Lucene search
K

6095 matches found

NVD
NVD
added 2025/04/01 4:15 p.m.9 views

CVE-2025-21939

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don't dereference struct page pointers without notifier lock The pnfs that we obtain from hmmrangefault point to pages that we don't have a reference on, and the guarantee that they are still in the cpu page-tables is...

5.5CVSS0.00174EPSS
Exploits0References3
Amazon
Amazon
added 2025/04/01 12:0 a.m.11 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero CVE-2024-26982 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfqlimitdepth CVE-2024-53166 In the...

7.8CVSS7.2AI score0.13626EPSS
Exploits3
Debian CVE
Debian CVE
added 2025/03/27 4:43 p.m.8 views

CVE-2023-52978

In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: CONFIGRISCVISAC=n echo 'p:hello kernelclone+0x16 a0=%a0' kprobeevents echo 1...

5.5CVSS5.4AI score0.00237EPSS
Exploits0
CVE
CVE
added 2025/03/27 4:37 p.m.73 views

CVE-2021-4454

CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...

5.5CVSS6.3AI score0.00226EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/03/27 2:57 p.m.169 views

CVE-2025-21887

In CVE-2025-21887, the Linux kernel overlayfs (ovl) had a use-after-free in ovl_dentry_remote/ovl_dentry_update_reval caused by calling dput(upper) before upper is no longer safe to use; the fix moves dput(upper) to after its final use in ovl_link_up, preventing the UAF. The issue is addressed in...

7.8CVSS6.9AI score0.00182EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2025/03/27 2:57 p.m.6 views

CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsgtransportsgiofn. In the case where ufsbsgexecadvancedrpmbreq returns an error, do not set the...

5.5CVSS5.7AI score0.00189EPSS
Exploits0
OSV
OSV
added 2025/03/24 9:30 p.m.2 views

GHSA-V3VP-FG2V-G7Q4 OpenDaylight SFC Denial of Service (DoS)

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service DoS...

7.5CVSS5.9AI score0.0037EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2025/03/17 10:33 p.m.15 views

Advisory ROSA-SA-2025-2786

software: kernel-6.1 6.1.128 OS: ROSA-CHROME packageevrstring: kernel-6.1-generic-6.1.128-1 CVE-ID: CVE-2024-27397 BDU-ID: 2025-00432 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the nftables netfilter component of the Linux operating system kernel is related to memory usage after it has been...

7CVSS7.1AI score0.00257EPSS
Exploits0
Rosalinux
Rosalinux
added 2025/03/17 9:44 p.m.11 views

Advisory ROSA-SA-2025-2779

Software: ncurses 6.1 OS: ROSA Virtualization 2.1 packageevrstring: ncurses-6.1-10.20180224.0.1.rv3 CVE-ID: CVE-2021-39537 BDU-ID: 2023-07626 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nccaptoinfo function of the captoinfo.c component of the Ncurses terminal I/O control library involve...

8.8CVSS7.6AI score0.03005EPSS
Exploits2
Rosalinux
Rosalinux
added 2025/03/17 9:44 p.m.3 views

Advisory ROSA-SA-2025-2775

Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...

6.4CVSS7.6AI score0.00838EPSS
Exploits1
OSV
OSV
added 2025/03/17 12:0 a.m.6 views

OPENSUSE-SU-2025:14902-1 rime-plum-1.0.3-1.1 on GA media

These are all security issues fixed in the rime-plum-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS8.4AI score0.03092EPSS
Exploits2References3
CBLMariner
CBLMariner
added 2025/03/13 9:13 p.m.6 views

CVE-2024-57908 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-57908 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

7.1CVSS6.8AI score0.00214EPSS
Exploits0
OSV
OSV
added 2025/03/12 9:42 a.m.10 views

CVE-2025-21844 smb: client: Add check for next_buffer in receive_encrypted_standard()

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 3:37 p.m.18 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest [CVE-2024-4741, CVE-2024-2511, CVE-2024-5535, CVE-2024-4603, CVE-2024-6119]

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed mutiple CVEs. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...

9.1CVSS7.7AI score0.66594EPSS
Exploits1Affected Software1
Rosalinux
Rosalinux
added 2025/03/08 9:27 p.m.18 views

Advisory ROSA-SA-2025-2773

Software: zabbix 6.0.34 OS: ROSA Virtualization 3.0 packageevrstring: zabbix-6.0.34-2.rv30 CVE-ID: CVE-2024-22114 BDU-ID: 2025-00959 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System is related to improper saving of permissions. Exploitation of the vulnerabilit...

9.1CVSS6.7AI score0.01606EPSS
Exploits1
Rosalinux
Rosalinux
added 2025/03/08 9:24 p.m.4 views

Advisory ROSA-SA-2025-2770

Software: python-jwcrypto 0.5.0 OS: ROSA Virtualization 3.0 packageevrstring: python-jwcrypto-0.5.0-2.rv30 CVE-ID: CVE-2024-28102 BDU-ID: 2024-01978 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the deserialize JavaScript library function for Jwcrypto is associated with uncontrolled resource...

6.8CVSS6.5AI score0.0098EPSS
Exploits1
Rosalinux
Rosalinux
added 2025/03/08 9:20 p.m.15 views

Advisory ROSA-SA-2025-2768

Software: python-jinja2 2.10.1 OS: ROSA Virtualization 3.0 packageevrstring: python-jinja2-2.10.1-6.rv30 CVE-ID: CVE-2024-56326 BDU-ID: 2025-00113 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the str.format method of the html template tool jinja is related to a failure to neutralize special...

7.8CVSS8.1AI score0.005EPSS
Exploits0
Rosalinux
Rosalinux
added 2025/03/08 9:17 p.m.3 views

Advisory ROSA-SA-2025-2758

Software: libsoup 2.62.2 OS: rosa-server79 packageevrstring: libsoup-2.62.2-2.0.3.res7 CVE-ID: CVE-2024-52531 BDU-ID: 2025-00232 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the soupheaderparseparamliststrict function of the GNOME GUI libsoup library is related to a buffer overflow in dynamic...

8.4CVSS8.4AI score0.00679EPSS
Exploits1
Debian CVE
Debian CVE
added 2025/03/07 4:18 p.m.7 views

CVE-2025-27607

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party...

8.8CVSS7.8AI score0.01451EPSS
Exploits1
OSV
OSV
added 2025/03/07 4:18 p.m.7 views

CVE-2025-27607 Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party...

8.8CVSS7.9AI score0.01451EPSS
Exploits1References5
Rows per page
Query Builder