CVE-2024-53685

CVE-2024-53685 concerns the Linux kernel Ceph path construction: when the full path built by ceph_mdsc_build_path() exceeds PATH_MAX, the function enters an endless retry loop, effectively DoS-ing the system. The description notes the fix is to remove the retry and fail with ENAMETOOLONG instead,...

CVE-2025-24884

The CVE-2025-24884 entry concerns kube-audit-rest, a simple logger for Kubernetes API mutations. When the here-described full-elastic-stack example vector is used, previous values of Kubernetes secrets could be disclosed in audit messages due to the logger capturing sensitive data. Fixed in versi...

CVE-2021-34473

CVE-2021-34473 is part of the ProxyShell chain affecting on-premises Microsoft Exchange Server. The vulnerability arises from pre-auth path confusion that bypasses ACLs, enabling pre-auth remote code execution when combined with CVE-2021-34523 and CVE-2021-31207 in the same exploit chain. Exploit...

CVE-2024-56701

CVE-2024-56701: Linux kernel powerpc/pseries code fixed a sleeping-lock issue by changing dtl_access_lock to a rw_semaphore because kmalloc() can sleep while held. Root cause: a non-sleeping lock protected code path that sleeps, causing a potential sleep in atomic context. Impact is local (LOCAL)...

CVE-2025-21646

Technical details about CVE-2025-21646 are not provided in the supplied documents. Monitor vendor advisories for affected products, impact, and fixes.

CVE-2018-13379

CVE-2018-13379 is a path traversal vulnerability in Fortinet FortiOS SSL VPN web portal that allows an unauthenticated attacker to download system files via crafted HTTP requests. Affected products/versions include FortiOS 6.0.0–6.0.4, 5.6.3–5.6.7, 5.4.6–5.4.12 and FortiProxy 2.0.0, 1.2.0–1.2.8, ...

CVE-2024-56592

CVE-2024-56592 (Linux kernel) relates to BPF hash table management for maps. The vulnerability arises when a map element is freed while holding a bucket lock, triggering a lockdep warning due to bpf_map_fd_put_ptr() calling bpf_map_free_id() which acquires map_idr_lock. The fix defers free_htab_e...

CVE-2024-57948

Summary (CVE-2024-57948) : In the Linux kernel, the mac802154 subsystem had a vulnerability where, during removal of an IEEE 802.15.4 network interface, a list-del operation could run on a stale sdata entry if local interfaces had not been validated first. This could allow a corrupted list path t...

CVE-2022-0482

Easy!Appointments before 1.4.3 is affected by a Broken Access Control vulnerability that allows an unauthorized user to retrieve sensitive appointment data via a public-facing API endpoint (examples reference /index.php/backend_api/ajax_get_calendar_events) due to missing authentication/permissio...

CVE-2024-41935

CVE-2024-41935 (Linux kernel, f2fs) : The issue concerns the f2fs extent tree shrink operation. The patch changes the shrink process to operate on read extent nodes in batches, reducing the time a core rwlock is held and preventing potential kernel hangs when the extent tree contains a large numb...

CVE-2024-55881

CVE-2024-55881 : In the Linux kernel, KVM for x86 had a fix to correctly detect 64‑bit hypercalls during complete_hypercall_exit() for guests with protected state (e.g., SEV-ES/SEV-SNP). The change replaces is_64_bit_mode() with is_64_bit_hypercall() to determine 64‑bit mode when the vCPU state n...

CVE-2024-56637

CVE-2024-56637 affects the Linux kernel: netfilter ipset race where unloading ip_set while a set-type backend is being requested can crash the kernel. The issue is triggered by a race after nfnl_unlock(), e.g., when an mdelay() is inserted. A patch fixes by holding the module reference while requ...

CVE-2022-0665

Vulnerability summary (CVE-2022-0665) : A path traversal flaw exists in pimcore/pimcore prior to version 10.3.2. The vulnerability stems from insufficient validation of the importFile parameter at the endpoint /admin/translation/import, allowing an attacker to delete arbitrary files on the server...

CVE-2024-53196

CVE-2024-53196 affects the Linux kernel (arm64/KVM). The issue is that KVM could retire an aborted MMIO instruction and advance the PC even when a synchronous external abort was pending, triggering a kernel WARN in kvm_emulate.h and related call paths. The documented fix is to skip MMIO emulation...

CVE-2024-53147

CVE-2024-53147 affects the Linux kernel exFAT filesystem driver. When directory size is at least a cluster and start_clu becomes an invalid/EOF cluster due to filesystem corruption, the code may access ei->hint_femp.eidx outside the directory, causing out-of-bounds access and potential filesys...

CVE-2024-56597

CVE-2024-56597 is a confirmed Linux kernel vulnerability affecting the JFS filesystem logic. The issue is a shift-out-of-bounds in jfs/dbSplit, triggered when dmt_budmin is less than zero, leading to errors in later stages. The fix adds a pre-check in dbAllocCtl to return an error earlier, preven...

