Lucene search
K

3063 matches found

CVE
CVE
added 2025/12/30 12:23 p.m.14 views

CVE-2023-54282

CVE-2023-54282 affects the Linux kernel driver media/tuners/qt1010 (qt1010.c). The vulnerability arises from a buffer overflow in qt1010_init() where i2c_data overflow was flagged (34

6.6AI score0.00196EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/12/30 12:11 p.m.25 views

CVE-2023-54221 clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe

In the Linux kernel, the following vulnerability has been resolved: clk: imx93: fix memory leak and missing unwind goto in imx93clocksprobe In function probe, it returns directly without unregistered hws when error occurs. Fix this by adding 'goto unregisterhws;' on line 295 and line 310. Use...

0.00168EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 12:8 p.m.13 views

CVE-2023-54180

CVE-2023-54180 concerns the Linux kernel Btrfs repair flow when a dev-replace operation is in progress. The root cause is a BUG_ON() in btrfs_repair_io_failure() triggered while repairing a degraded/replace target device, due to mirror_num handling in btrfs_map_block() and possible manipulation o...

5.8AI score0.00166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.3 views

PT-2025-53935

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-syzkaller-02734-g0326074ff465 Description The Linux kernel contained a flaw within the networking component, specifically in the hsr High Speed Resilient functionality. A null dereference issue was identifi...

6.7AI score0.002EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper handling of fixes by btrfs during device replacement, which could lead to null pointer...

5.8AI score0.00166EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992668)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992668 advisory. In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing...

5.5CVSS6.2AI score0.00754EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992637 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices...

5.5CVSS6.2AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.24 views

CVE-2019-25245 Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions

Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a...

8.8CVSS0.00202EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:27 p.m.10 views

CVE-2019-25245

Ross Video DashBoard 8.5.1 has an elevation-of-privileges vulnerability where authenticated users can replace the DashBoard.exe binary due to improper permissions. The issue arises from the ability of the M/C flags for the Authenticated Users group to modify executables, enabling a local attacker...

8.8CVSS6.3AI score0.00202EPSS
Exploits1References3
NVD
NVD
added 2025/12/24 1:16 p.m.16 views

CVE-2023-54092

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Having t...

0.00209EPSS
Exploits0References5
OSV
OSV
added 2025/12/24 1:6 p.m.5 views

CVE-2023-54092 KVM: s390: pv: fix index value of replaced ASCE

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Having t...

6.3AI score0.00209EPSS
Exploits0References8
CVE
CVE
added 2025/12/24 10:55 a.m.20 views

CVE-2023-53987

The CVE-2023-53987 issue affects the Linux kernel’s ping handling, where a potential NULL dereference in /proc/net/icmp could be triggered by an incorrect use of Read-Copy-Update (RCU) for ping sockets. The root cause, as stated in multiple sources, is using RCU lookups instead of a spinlock for ...

6.1AI score0.00167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-53331

Name of the Vulnerable Software and Affected Versions Ross Video DashBoard version 8.5.1 Description An elevation of privileges issue exists in Ross Video DashBoard. Authenticated users can modify executable files because of incorrect permission settings. Attackers can leverage the 'M' or 'C' fla...

8.8CVSS6.6AI score0.00202EPSS
Exploits1References5
Talos
Talos
added 2025/12/19 12:0 a.m.6 views

Foxit PDF Editor Installation Uncontrolled Search Path Privilege Escalation Vulnerability

Talos Vulnerability Report TALOS-2025-2275 Foxit PDF Editor Installation Uncontrolled Search Path Privilege Escalation Vulnerability December 19, 2025 CVE Number CVE-2025-57779 SUMMARY A privilege escalation vulnerability exists during the installation of Foxit PDF Editor via the Microsoft Store....

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.10 views

PT-2025-52520

Name of the Vulnerable Software and Affected Versions AspEmail version 5.6.0.2 Description The software contains a binary permission issue that allows local users to gain higher system access. An attacker can replace the service executable within the BIN directory, due to full write permissions, ...

8.5CVSS6.5AI score0.00114EPSS
Exploits0References6
Snyk
Snyk
added 2025/12/18 10:45 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the snapshot restore request due to improper length validation for renamereplacement. An attacker can exhau...

6.9CVSS6.7AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2025/12/18 7:57 p.m.8 views

CVE-2023-53937

Hubstaff 1.6.14 is affected by a DLL search order hijacking vulnerability that enables replacing the missing system32 wow64log.dll with a malicious library. An attacker could generate a custom DLL (e.g., via Metasploit) and place it in the system32 directory to obtain a reverse shell when the app...

8.5CVSS6.4AI score0.00189EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/18 3:46 p.m.5 views

GHSA-4V42-65R3-3GJX Amazon S3 Encryption Client for .NET has a Key Commitment Issue

Summary S3 Encryption Client for .NET S3EC is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible...

6CVSS6.9AI score0.00094EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/18 11:21 a.m.3 views

CVE-2025-10910 Gaining remote control over Govee devices

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

9.3CVSS6.4AI score0.00358EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/12/17 9:4 a.m.4 views

KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced

...

6.2CVSS5.3AI score0.00161EPSS
Exploits0
Rows per page
Query Builder