Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/12/24 11:15 a.m.•5 views

CVE-2025-68364

In the Linux kernel, the following vulnerability has been resolved: ocfs2: relax BUG to ocfs2error in ocfs2moveextent In 'ocfs2moveextent', relax 'BUG' to 'ocfs2error' just to avoid crashing the whole kernel due to a filesystem corruption...

5.9AI score0.00185EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/24 11:15 a.m.•4 views

CVE-2023-54011

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix an issue found by KASAN Write only correct size 32 instead of 64 bytes...

5.7AI score0.00167EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/24 11:15 a.m.•4 views

CVE-2023-54022

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks at error path for UMP open The allocation and initialization errors at allocmidiurbs that is called at MIDI 2.0 / UMP device are supposed to be handled at the caller side by invoking...

5.7AI score0.00145EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/24 11:15 a.m.•4 views

CVE-2022-50701

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes to align bus operation. If the tailroom of this skb is not big enough, we would access invalid memory region. For low level...

5.7AI score0.00167EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/24 11:15 a.m.•2 views

CVE-2023-54000

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix deadlock issue when externellb and reset are executed together When externellb and reset are executed together, a deadlock may occur: 3147.217009 INFO: task kworker/u321:0:7 blocked for more than 120 seconds...

5.7AI score0.00176EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/23 11:15 p.m.•2 views

CVE-2025-68617

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...

7CVSS5.7AI score0.00179EPSS
Exploits1References6
UbuntuCve
UbuntuCve
•added 2025/12/23 11:15 p.m.•4 views

CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...

8.8CVSS5.8AI score0.0026EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•2 views

CVE-2025-12840

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.5AI score0.00158EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•5 views

CVE-2025-12495

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.5AI score0.00158EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•3 views

CVE-2025-13699

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors m...

7CVSS7.2AI score0.00414EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•3 views

CVE-2025-14423

GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS7.5AI score0.00544EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•2 views

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.5AI score0.00539EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•2 views

CVE-2025-14425

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.4AI score0.00539EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•1 views

CVE-2025-14422

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.6AI score0.00508EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/12/23 10:15 p.m.•3 views

CVE-2025-12839

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.5AI score0.00158EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 9:15 p.m.•5 views

CVE-2025-14933

NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.4AI score0.0031EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 9:15 p.m.•6 views

CVE-2025-14935

NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS7.4AI score0.00306EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 9:15 p.m.•5 views

CVE-2025-14932

NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target mus...

7.8CVSS7.5AI score0.00306EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 9:15 p.m.•4 views

CVE-2025-14936

NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the targe...

7.8CVSS7.5AI score0.00306EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 9:15 p.m.•5 views

CVE-2025-14934

NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS7.5AI score0.00306EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•7 views

CVE-2025-68338

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

5.7AI score0.00155EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•2 views

CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP nodirect return section to fix race As explain in commit fa349e396e48 "veth: Fix race with AFXDP exposing old or uninitialized descriptors" for veth there is a chance after napicompletedone that another CPU can...

5.9AI score0.00158EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•2 views

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

6.2CVSS5.9AI score0.00197EPSS
Exploits2References5
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•5 views

CVE-2025-67108

eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections...

10CVSS5.9AI score0.00299EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•10 views

CVE-2025-68615

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2...

9.8CVSS6.8AI score0.4269EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•4 views

CVE-2025-65865

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.9AI score0.00413EPSS
Exploits1References5
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•2 views

CVE-2025-68342

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing data The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe hf::fla...

5.9AI score0.00156EPSS
Exploits0References22
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•5 views

CVE-2025-68340

In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of teamportadd Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device headerops. In the case of the syzbot reproducer the gr...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•2 views

CVE-2025-68339

In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200eopen Protect access to fore200e-availablecellrate with ratemtx lock in the error handling path of fore200eopen to prevent a data race. The field fore200e-availablecellrate is a shar...

5.7AI score0.00161EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2025/12/23 12:0 a.m.•2 views

CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...

5.9AI score0.00156EPSS
Exploits0References23
UbuntuCve
UbuntuCve
•added 2025/12/22 10:16 p.m.•4 views

CVE-2025-34457

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kissrecbyte located in src/kissframe.c. When processing crafted KISS frames that reach the maximum allowed frame length MAXKISSLEN, the function...

8.7CVSS6.2AI score0.00468EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/22 10:16 p.m.•2 views

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

5.3CVSS6.5AI score0.00252EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/12/22 10:16 p.m.•3 views

CVE-2025-34458

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprsmice located in src/decodeaprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or...

8.7CVSS5.8AI score0.00424EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/22 10:16 p.m.•16 views

CVE-2025-67436

Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...

6.5CVSS6AI score0.00505EPSS
Exploits2References3
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•4 views

CVE-2025-68333

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix possible deadlock in the deferredirqworkfn For PREEMPTRT=y kernels, the deferredirqworkfn is executed in the per-cpu irqwork/ task context and not disable-irq, if the rq returned by containerof is current CPU's rq,...

5.5CVSS5.9AI score0.00092EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•4 views

CVE-2025-68326

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stackdepot usage Add missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: kernel NULL pointer dereference, address: 0000000000000000 Workqueue: drmschedrunjobwork...

5.7AI score0.00158EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•4 views

CVE-2025-68328

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

5.7AI score0.00176EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•2 views

CVE-2025-68335

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device detach via pcl818detach, subdevice dev-readsubdev may not have initialize...

5.7AI score0.00176EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•3 views

CVE-2025-68332

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler c6xdigioattach to...

5.7AI score0.0018EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•4 views

CVE-2025-68330

In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150accelsetinterrupt in the iiobuffersetupops, such as on the runtime PM resume path giving a kernel splat like this if th...

5.9AI score0.00176EPSS
Exploits0References33
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•4 views

CVE-2025-68334

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally non-X SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 s2idle causes a crash, this support was dropped by the Xbox Ally...

5.7AI score0.00171EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•4 views

CVE-2025-68336

In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in dorawwritelock KCSAN reports: BUG: KCSAN: data-race in dorawwritelock / dorawwritelock write marked to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: dorawwritelock+0x120/0x204...

5.7AI score0.0018EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•3 views

CVE-2025-68329

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each portion. For trace buffer mappings, this results in ringbufferunmap being...

6AI score0.00169EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•14 views

CVE-2025-68337

In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bugon in jbd2journalgetcreateaccess when file system corrupted There's issue when file system corrupted: ------------ cut here ------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: invalid opcode: 0000 1 SMP...

5.7AI score0.0018EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•2 views

CVE-2025-68327

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usbfecm modprobe...

5.9AI score0.00176EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/22 12:0 a.m.•4 views

CVE-2025-68331

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to ...

5.9AI score0.00193EPSS
Exploits0References34
UbuntuCve
UbuntuCve
•added 2025/12/19 9:15 p.m.•5 views

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

8.8CVSS6.7AI score0.00969EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/12/19 9:15 p.m.•6 views

CVE-2023-53959

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code...

9.8CVSS6.2AI score0.00733EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/12/19 5:15 p.m.•3 views

CVE-2025-14956

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

7.1CVSS5.6AI score0.00181EPSS
Exploits1References8
UbuntuCve
UbuntuCve
•added 2025/12/19 5:15 p.m.•5 views

CVE-2025-14957

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer...

5.5CVSS5.6AI score0.00179EPSS
Exploits1References9
Total number of security vulnerabilities68528