CVE-2024-36472

In CVE-2024-36472, GNOME Shell up to 45.7 allows a portal helper to be launched automatically (without user confirmation) based on crafted network responses from an attacker on the local network, which can then load untrusted JavaScript. This can lead to resource consumption or other impacts depe...

CVE-2024-57931

CVE-2024-57931 is a Linux kernel issue in the SELinux subsystem: when evaluating extended permissions, the patch changes behavior to ignore unknown permissions instead of triggering a BUG(), allowing future permissions to be added without breaking older kernels. The unit described in connected da...

CVE-2020-8492

CVE-2020-8492 describes a Regular Expression Denial of Service (ReDoS) in Python’s urllib.request.AbstractBasicAuthHandler that can be triggered by a malicious HTTP server. The vulnerability affects Python 2.7 (up to 2.7.17) and multiple 3.x releases (up to 3.8.1 per the CVE summary). Connected a...

CVE-2025-21679

CVE-2025-21679—Linux kernel (btrfs): The issue arises in get_canonical_dev_path() where d_path()’s possible error is not handled, causing an invalid memory access on the subsequent strscpy() call. The patch reintroduces proper error handling for d_path() to prevent the memory access, addressing t...

CVE-2024-57904

CVE-2024-57904 affects the Linux kernel’s IIO subsystem for at91: the at91_ts_register path frees the wrong object during error handling. The code currently calls input_free_device() on st->ts_input, but the err path can run before iio_dev is assigned to st->ts_input. The fix is to call inp...

CVE-2024-56584

CVE-2024-56584 concerns the Linux kernel: a flaw in io_uring/tctx could leave tctx->xa head non-NULL after xa_store() allocation failures, even when there are no entries. Syzbot WARN_ON_ONCE(!xa_empty(&tctx->xa)) could trigger during final put of an io_uring_task. The available documents de...

CVE-2022-0862

CVE-2022-0862 describes a password-change protection weakness in McAfee Enterprise ePolicy Orchestrator (ePO) before 5.10 Update 13, via a depreciated API. A remote attacker could change the password of a compromised session without knowing the current password. The UI removed this functionality ...

CVE-2023-52924

CVE-2023-52924 describes a Linux kernel vulnerability in nf_tables/netfilter where expired elements were wrongly skipped during a set walk, causing use-count inconsistencies and potential WARNs during chain removal. The issue arises in asymmetry between preparation/commit phases when a set elemen...

CVE-2024-57929

CVE-2024-57929 : In the Linux kernel, the vulnerability stems from dm-array: when dm_bm_read_lock() fails, a faulty dm_block pointer can be left behind, leading to a double release in dm_array_cursor_end() and a subsequent BUG_on in dm-bufio. The fix (as described in the CVE text) sets the cached...

CVE-2024-56590

CVE-2024-56590 is a Linux kernel vulnerability in Bluetooth hci_core: the patch fixes not checking skb length on hci_acldata_packet, which could cause access to uninitialized/invalid memory past skb->data. This is a local attack vector with low privileges and no user interaction, with a HIGH i...

CVE-2021-3827

CVE-2021-3827 concerns Keycloak where the default ECP binding flow can bypass other authentication flows, enabling an attacker to bypass MFA by sending a SOAP AuthnRequest with an Authorization header containing user credentials. Exploitation affects confidentiality and integrity as described in ...

CVE-2024-27032

CVE-2024-27032 affects the Linux kernel f2fs subsystem. During recovery, if FAULT_BLOCK is enabled, f2fs_reserve_new_block() may return -ENOSPC, potentially causing a kernel panic. Additionally, with fault-injection rate 1 and only FAULT_BLOCK enabled, a deadloop in block reservation may occur. T...

CVE-2022-37454

CVE-2022-37454 affects the Keccak XKCP SHA-3 reference implementation prior to fdc6fef, where an integer overflow leads to a buffer overflow in the sponge function interface. This can enable attackers to execute arbitrary code or compromise cryptographic properties. Public advisories note this vu...

CVE-2022-27873

CVE-2022-27873 affects Autodesk Fusion 360 through the document parser’s Insert SVG pathway. The affected component is the SVG insertion logic in Fusion 360, which can cause the application to initiate arbitrary HTTP requests and potentially disclose the victim’s public IP (and possibly other inf...

CVE-2022-0861

The CVE-2022-0861 entry describes a XML External Entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. A remote administrator can upload a crafted XML file via the extension import functionality, with impact limited to some leakage of confidential ...

CVE-2024-53220

CVE-2024-53220 (Linux kernel, f2fs) : The vulnerability stems from a data accounting error in __get_secs_required() when dirty data is involved. If checkpoint_disabling is enabled and lfs_mode is on, the allocator may trigger an out-of-place update for all overwritten data, consuming more free se...

CVE-2025-32728

CVE-2025-32728 affects OpenSSH sshd prior to 10.0: the DisableForwarding directive does not fully disable X11 and agent forwarding as documented, potentially enabling unintended access under certain configurations. Multiple advisories indicate OpenSSH vulnerabilities across platforms (AIX, Amazon...

