Lucene search
K

21762 matches found

Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:37 a.m.•2 views

srcu: Tighten cleanup_srcu_struct() GP checks

...

7.8CVSS6.9AI score0.00235EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:34 a.m.•8 views

Libopensc: incorrect handling of the length of buffers or files in pkcs15init

...

3.9CVSS6.7AI score0.00293EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:34 a.m.•8 views

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

...

7.5CVSS7AI score0.62269EPSS
Exploits14
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:32 a.m.•6 views

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:31 a.m.•5 views

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with commit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252`, there was a logical problem in the paragraph function of the parser/block.go file, which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. Submit `a2a9c4f76ef5a5c32108e36f7c47f8d310322252` contains fixes to this problem.

...

5.1CVSS7AI score0.00501EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:31 a.m.•6 views

An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:30 a.m.•5 views

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

...

7CVSS7AI score0.0016EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:29 a.m.•6 views

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:29 a.m.•4 views

closures: Change BUG_ON() to WARN_ON()

...

5.5CVSS7AI score0.00214EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:28 a.m.•3 views

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

...

3.3CVSS7AI score0.00397EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:28 a.m.•4 views

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

...

9.8CVSS7AI score0.02569EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:28 a.m.•6 views

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:28 a.m.•5 views

f2fs: fix null reference error when checking end of zone

...

5.5CVSS7AI score0.0021EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:28 a.m.•5 views

wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type()

...

5.5CVSS7AI score0.00134EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:27 a.m.•11 views

drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw

...

5.5CVSS7AI score0.00237EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:26 a.m.•5 views

An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:26 a.m.•8 views

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

...

6.9CVSS7AI score0.00946EPSS
Exploits4
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:26 a.m.•4 views

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

...

7.5CVSS7AI score0.08411EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:26 a.m.•4 views

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

...

6.5CVSS7AI score0.00744EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:26 a.m.•6 views

cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

...

7.2CVSS7AI score0.02897EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:25 a.m.•6 views

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:24 a.m.•8 views

usb: gadget : fix use-after-free in composite_dev_cleanup()

...

7.8CVSS6.8AI score0.00162EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:23 a.m.•6 views

ext4: fix access to uninitialised lock in fc replay path

...

5.5CVSS7AI score0.00221EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:23 a.m.•8 views

An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:23 a.m.•3 views

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

...

7.5CVSS7AI score0.01687EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:23 a.m.•3 views

dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service

...

6.5CVSS7AI score0.0273EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:23 a.m.•5 views

Network restriction bypass via race condition during namespace termination

...

3.1CVSS7AI score0.00301EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:22 a.m.•9 views

soc: qcom: pdr: protect locator_addr with the main mutex

...

5.5CVSS7AI score0.00164EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:22 a.m.•7 views

libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.

...

6.5CVSS7AI score0.00787EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:22 a.m.•4 views

An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.

...

5.5CVSS7AI score0.00317EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:21 a.m.•4 views

f2fs: fix to wait dio completion

...

6.5CVSS7AI score0.00822EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:20 a.m.•3 views

libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.

...

6.5CVSS7AI score0.00823EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:20 a.m.•6 views

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00311EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:20 a.m.•5 views

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

...

4.9CVSS7AI score0.01358EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:19 a.m.•5 views

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

...

5.5CVSS7AI score0.02083EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:19 a.m.•4 views

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

...

5.3CVSS7AI score0.00907EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:19 a.m.•11 views

A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

...

5.5CVSS9.3AI score0.00954EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:19 a.m.•4 views

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.

...

5.5CVSS7AI score0.0032EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:17 a.m.•6 views

There is a NULL pointer dereference in yasm version 1.3.0

...

5.5CVSS7AI score0.00311EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:17 a.m.•6 views

IKEv2 misconfiguration can cause libreswan to abort and restart

...

6.5CVSS6.4AI score0.00944EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:16 a.m.•9 views

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00311EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:15 a.m.•4 views

net/mlx5e: Don't call cleanup on profile rollback failure

...

5.5CVSS7AI score0.00231EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:14 a.m.•5 views

There is a NULL pointer dereference in hash() in yasm version 1.3.0

...

5.5CVSS7AI score0.00311EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:14 a.m.•5 views

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.

...

9.8CVSS7AI score0.02448EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:13 a.m.•8 views

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.

...

5.5CVSS7AI score0.00311EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:12 a.m.•5 views

drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw

...

5.5CVSS7AI score0.00237EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:12 a.m.•6 views

bpf: Prevent tail call between progs attached to different hooks

...

7.8CVSS7AI score0.00231EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:12 a.m.•8 views

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

...

2.9CVSS6.6AI score0.00458EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:11 a.m.•6 views

drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags

...

5.5CVSS7AI score0.00236EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/04 3:10 a.m.•3 views

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

...

9.1CVSS7AI score0.00329EPSS
Exploits1
Total number of security vulnerabilities21762