Lucene search
K
SusecveRecent

59380 matches found

SUSE CVE
SUSE CVE
added 2026/05/16 1:12 a.m.7 views

SUSE CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

5.3CVSS5.7AI score0.0041EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/16 1:12 a.m.10 views

SUSE CVE-2026-42256

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:12 a.m.10 views

SUSE CVE-2026-42308

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

7.5CVSS7.1AI score0.00114EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/16 1:12 a.m.10 views

SUSE CVE-2026-42582

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoderdecodeHuffmanEncodedLiteral may execute new bytelength for a string literal before verifying that length byt...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-43490

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that...

5.5CVSS5.9AI score0.00408EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-43903

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

8.4CVSS6AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.17 views

SUSE CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

8.4CVSS5.8AI score0.00173EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS6AI score0.00173EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-43906

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

8.5CVSS6.1AI score0.00188EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.14 views

SUSE CVE-2026-43907

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

8.3CVSS6.6AI score0.0037EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-43908

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.8 views

SUSE CVE-2026-43909

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.14 views

SUSE CVE-2026-43961

unknown...

4.8CVSS5.8AI score0.00014EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.7 views

SUSE CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.13 views

SUSE CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44636

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixelencodehighcolor's allocation size calculation can lead to a heap buffer overflow. The public sixelencode entry point validates only that width and height are greater th...

7.8CVSS6.3AI score0.00104EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-44637

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...

7.1CVSS6AI score0.0016EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

2.5CVSS5.8AI score0.00131EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44673

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

8.6CVSS6AI score0.00428EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.10 views

SUSE CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.8 views

SUSE CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.9 views

SUSE CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

9.1CVSS5.8AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.19 views

SUSE CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7.8CVSS5.9AI score0.00552EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/15 2:19 a.m.9 views

SUSE CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

7.5CVSS7AI score0.74EPSS
Exploits7References3
SUSE CVE
SUSE CVE
added 2026/05/15 2:10 a.m.6 views

SUSE CVE-2021-46778

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

5.6CVSS6.3AI score0.00217EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 2:2 a.m.10 views

SUSE CVE-2025-5265

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Th...

4.8CVSS6.7AI score0.00141EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/05/15 2:0 a.m.11 views

SUSE CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to...

8.1CVSS7.6AI score0.00491EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/15 2:0 a.m.8 views

SUSE CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.3CVSS5.8AI score0.00476EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.10 views

SUSE CVE-2026-28374

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.8 views

SUSE CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.10 views

SUSE CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.8 views

SUSE CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.9 views

SUSE CVE-2026-28383

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.10 views

SUSE CVE-2026-33376

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.12 views

SUSE CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.11 views

SUSE CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.9 views

SUSE CVE-2026-33380

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

7.7CVSS6AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.14 views

SUSE CVE-2026-33381

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

5.9CVSS5.8AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.10 views

SUSE CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.11 views

SUSE CVE-2026-42304

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.8 views

SUSE CVE-2026-42557

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.3AI score0.00386EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.12 views

SUSE CVE-2026-42561

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.13 views

SUSE CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS5.9AI score0.00667EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.8 views

SUSE CVE-2026-42579

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit t...

8.2CVSS5.8AI score0.00818EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.7 views

SUSE CVE-2026-42580

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

7.3CVSS5.8AI score0.00364EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.18 views

SUSE CVE-2026-42581

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absen...

7.3CVSS5.8AI score0.00515EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.19 views

SUSE CVE-2026-42583

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength up to 32 MB per block before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if...

7.5CVSS5.8AI score0.00429EPSS
Exploits1References4
Total number of security vulnerabilities59380