Lucene search
K
SusecveRecent

59380 matches found

SUSE CVE
SUSE CVE
•added 2026/05/01 2:3 a.m.•12 views

SUSE CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

5.9CVSS5.8AI score0.00354EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/01 2:3 a.m.•9 views

SUSE CVE-2026-42013

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name SAN could cause the validation process to incorrectly fall back to checking the Common Name CN field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to...

6.5CVSS5.8AI score0.00423EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/01 2:3 a.m.•14 views

SUSE CVE-2026-42014

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

4CVSS5.3AI score0.0015EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/01 2:3 a.m.•10 views

SUSE CVE-2026-42015

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

6.1CVSS5.8AI score0.00727EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/05/01 2:3 a.m.•8 views

SUSE CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

4CVSS5.3AI score0.00128EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/30 2:47 a.m.•7 views

SUSE CVE-2005-4887

NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an unspecified impact via vectors related to passwords...

7.5CVSS5.4AI score0.01368EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:46 a.m.•8 views

SUSE CVE-2007-6735

NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session...

7.5CVSS5.4AI score0.01849EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:44 a.m.•8 views

SUSE CVE-2010-4711

Double free vulnerability in the IMAP server component in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command...

10CVSS6.1AI score0.13586EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:43 a.m.•10 views

SUSE CVE-2010-4712

Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing 1 multiple items separated by ; semicolon characters or 2 crafted string data...

10CVSS6.4AI score0.0688EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:43 a.m.•6 views

SUSE CVE-2010-4713

Integer signedness error in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header...

10CVSS6AI score0.05545EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:43 a.m.•6 views

SUSE CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

10CVSS6.4AI score0.06121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:42 a.m.•12 views

SUSE CVE-2011-3175

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management ZCM 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request...

10CVSS6.4AI score0.65599EPSS
Exploits5References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:39 a.m.•11 views

SUSE CVE-2013-3245

plugins/demux/libmkvplugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer...

6.8CVSS6.4AI score0.02888EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•7 views

SUSE CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

3.7CVSS5.8AI score0.00329EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•7 views

SUSE CVE-2026-5435

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•8 views

SUSE CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•8 views

SUSE CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

3.7CVSS5.8AI score0.00549EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•6 views

SUSE CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•14 views

SUSE CVE-2026-6253

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

5.9CVSS5.8AI score0.00639EPSS
Exploits1References11
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•9 views

SUSE CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

3.7CVSS5.8AI score0.00291EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•9 views

SUSE CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

5.8CVSS5.3AI score0.00138EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/30 2:30 a.m.•9 views

SUSE CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.9CVSS5.8AI score0.00519EPSS
Exploits1References10
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•7 views

SUSE CVE-2026-7020

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

6.3CVSS5.2AI score0.00908EPSS
Exploits2References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•4 views

SUSE CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•4 views

SUSE CVE-2026-7233

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

6.1CVSS4.1AI score0.00238EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•11 views

SUSE CVE-2026-7320

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1...

7.5CVSS5.2AI score0.00323EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•9 views

SUSE CVE-2026-7321

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1...

9.6CVSS5.2AI score0.00258EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•11 views

SUSE CVE-2026-7322

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

8.8CVSS6AI score0.00316EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•10 views

SUSE CVE-2026-7323

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ES...

7.5CVSS6AI score0.00375EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•9 views

SUSE CVE-2026-7324

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1...

7.3CVSS6AI score0.003EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7333

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.4AI score0.00286EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•4 views

SUSE CVE-2026-7334

Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.00286EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7335

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00309EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7336

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00433EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7337

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00344EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•8 views

SUSE CVE-2026-7338

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

7.5CVSS5.4AI score0.00134EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•8 views

SUSE CVE-2026-7339

Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7340

Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00207EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7341

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00399EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•5 views

SUSE CVE-2026-7342

Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00399EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•4 views

SUSE CVE-2026-7343

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS5.4AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7344

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS5.4AI score0.00244EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7345

Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.4AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7346

Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.1CVSS5.4AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•6 views

SUSE CVE-2026-7347

Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: High...

8.1CVSS6AI score0.0035EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•5 views

SUSE CVE-2026-7348

Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00316EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:29 a.m.•4 views

SUSE CVE-2026-7349

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: High...

7.5CVSS5.9AI score0.00136EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:28 a.m.•4 views

SUSE CVE-2026-7350

Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.4AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/30 2:28 a.m.•8 views

SUSE CVE-2026-7351

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: High...

3.1CVSS5.2AI score0.00093EPSS
Exploits0References3
Total number of security vulnerabilities59380