Lucene search
K

2994 matches found

UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.1 views

CVE-2025-38395

In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpiodesc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-bounds access later ...

7.1CVSS6.4AI score0.00164EPSS
Exploits0References41
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.2 views

CVE-2025-38386

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in 1, a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due ...

5.5CVSS6.3AI score0.00166EPSS
Exploits0References41
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.2 views

CVE-2025-38391

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pinassignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In...

5.5CVSS6.3AI score0.0017EPSS
Exploits0References41
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.2 views

CVE-2025-38354

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gpu: Fix crash when throttling GPU immediately during boot There is a small chance that the GPU is already hot during boot. In that case, the call to ofdevfreqcoolingregister will immediately try to apply devfreq cooling,...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.3 views

CVE-2025-38358

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between async reclaim worker and closectree Syzbot reported an assertion failure due to an attempt to add a delayed iput after we have set BTRFSFSSTATENODELAYEDIPUT in the fsinfo state: WARNING: CPU: 0 PID: 65 at...

4.7CVSS5.7AI score0.00096EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.2 views

CVE-2025-38377

In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rosertdevicedown There are two bugs in rosertdevicedown that can cause use-after-free: 1. The loop bound t-count is modified within the loop, which can cause the loop to terminate early an...

7.8CVSS6.3AI score0.00164EPSS
Exploits0References41
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.2 views

CVE-2025-38387

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize objevent-objsublist before xainsert The objevent may be loaded immediately after inserted, then if the listhead is not initialized then we may get a poisonous pointer. This fixes the crash below: mlx5core...

5.5CVSS6.2AI score0.00172EPSS
Exploits0References41
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.6 views

CVE-2025-38366

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Check validity of "numcpu" from user space The maximum supported cpu number is EIOINTCROUTEMAXVCPUS about irqchip EIOINTC, here add validation about cpu number to avoid array pointer overflow...

7.8CVSS6.7AI score0.00145EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/25 1:15 p.m.2 views

CVE-2025-38369

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent proce...

7.8CVSS6.3AI score0.00154EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/25 12:0 a.m.1 views

CVE-2025-54566

hw/pci/pciesriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327...

5.4CVSS5.9AI score0.0024EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/24 3:15 p.m.4 views

CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...

4.7CVSS6.3AI score0.00217EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/22 10:15 p.m.1 views

CVE-2025-54141

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

7.5CVSS5.8AI score0.00822EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/07/22 6:15 p.m.2 views

CVE-2025-48964

ping in iputils before 20250602 allows a denial of service application error in adaptive ping mode or incorrect data collection via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics...

6.5CVSS5.9AI score0.00322EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/22 4:15 p.m.2 views

CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

8.8CVSS7.3AI score0.00578EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/07/22 12:0 a.m.1 views

CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel If an exiting non-autoreaping task has already passed exitnotify and calls handleposixcputimers from IRQ, it can be reaped by its parent or debugger rig...

7.4CVSS6.6AI score0.01345EPSS
Exploits8References48
UbuntuCve
UbuntuCve
added 2025/07/21 8:15 p.m.4 views

CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

5.3CVSS6.8AI score0.00526EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/21 5:15 a.m.6 views

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

3.7CVSS5.9AI score0.00321EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/07/20 7:15 p.m.3 views

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

9.8CVSS7.2AI score0.0199EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2025/07/18 8:15 a.m.2 views

CVE-2025-38349

In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutexunlock&ep-mtx; afterwards. That's very wrong, because it can lead to a...

7.8CVSS6.3AI score0.00152EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/18 12:0 a.m.10 views

CVE-2025-7700

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and...

5.3CVSS6.4AI score0.0031EPSS
Exploits0References4
Rows per page
Query Builder