Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•2 views

CVE-2025-68222

In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc s32pinctrldesc is allocated with devmkmalloc, but not all of its fields are initialized. Notably, numcustomparams is used in pinconfgenericparsedtconfig, resulting in...

5.7AI score0.00175EPSS
Exploits0References22
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•3 views

CVE-2025-40353

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not MTE-tagged PGmtetagged unset and warns accordingly. However, following comm...

5.7AI score0.00166EPSS
Exploits0References20
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•3 views

CVE-2025-68213

In the Linux kernel, the following vulnerability has been resolved: idpf: fix possible vportconfig NULL pointer deref in remove Attempting to remove the driver will cause a crash in cases where the vport failed to initialize. Following trace is from an instance where the driver failed during an...

5.9AI score0.00173EPSS
Exploits0References21
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•2 views

CVE-2025-68225

In the Linux kernel, the following vulnerability has been resolved: lib/testkho: check if KHO is enabled We must check whether KHO is enabled prior to issuing KHO commands, otherwise KHO internal data structures are not initialized...

5.7AI score0.00162EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•9 views

CVE-2025-68180

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref in debugfs odmcombinesegments When a connector is connected but inactive e.g., disabled by desktop environments, pipectx-streamres.tg will be destroyed. Then, reading odmcombinesegments causes kern...

5.7AI score0.00166EPSS
Exploits0References20
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•3 views

CVE-2025-68202

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix unsafe locking in the scxdumpstate For built with CONFIGPREEMPTRT=y kernels, the dumplock will be converted sleepable spinlock and not disable-irq, so the following scenarios occur: inconsistent IN-HARDIRQ-W -...

5.7AI score0.00166EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•5 views

CVE-2025-68231

In the Linux kernel, the following vulnerability has been resolved: mm/mempool: fix poisoning order0 pages with HIGHMEM The kernel test has reported: BUG: unable to handle page fault for address: fffba000 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page pde =...

5.9AI score0.00156EPSS
Exploits0References23
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•3 views

CVE-2025-68209

In the Linux kernel, the following vulnerability has been resolved: mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5addcqtotasklet function by default. This is problematic since only user CQs created through the mlx5ib driver are intended to...

5.7AI score0.00155EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•3 views

CVE-2025-40350

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...

5.7AI score0.00168EPSS
Exploits0References21
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•5 views

CVE-2025-68167

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

5.7AI score0.00166EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•4 views

CVE-2025-40347

In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetcmdiolock After applying the workaround for err050089, the LS1028A platform experiences RCU stalls on RT kernel. This issue is caused by the recursive acquisition of the read lock enetcmdiolock...

5.7AI score0.00168EPSS
Exploits0References21
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•2 views

CVE-2025-68201

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace...

5.7AI score0.00168EPSS
Exploits0References20
UbuntuCve
UbuntuCve
•added 2025/12/16 2:15 p.m.•4 views

CVE-2025-68186

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not warn in ringbuffermapgetreader when reader catches up The function ringbuffermapgetreader is a bit more strict than the other get reader functions, and except for certain situations the rbgetreaderpage should...

5.6AI score0.00166EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/12/16 1:15 a.m.•5 views

CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

6.5CVSS6.7AI score0.00292EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/15 2:15 p.m.•1 views

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferredusername as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/15 2:15 p.m.•5 views

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

5.4CVSS5.9AI score0.00138EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/15 11:15 a.m.•2 views

CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

6.5CVSS5.9AI score0.0012EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/15 11:15 a.m.•2 views

CVE-2025-37731

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...

7.4CVSS5.9AI score0.0016EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/14 11:15 p.m.•4 views

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

2.9CVSS5.8AI score0.0012EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/14 10:15 p.m.•6 views

CVE-2025-13281

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS7.2AI score0.00355EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/14 5:16 a.m.•3 views

CVE-2025-67897

In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/14 4:15 a.m.•4 views

CVE-2025-67896

Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation...

