Lucene search
K
SusecveRecent

59380 matches found

SUSE CVE
SUSE CVE
•added 2026/04/28 1:45 a.m.•6 views

SUSE CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

9.8CVSS5.9AI score0.01735EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/28 1:45 a.m.•7 views

SUSE CVE-2026-6842

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

2.5CVSS5.3AI score0.00085EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•10 views

SUSE CVE-2026-35328

unknown...

7.5CVSS5.1AI score
Exploits0References8
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•11 views

SUSE CVE-2026-35329

unknown...

7.5CVSS5.2AI score
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•8 views

SUSE CVE-2026-35330

unknown...

8.1CVSS5.2AI score
Exploits3References9
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•7 views

SUSE CVE-2026-35331

unknown...

4.8CVSS5.2AI score
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•12 views

SUSE CVE-2026-35332

unknown...

7.5CVSS5.1AI score
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•10 views

SUSE CVE-2026-35333

unknown...

7.5CVSS5.2AI score
Exploits3References9
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•10 views

SUSE CVE-2026-35334

unknown...

7.5CVSS5.2AI score
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•10 views

SUSE CVE-2026-40475

unknown...

5.5CVSS5.2AI score
Exploits0References9
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•6 views

SUSE CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability - the...

7.7CVSS5.4AI score0.00266EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:35 a.m.•6 views

SUSE CVE-2026-41323

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

9.1CVSS5.3AI score0.0056EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:34 a.m.•10 views

SUSE CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS5.4AI score0.00501EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:34 a.m.•19 views

SUSE CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:34 a.m.•7 views

SUSE CVE-2026-41476

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of...

8.8CVSS5.7AI score0.00344EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:34 a.m.•5 views

SUSE CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

7.8CVSS5.8AI score0.00218EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:34 a.m.•7 views

SUSE CVE-2026-41485

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.17.2 and 1.16.4, an unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller int...

7.7CVSS5.3AI score0.00369EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:34 a.m.•7 views

SUSE CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

4CVSS5.3AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/28 1:34 a.m.•5 views

SUSE CVE-2026-42371

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes...

5.1CVSS5.2AI score0.00172EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/27 1:50 a.m.•7 views

SUSE CVE-2009-0895

Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow...

10CVSS6.5AI score0.06822EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•8 views

SUSE CVE-2026-31673

In the Linux kernel, the following vulnerability has been resolved: afunix: read UNIXDIAGVFS data under unixstatelock Exact UNIX diag lookups hold a reference to the socket, but not to u-path. Meanwhile, unixreleasesock clears u-path under unixstatelock and drops the path reference after unlockin...

4.5CVSS5.4AI score0.00121EPSS
Exploits0References13
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•6 views

SUSE CVE-2026-31674

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6trt: reject oversized addrnr in rtmt6check Reject rt match rules whose addrnr exceeds IP6TRTHOPS. rtmt6 expects addrnr to stay within the bounds of rtinfo-addrs. Validate addrnr during rule installation so malformed...

5.5CVSS5.4AI score0.00117EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•9 views

SUSE CVE-2026-31675

In the Linux kernel, the following vulnerability has been resolved: net/sched: schnetem: fix out-of-bounds access in packet corruption In netemenqueue, the packet corruption logic uses getrandomu32belowskbheadlenskb to select an index for modifying skb-data. When an AFPACKET TXRING sends fully...

5.6CVSS5.6AI score0.00126EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•8 views

SUSE CVE-2026-31676

In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPCCONNSERVICECHALLENGING. Check that state under statelock before running response verification and...

7.5CVSS5.5AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•7 views

SUSE CVE-2026-31677

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - limit RX SG extraction by receive buffer budget Make afalggetrsgl limit each RX scatterlist extraction to the remaining receive buffer budget. afalggetrsgl currently uses afalgreadable only as a gate before...

5.6AI score0.00114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•10 views

SUSE CVE-2026-31678

In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdevput to RCU release ovsnetdevtunneldestroy may run after NETDEVUNREGISTER already detached the device. Dropping the netdev reference in destroy can race with concurrent readers that still observe...

