58335 matches found
SUSE CVE-2026-5888
Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-5889
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...
SUSE CVE-2026-5890
Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-5891
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-5892
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-5893
Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-5894
Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5895
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...
SUSE CVE-2026-5896
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5897
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5898
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5899
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5900
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5901
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...
SUSE CVE-2026-5902
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5903
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5904
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...
SUSE CVE-2026-5905
Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5906
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5907
Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. Chromium security severity: Low...
SUSE CVE-2026-5908
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...
SUSE CVE-2026-5909
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...
SUSE CVE-2026-5910
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...
SUSE CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5912
Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5913
Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5914
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...
SUSE CVE-2026-5915
Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5918
Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-5919
Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-33540
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...
SUSE CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
SUSE CVE-2026-33815
Memory-safety vulnerability in github.com/jackc/pgx/v5...
SUSE CVE-2026-33816
Memory-safety vulnerability in github.com/jackc/pgx/v5...
SUSE CVE-2026-34078
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access ...
SUSE CVE-2026-34079
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...
SUSE CVE-2026-34165
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
SUSE CVE-2026-35201
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...
SUSE CVE-2026-35480
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.22.0, the DAG-CBOR decoder uses collection sizes declared in CBOR headers a...
SUSE CVE-2026-35611
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...
SUSE CVE-2026-39324
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie...
SUSE CVE-2026-39373
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...
SUSE CVE-2026-39881
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...
SUSE CVE-2026-40024
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...
SUSE CVE-2026-40025
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrappedkeyparser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS...
SUSE CVE-2026-40026
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SU...
SUSE CVE-2026-4277
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...
SUSE CVE-2026-4292
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...
SUSE CVE-2026-5208
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
SUSE CVE-2026-5300
Unauthenticated functionality in CoolerControl/coolercontrold 4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests...