Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•4 views

CVE-2025-68774

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfsbnodeget in hfsbnodecreate When sync and link are called concurrently, both threads may enter hfsbnodefind without finding the node in the hash table and proceed to create it. Thread A: hfspluswriteinode -...

5.7AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•4 views

CVE-2025-68770

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix XDPTX path For XDPTX action in bnxtrxxdp, clearing of the event flags is not correct. bnxtpollwork - bnxtrxpkt - bnxtrxxdp may be looping within NAPI and some event flags may be set in earlier iterations. In particula...

5.8AI score0.00166EPSS
Exploits0References24
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•4 views

CVE-2025-68779

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: mlx5eremove - mlx5epspunregister mlx5eniccleanup - mlx5epspunregister This leads to a refcount underflow in some conditions: ------------ cut here -----------...

5.7AI score0.00155EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•2 views

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

5.8AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•1 views

CVE-2025-68786

In the Linux kernel, the following vulnerability has been resolved: ksmbd: skip lock-range check on equal size to avoid size==0 underflow When size equals the current isize including 0, the code used to call checklockrangefilp, isize, size - 1, WRITE, which computes size - 1 and can underflow for...

5.8AI score0.00168EPSS
Exploits0References26
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•4 views

CVE-2025-68789

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.9AI score0.00032EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68783

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...

5.9AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68780

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...

5.9AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68777

In the Linux kernel, the following vulnerability has been resolved: Input: tiam335xtsc - fix off-by-one error in wireorder validation The current validation 'wireorderi ARRAYSIZEconfigpins' allows wireorderi to equal ARRAYSIZEconfigpins, which causes out-of-bounds access when used as index in...

5.7AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•7 views

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

5.7AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•4 views

CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

5.9AI score0.00168EPSS
Exploits0References26
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•2 views

CVE-2025-68782

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...

5.9AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•8 views

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

5.9AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68772

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng reported a bug as below: Oops: divide error: 0000 1 SMP KASAN PTI CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 1 PREEMPTfull Hardware...

5.7AI score0.00168EPSS
Exploits0References26
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•5 views

CVE-2025-68776

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

5.9AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•1 views

CVE-2025-68785

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in pushnsh action The pushnsh action structure looks like this: OVSACTIONATTRPUSHNSHOVSKEYATTRNSHOVSNSHKEYATTRBASE,... The outermost OVSACTIONATTRPUSHNSH attribute is OK'ed by the...

6.1AI score0.00186EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•2 views

CVE-2025-68775

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshakenet-hnrequests list, but it is still present in the handshakerhashtbl until it is destroyed. If a...

5.9AI score0.00168EPSS
Exploits0References25
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•4 views

CVE-2025-68768

In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdirpreexit We have been seeing occasional deadlocks on pernetopsrwsem since September in NIPA. The stuck task was usually modprobe often loading a driver like ipvlan, trying to take the lock a...

5.8AI score0.00168EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68784

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

5.9AI score0.00166EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68787

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix memory leak in nrsendmsg syzbot reported a memory leak 1. When function sockallocsendskb return NULL in nroutput, the original skb is not freed, which was allocated in nrsendmsg. Fix this by freeing it before return. ...

5.7AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68773

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce "spi: fsl-cpm: Use 16 bit mode for large transfers with even size" failed to make sure that the size is really even before switching to 16 bit...

5.9AI score0.00173EPSS
Exploits0References26
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•3 views

CVE-2025-68769

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fsrecoverfsyncdata With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 /mnt/f2fs/foo f2fsio fsync /mnt/f2fs/foo f2fsio...

5.7AI score0.00173EPSS
Exploits0References36
UbuntuCve
UbuntuCve
•added 2026/01/13 4:15 p.m.•2 views

CVE-2025-68781

In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal The delayed work item otgevent is initialized in fslotgconf and scheduled under two conditions: 1. When a host controller binds to the OTG controller. 2...

5.7AI score0.00181EPSS
Exploits0References13
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS5.8AI score0.00423EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•3 views

CVE-2026-0877

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.1CVSS5.8AI score0.00421EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0881

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

10CVSS5.8AI score0.00306EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0879

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0878

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8CVSS5.8AI score0.00417EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•3 views

CVE-2026-0890

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.4CVSS5.8AI score0.00261EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0891

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.1CVSS6AI score0.00414EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•3 views

CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0892

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•3 views

CVE-2026-0882

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score0.00405EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•5 views

CVE-2026-0889

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

7.5CVSS5.8AI score0.00537EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0888

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0886

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.3CVSS5.8AI score0.00437EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•4 views

CVE-2026-0883

Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•4 views

CVE-2026-0880

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.9AI score0.0057EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2026/01/13 2:16 p.m.•2 views

CVE-2026-0887

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2026/01/12 11:15 p.m.•6 views

CVE-2026-22695

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function pngimagefinishread when processing interlaced 16-bit PNGs with...

7.1CVSS6AI score0.00172EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/01/12 11:15 p.m.•7 views

CVE-2026-22801

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

7.8CVSS6AI score0.00114EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/12 9:15 p.m.•4 views

CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.8CVSS6.9AI score0.0022EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2026/01/12 7:16 p.m.•3 views

CVE-2026-22776

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service DoS vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies Content-Encoding: gzip, br, etc.. The library validates the...

8.7CVSS5.7AI score0.00353EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2026/01/12 6:15 p.m.•3 views

CVE-2026-22250

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0...

5.5CVSS5.8AI score0.00134EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/12 6:15 p.m.•3 views

CVE-2025-68276

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

5.5CVSS5.8AI score0.0014EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/12 6:15 p.m.•4 views

CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS5.9AI score0.00331EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2026/01/12 6:15 p.m.•4 views

CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS5.8AI score0.00353EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2026/01/12 6:15 p.m.•2 views

CVE-2026-22251

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...

5.5CVSS5.9AI score0.00164EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/12 4:16 p.m.•4 views

CVE-2025-71063

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

8.2CVSS5.8AI score0.00135EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2026/01/11 11:15 a.m.•2 views

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS5.5AI score0.00165EPSS
Exploits0References9
Total number of security vulnerabilities68528