6.4CVSS5.4AI score0.00096EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•9 views

SUSE CVE-2026-31679

In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/setmasked payload length validateset accepted OVSKEYATTRMPLS as variable-sized payload for SET/SETMASKED actions. In action handling, OVS expects fixed-size MPLS key data struct ovskeympls. Use the...

6.7CVSS5.4AI score0.00117EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•6 views

SUSE CVE-2026-31680

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: flowlabel: defer exclusive option free until RCU teardown ip6flseqshow walks the global flowlabel hash under the seq-file RCU read-side lock and prints fl-opt-optnflen when an option block is present. Exclusive...

4.7CVSS5.4AI score0.00121EPSS
Exploits0References11
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•12 views

SUSE CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

4.4CVSS5.4AI score0.00115EPSS
Exploits0References17
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•10 views

SUSE CVE-2026-31682

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: linearize skb before parsing ND options brndsend parses neighbour discovery options from ns-opt and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMPv6 header...

4.3CVSS5.4AI score0.00422EPSS
Exploits0References16
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•7 views

SUSE CVE-2026-31683

In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packetlen bytes, while a later packet can still ...

4.8CVSS5.5AI score0.00121EPSS
Exploits0References7
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•8 views

SUSE CVE-2026-31684

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

6.5CVSS5.5AI score0.00117EPSS
Exploits0References19
SUSE CVE
SUSE CVE
•added 2026/04/26 1:52 a.m.•12 views

SUSE CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

7.4CVSS5.5AI score0.00337EPSS
Exploits0References28
SUSE CVE
SUSE CVE
•added 2026/04/25 1:53 a.m.•4 views

SUSE CVE-2009-1636

Multiple buffer overflows in the Internet Agent aka GWIA component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via 1 a crafted e-mail address in an SMTP session or 2 an SMTP command...

10CVSS6.3AI score0.08435EPSS
Exploits5References5
SUSE CVE
SUSE CVE
•added 2026/04/25 1:44 a.m.•6 views

SUSE CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.4AI score0.00233EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:43 a.m.•5 views

SUSE CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

6.5CVSS5.5AI score0.00632EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:43 a.m.•5 views

SUSE CVE-2026-6919

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:43 a.m.•18 views

SUSE CVE-2026-6920

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00211EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:43 a.m.•5 views

SUSE CVE-2026-6921

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. Chromium security severity: Medium...

8.3CVSS5.4AI score0.00187EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:40 a.m.•4 views

SUSE CVE-2026-31534

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.3AI score
Exploits0References2
SUSE CVE
SUSE CVE
•added 2026/04/25 1:40 a.m.•5 views

SUSE CVE-2026-31535

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

4.7CVSS5.5AI score0.00088EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/25 1:40 a.m.•4 views

SUSE CVE-2026-31536

In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...

9.8CVSS5.5AI score0.00442EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:40 a.m.•3 views

SUSE CVE-2026-31537

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:40 a.m.•5 views

SUSE CVE-2026-31538

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

7.5CVSS5.5AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:40 a.m.•7 views

SUSE CVE-2026-31539

In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

7.5CVSS5.5AI score0.00426EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:39 a.m.•5 views

SUSE CVE-2026-31540

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check setdefaultsubmission before deferencing When the i915 driver firmware binaries are not present, the setdefaultsubmission pointer is not set. This pointer is dereferenced during suspend anyways. Add a check to...

5.5CVSS5.4AI score0.00123EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/04/25 1:39 a.m.•7 views

SUSE CVE-2026-31541

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix tracemarker copy link list updates When the "copytracemarker" option is enabled for an instance, anything written into /sys/kernel/tracing/tracemarker is also copied into that instances buffer. When the option is set...

5.5AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:39 a.m.•3 views

SUSE CVE-2026-31542

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCKEMPTY 0xffff. This causes a panic while allocating UV hub info structures. Fix this by using NUMANONODE, allowing UV hub info structur...

5.5AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:39 a.m.•3 views

SUSE CVE-2026-31543

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/04/25 1:39 a.m.•8 views

SUSE CVE-2026-31544

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...

5.4AI score0.00121EPSS
Exploits0References3
Total number of security vulnerabilities59380