Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
•added 2025/10/24 12:15 p.m.•1 views

CVE-2025-40019

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essivaeadcrypt so that it's also checked for decryption and in-place encryption...

5.7AI score0.00274EPSS
Exploits1References29
UbuntuCve
UbuntuCve
•added 2025/10/24 12:15 p.m.•1 views

CVE-2025-40018

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

5.7AI score0.00193EPSS
Exploits0References43
UbuntuCve
UbuntuCve
•added 2025/10/24 12:15 p.m.•2 views

CVE-2023-53733

In the Linux kernel, the following vulnerability has been resolved: net: sched: clsu32: Undo tcfbindfilter if u32replacehwknode When u32replacehwknode fails, we need to undo the tcfbindfilter operation done at u32setparms...

5.7AI score0.00181EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/24 10:15 a.m.•1 views

CVE-2025-10680

OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...

8.8CVSS7.3AI score0.06932EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/24 12:0 a.m.•2 views

CVE-2025-9158

The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling JavaScript code execution by displaying th...

5.3CVSS6.3AI score0.00404EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 7:15 p.m.•3 views

CVE-2025-23332

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service...

5CVSS5.9AI score0.00128EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/23 7:15 p.m.•1 views

CVE-2025-23300

NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service...

5.5CVSS5.9AI score0.00133EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/23 7:15 p.m.•3 views

CVE-2025-23345

NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service...

4.4CVSS5.9AI score0.00146EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/23 7:15 p.m.•1 views

CVE-2025-23330

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service...

5.5CVSS6.1AI score0.00205EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/23 4:16 p.m.•2 views

CVE-2025-50951

FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8copy function at /fontforge/sfd.c...

6.5CVSS5.9AI score0.00237EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/23 4:16 p.m.•1 views

CVE-2025-50950

Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function...

7.5CVSS5.9AI score0.0033EPSS
Exploits1References2
UbuntuCve
UbuntuCve
•added 2025/10/23 4:15 p.m.•2 views

CVE-2025-50949

FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8...

6.5CVSS7.2AI score0.00239EPSS
Exploits0References2
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•1 views

CVE-2025-62399

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•1 views

CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

5.4CVSS5.8AI score0.00234EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•1 views

CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS5.9AI score0.00227EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•2 views

CVE-2025-62396

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

5.3CVSS5.9AI score0.00274EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•1 views

CVE-2025-62401

An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment...

5.4CVSS5.9AI score0.00204EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•4 views

CVE-2025-62393

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details...

4.3CVSS5.8AI score0.00223EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•3 views

CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

5.3CVSS5.9AI score0.00254EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•1 views

CVE-2025-62394

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

4.3CVSS5.9AI score0.00208EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 12:15 p.m.•3 views

CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/23 10:15 a.m.•2 views

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

7.5CVSS5.7AI score0.00416EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/23 5:15 a.m.•4 views

CVE-2025-54856

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page...

4.8CVSS5.9AI score0.0021EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/23 4:17 a.m.•2 views

CVE-2025-62813

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
•added 2025/10/22 10:15 p.m.•2 views

CVE-2025-62707

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in...

8.7CVSS6.9AI score0.00402EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/22 10:15 p.m.•2 views

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS6.9AI score0.00418EPSS
Exploits1References4
UbuntuCve
UbuntuCve
•added 2025/10/22 10:15 p.m.•2 views

CVE-2025-62708

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

8.7CVSS6.9AI score0.00402EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/22 8:15 p.m.•2 views

CVE-2025-62611

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

8.2CVSS5.8AI score0.00354EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/22 3:16 p.m.•5 views

CVE-2025-62526

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The...

7.9CVSS6.4AI score0.00245EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/10/22 3:16 p.m.•2 views

CVE-2025-62525

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This only effects the lantiq target supporting...

8.8CVSS6AI score0.00173EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2023-53711

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it synchronously, we sti...