CVE-2025-21632

CVE-2025-21632: In the Linux kernel, a patch fixes shadow stack handling for x86 XSAVE state accessed via ptrace. Previously, regset get/set paths could be invoked with shadow stacks disabled (ARCH_SHSTK_SHSTK==0), causing get_xsave_addr() to return NULL and trigger a WARN_ON in ssp_get. The fix ...

CVE-2024-56594

CVE-2024-56594 references a Linux kernel vulnerability in the DRM/AMDGPU path where the sg segment length was not properly limited. The issue could cause over-mapping of AMDGPU sg length and trigger warnings from debug_dma_map_sg(), due to an incorrect max_segment_size. The connected advisories (...

CVE-2024-53233

CVE-2024-53233 affects the Linux kernel and describes a utf8_load() path error where a bad UTF-8 version request could trigger a kernel oops due to symbol_put() handling. The root cause is that symbol_put() was given a pointer instead of the unique symbol string, leading to a kernel BUG at kernel...

CVE-2024-56562

CVE-2024-56562 relates to the Linux kernel i3c master code. The issue was a copy-paste error that freed the wrong pointer: it freed the dyn_addr instead of init_dyn_addr in i3c_master_put_i3c_addrs(), leading to a mismanagement of the init_dyn_addr resource when boardinfo is present. The patch re...

CVE-2024-56636

CVE-2024-56636 refers to a Linux kernel vulnerability in the geneve path where code assumed the MAC header was already present in the output path. The fix changes the code to reference the MAC header safely by using skb_eth_hdr() instead of eth_hdr(), preventing potential misreads when mac header...

CVE-2024-56691

CVE-2024-56691 affects the Linux kernel driver path for mfd: intel_soc_pmic_bxtwc. The vulnerability stems from the driver not respecting IRQ domains when creating each MFD device, exposing a faulty IRQ handling path (WARN on IRQ 0) due to using a vIRQ rather than proper IRQ domain numbering. The...

CVE-2024-29740

CVE-2024-29740 concerns a vulnerability in the tmu_set_table function of tmu.c that enables an out-of-bounds write due to a missing bounds check. Public descriptions across multiple sources (NVD, Red Hat, CVE lists, Android Pixel bulletin) consistently state this could allow local escalation of p...

CVE-2021-3523

3scale APICast (Red Hat 3scale) is affected in versions prior to 2.11.0. The root cause is incorrect reuse of connections, enabling an attacker to bypass API security restrictions when hosting multiple APIs on the same IP. CVSS v3.1 base score is 7.5 (HIGH); exploitation details are not provided....

CVE-2024-56700

CVE-2024-56700: Linux kernel wl128x media driver fix for an atomicity race in fmc_send_cmd() with fmdev->resp_skb modification, which could allow a null dereference when skb = fmdev->resp_skb is executed after the value changes. The advisory states the fix is to perform the fmdev->resp_s...

CVE-2022-0857

CVE-2022-0857 describes a reflected cross-site scripting (XSS) flaw in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13. The vulnerability could let a remote attacker lure an administrator to click a crafted link, potentially exposing session information and allowing limited i...

CVE-2024-53195

CVE-2024-53195 : In the Linux kernel (arm64 KVM), a flawed use of userspace_irqchip_in_use can trigger a WARN_ON in kvm_timer_update_irq() during VM/vCPU interactions when a PMU (KVM_ARM_VCPU_PMU_V3) is requested but not fully initialized. The described scenario: a VM is created, vCPU initialized...

CVE-2024-53181

CVE-2024-53181 refers to a Linux kernel vulnerability where vector_device_release could crash due to using drvdata after release. The fix removes drvdata access in release and uses container_of() to obtain the vector_device instance, preventing a crash and kernel panic from a segfault. The issue ...

CVE-2022-1656

CVE-2022-1656 affects JupiterX Theme and JupiterX Core Plugin (versions

CVE-2022-1502

CVE-2022-1502 affects Octopus Server/Octopus Deploy where the API failed to properly verify permissions for projects that use Git version control. The flaw allowed a user with only ProjectView permissions to modify such projects, indicating insufficient access checks in the Git-enabled workflow. ...

CVE-2024-56699

In CVE-2024-56699, the Linux kernel on s390 PCI (zPCI) could double-remove a hotplug slot due to zpci_exit_slot() being moved to zpci_release_device() and released only after all refs dropped. The non-reserved path tear-down incorrectly affected both configured and standby states, risking hotplug...

CVE-2022-0842

CVE-2022-0842 affects McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13. The vulnerability is a blind SQL injection in ePO, which could let a remote authenticated attacker obtain information from the ePO database. The amount of data potentially exposed depends on the attacker’s...

CVE-2024-57849

The CVE-2024-57849 issue is in the Linux kernel s390 CPUMF sampling path. When a CPU is hotplugged out while a performance event is still active on that CPU, the hotplug/removal sequence can cause SDBs (sampling data buffers) to be freed while still in use, creating a potential use-after-free con...