9.8CVSS6.1AI score0.00404EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/13 4:16 p.m.•2 views

CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

6.5CVSS6.4AI score0.00233EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/12/12 11:15 p.m.•3 views

CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/12 9:15 p.m.•2 views

CVE-2025-11266

An out-of-bounds write vulnerability exists in the Grassroots DICOM library GDCM. The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments compressed image data stored as multiple fragments. This vulnerability leads to a segmentation fault caused...

6.8CVSS6AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/12 9:15 p.m.•2 views

CVE-2025-43511

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00407EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/12 8:15 p.m.•1 views

CVE-2025-14174

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.22359EPSS
Exploits10References4
UbuntuCve
UbuntuCve
•added 2025/12/12 7:16 p.m.•6 views

CVE-2025-14569

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function readaudiodata of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project w...

5.3CVSS5.7AI score0.00117EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/12 6:15 p.m.•6 views

CVE-2025-40345

In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability Discovery Engine. newpba comes from the status packet returned after each write. A bogus device could report values beyond the block...

5.9AI score0.0018EPSS
Exploits0References35
UbuntuCve
UbuntuCve
•added 2025/12/12 7:15 a.m.•3 views

CVE-2025-67726

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

7.5CVSS6.7AI score0.00371EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/12 6:15 a.m.•2 views

CVE-2025-67724

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can be exploited by...

6.1CVSS6AI score0.00185EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/12 6:15 a.m.•4 views

CVE-2025-67725

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation...

7.5CVSS6.3AI score0.00396EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/12/11 9:15 p.m.•4 views

CVE-2025-55816

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting XSS in the /modificaapp.php file...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/12/11 9:15 p.m.•4 views

CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

5.3CVSS7.1AI score0.00325EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/12/11 6:16 p.m.•2 views

CVE-2025-13912

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...

1CVSS5.8AI score0.00124EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/11 5:15 p.m.•2 views

CVE-2025-66046

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67...

9.8CVSS6.4AI score0.00465EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/11 5:15 p.m.•2 views

CVE-2025-66044

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64...

9.8CVSS6.4AI score0.00465EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/11 5:15 p.m.•5 views

CVE-2025-66048

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133...

9.8CVSS6.4AI score0.00486EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/11 5:15 p.m.•2 views

CVE-2025-66045

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 65...

9.8CVSS6.4AI score0.00455EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/11 5:15 p.m.•4 views

CVE-2025-66047

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131...

9.8CVSS6.4AI score0.00455EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/11 5:15 p.m.•1 views

CVE-2025-66043

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3...

9.8CVSS6.4AI score0.00486EPSS
Exploits1References3
UbuntuCve
UbuntuCve
•added 2025/12/11 1:15 p.m.•5 views

CVE-2025-14523

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.9AI score0.00496EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/12/11 8:15 a.m.•5 views

CVE-2025-12734

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into...

3.5CVSS5.9AI score0.00226EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/11 7:16 a.m.•5 views

CVE-2025-14512

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

6.5CVSS6.8AI score0.00504EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/11 5:16 a.m.•3 views

CVE-2025-4097

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images...

6.5CVSS5.9AI score0.0026EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/11 5:16 a.m.•4 views

CVE-2025-8405

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability...

7.7CVSS7.3AI score0.00486EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/11 5:16 a.m.•3 views

CVE-2025-11984

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS5.9AI score0.00274EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/11 4:15 a.m.•5 views

CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

7.5CVSS7.2AI score0.0076EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/11 4:15 a.m.•3 views

CVE-2025-13978

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests...

4.3CVSS5.9AI score0.00259EPSS
Exploits0References1
UbuntuCve
UbuntuCve
•added 2025/12/11 4:15 a.m.•3 views

CVE-2025-14157

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters...

6.5CVSS5.9AI score0.0027EPSS
Exploits0References1
Total number of security vulnerabilities68528