSE CVE-2025-6011

A timing side channel in Vault and Vault Enterprise's “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault's Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

3.7CVSS5.8AI score0.0032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.9 views

SUSE CVE-2025-6014

Vault and Vault Enterprise's “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS5.9AI score0.00356EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.4 views

SUSE CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS6AI score0.00223EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 3:0 a.m.8 views

SUSE CVE-2025-12141

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

4.3CVSS5.7AI score0.00255EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:40 a.m.8 views

SUSE CVE-2025-57807

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob, which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob, which then expan...

4.2CVSS6.5AI score0.00274EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.8 views

SUSE CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

7.5CVSS5.5AI score0.00464EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.12 views

SUSE CVE-2026-8706

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0...

6.5CVSS5.9AI score0.00192EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.2AI score0.00889EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.10 views

SUSE CVE-2026-8945

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151...

8.3CVSS5.8AI score0.00369EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.8 views

SUSE CVE-2026-8946

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

8.8CVSS5.8AI score0.0056EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8947

Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

8.8CVSS5.8AI score0.00413EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.15 views

SUSE CVE-2026-8948

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.14 views

SUSE CVE-2026-8949

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.9AI score0.00583EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8950

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.12 views

SUSE CVE-2026-8951

Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8952

Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.3CVSS5.8AI score0.00373EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.10 views

SUSE CVE-2026-8953

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.1CVSS5.8AI score0.00532EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.16 views

SUSE CVE-2026-8954

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.6CVSS5.9AI score0.00425EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8955

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.8AI score0.00386EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.11 views

SUSE CVE-2026-8956

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.9AI score0.00605EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.10 views

SUSE CVE-2026-8957

Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.8AI score0.00386EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.11 views

SUSE CVE-2026-8958

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

8.6CVSS5.8AI score0.00344EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.12 views

SUSE CVE-2026-8959

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.1CVSS5.8AI score0.00417EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.12 views

SUSE CVE-2026-8960

Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.13 views

SUSE CVE-2026-8961

Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.5CVSS5.8AI score0.00322EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.9 views

SUSE CVE-2026-8962

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

5.4CVSS5.8AI score0.00372EPSS
Exploits0References12
Total number of security vulnerabilities59218