Lucene search
K
SusecveRecent

59218 matches found

SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.12 views

SUSE CVE-2026-8963

Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:32 a.m.12 views

SUSE CVE-2026-8964

Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8965

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

4.3CVSS5.8AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.15 views

SUSE CVE-2026-8966

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

4.3CVSS5.8AI score0.00332EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.10 views

SUSE CVE-2026-8967

Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

4.3CVSS5.8AI score0.00332EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.9 views

SUSE CVE-2026-8968

Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

4.3CVSS5.8AI score0.00413EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8969

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

5.4CVSS5.8AI score0.0029EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.9 views

SUSE CVE-2026-8970

Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.3CVSS5.8AI score0.00307EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.12 views

SUSE CVE-2026-8971

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00206EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.10 views

SUSE CVE-2026-8972

Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.3CVSS5.8AI score0.0033EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.11 views

SUSE CVE-2026-8973

Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

8.8CVSS6AI score0.00335EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.9 views

SUSE CVE-2026-8974

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11,...

8.8CVSS6AI score0.00332EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.14 views

SUSE CVE-2026-8975

Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox...

8.8CVSS6AI score0.00429EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/20 2:28 a.m.11 views

SUSE CVE-2026-41054

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...

7.8CVSS6AI score0.00185EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/20 2:28 a.m.9 views

SUSE CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

6.2CVSS5.8AI score0.00144EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/20 2:28 a.m.9 views

SUSE CVE-2026-43492

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

5.5CVSS5.8AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/20 2:28 a.m.9 views

SUSE CVE-2026-43493

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAYBACKLOG requests MAYBACKLOG requests can return EBUSY. Handle them by checking for that value and filtering out EINPROGRESS notifications...

5.5CVSS5.7AI score0.00554EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/19 2:2 a.m.11 views

SUSE CVE-2024-0450

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

6.2CVSS6.8AI score0.00333EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/05/19 2:1 a.m.8 views

SUSE CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

6.5CVSS6.8AI score0.00611EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2026/05/19 1:51 a.m.24 views

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

7.5CVSS5.7AI score0.00356EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:29 p.m.22 views

SUSE CVE-2021-47952

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

9.8CVSS6.7AI score0.00696EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.18 views

SUSE CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.18 views

SUSE CVE-2026-6473

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References31
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.26 views

SUSE CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.18 views

SUSE CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References29
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.13 views

SUSE CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

7.2CVSS6.1AI score0.00287EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.12 views

SUSE CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0References30
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.18 views

SUSE CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References31
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.16 views

SUSE CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS5.8AI score0.00471EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.29 views

SUSE CVE-2026-6575

Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.15 views

SUSE CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.14 views

SUSE CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

3.7CVSS6.1AI score0.0018EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.14 views

SUSE CVE-2026-8388

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

7.5CVSS5.8AI score0.00244EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.11 views

SUSE CVE-2026-8389

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3...

7.3CVSS5.8AI score0.00331EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.16 views

SUSE CVE-2026-8390

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3...

7.3CVSS5.8AI score0.0026EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.13 views

SUSE CVE-2026-8391

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

7.5CVSS5.8AI score0.00298EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.12 views

SUSE CVE-2026-8401

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

8.3CVSS5.8AI score0.00313EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.19 views

SUSE CVE-2026-8695

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrthreadslist function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote...

9.8CVSS6.2AI score0.00626EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.16 views

SUSE CVE-2026-8696

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...

9.8CVSS6.1AI score0.00603EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.13 views

SUSE CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.19 views

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.17 views

SUSE CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.13 views

SUSE CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.3AI score0.00408EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.15 views

SUSE CVE-2026-45803

gh is GitHub's official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

3.5CVSS6AI score0.002EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.9 views

SUSE CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/18 1:23 a.m.11 views

SUSE CVE-2021-34529

unknown...

7.8CVSS7.1AI score0.03862EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/17 1:21 a.m.20 views

SUSE CVE-2025-54518

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation...

7.4CVSS5.8AI score0.00258EPSS
Exploits0References136
SUSE CVE
SUSE CVE
added 2026/05/16 6:19 p.m.11 views

SUSE CVE-2012-0271

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...

10CVSS6.4AI score0.17091EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/16 6:2 p.m.11 views

SUSE CVE-2026-44774

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

9.9CVSS5.8AI score0.00457EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 6:2 p.m.15 views

SUSE CVE-2026-46333

In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'getdumpable' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when you don't have an...

7.8CVSS5.8AI score0.0138EPSS
Exploits6References132
Total number of security vulnerabilities59218