5.9AI score0.00182EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2023-53703

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix for shift-out-of-bounds Shift operation of 'exp' and 'shift' variables exceeds the maximum number of shift values in the u32 range leading to UBSAN shift-out-of-bounds. ... 6.120512 UBSAN: shift-out-of-bounds in...

5.7AI score0.00193EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2023-53708

In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPITYPEPACKAGE objects If a badly constructed firmware includes multiple ACPITYPEPACKAGE objects while evaluating the AMD LPS0 DSM, there will be a memory leak. Explicitly guard against this...

5.7AI score0.00195EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•3 views

CVE-2022-50576

In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pchrequestdma As comment of pcigetslot says, it returns a pcidevice with its refcount increased. The caller must decrement the reference count by calling pcidevput. Since 'dmadev' is...

5.9AI score0.00227EPSS
Exploits0References11
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2023-53699

In the Linux kernel, the following vulnerability has been resolved: riscv: move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from kernel image mapping. The regions arrays need to "reallocated" from memblock and accessed through linear mapping to cove...

5.7AI score0.00195EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•3 views

CVE-2023-53725

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

5.9AI score0.00191EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•2 views

CVE-2023-53693

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix the memory leak in rawgadget driver Currently, increasing rawdev-count happens before invoke the rawqueueevent, if the rawqueueevent return error, invoke rawrelease will not trigger the devfree to be called...

5.9AI score0.00195EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•2 views

CVE-2023-53705

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6findtlv optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Verification Center...

6.2AI score0.00207EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•2 views

CVE-2022-50571

In the Linux kernel, the following vulnerability has been resolved: btrfs: call btrfsremovefreespacecachelocked on cache load failure Now that lockdep is staying enabled through our entire CI runs I started seeing the following stack in generic/475 ------------ cut here ------------ WARNING: CPU:...

5.7AI score0.00181EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2023-53706

In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 "mm/sparse-vmemmap: improve memory savings for compound devmaps" added support for using optimized vmmemap for devdax devices. But how vmemmap...

5.8AI score0.00181EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•2 views

CVE-2023-53694

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

5.8AI score0.00193EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•2 views

CVE-2022-50565

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: fix potential memory leak in lfxusbenablerx urbs does not be freed in exception paths in lfxusbenablerx. That will trigger memory leak. To fix it, add kfree for urbs within "error" label. Compile tested only...

5.7AI score0.00193EPSS
Exploits0References5
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•0 views

CVE-2023-53712

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

5.7AI score0.0019EPSS
Exploits0References6
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2023-53715

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware e.g. BCM4387. It seems there was a simple way of passing it in binary all along, so use...

5.9AI score0.00191EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2022-50582

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to pollenabledtime that is not integer timeremaining underflows and does not exit the loop as expected. As delay could be derived from DT and pollenabledtime is...

5.9AI score0.00195EPSS
Exploits0References7
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2023-53695

In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the filesystem and kerne...

5.9AI score0.00202EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•2 views

CVE-2023-53717

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes...

6AI score0.00191EPSS
Exploits0References10
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•5 views

CVE-2023-53730

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: use spinlockirqsave in adjustinuseandcalccost adjustinuseandcalccost use spinlockirq and IRQ will be enabled when unlock. DEADLOCK might happen if we have held other locks and disabled IRQ before invoking it. Fix it b...

5.9AI score0.00187EPSS
Exploits0References8
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•1 views

CVE-2022-50575

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than= MAXORDER, then kcalloc will fail, it creates a stack trace and messes up dmesg...

5.9AI score0.002EPSS
Exploits0References9
UbuntuCve
UbuntuCve
•added 2025/10/22 2:15 p.m.•2 views

CVE-2023-53700

In the Linux kernel, the following vulnerability has been resolved: media: max9286: Fix memleak in max9286v4l2register There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device: kmemleak: 5 new suspected memory leaks see /sys/kernel/debug/kmemleak unreferenced object...

5.9AI score0.00195EPSS
Exploits0References7
Total number of security vulnerabilities68528