4730 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-26965
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entr...
Linux Distros Unpatched Vulnerability : CVE-2025-37749
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ppp: Add bound checking for skb data on pppsynctxmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents...
Linux Distros Unpatched Vulnerability : CVE-2025-37956
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from dalloc. This patch return the err...
Linux Distros Unpatched Vulnerability : CVE-2017-2618
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty null write to this file can crash...
fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()
...
Linux Distros Unpatched Vulnerability : CVE-2025-38077
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the 'buf'...
Linux Distros Unpatched Vulnerability : CVE-2025-38283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hisiaccvfiopci: bugfix live migration function without VF device driver If the VF device driver is not loaded in the Guest OS and we attempt to perform device...
Linux Distros Unpatched Vulnerability : CVE-2025-38400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When...
CVE-2025-51054
Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint...
SUSE CVE-2025-38468
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
SUSE CVE-2025-38497
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...
MINI-QMW3-5P36-W7WR
Bulletin has no description...
DEBIAN-CVE-2025-38497
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...
AZL-72965 CVE-2025-38468 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
DEBIAN-CVE-2025-38468
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
AZL-65910 CVE-2025-38468 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
UBUNTU-CVE-2025-38468
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
CVE-2025-38497 usb: gadget: configfs: Fix OOB read on empty string write
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...
CVE-2025-38497
CVE-2025-38497 (Linux kernel) affects usb gadget configfs: writing an empty string to the qw_sign or landingPage sysfs attributes can dereference page[l-1] before length validation, causing an OOB read. The fix adds an early length check in os_desc_qw_sign_store() and webusb_landingPage_store() t...
CVE-2025-38497
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qwsign' or 'landingPage' sysfs attributes, the store functions attempt to access pagel - 1 before validating that the length 'l' is...