Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.2 views

CVE-2025-39969

In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40EVFSTATEACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use...

6.7AI score0.00193EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39975

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2compoundop In smb2compoundop, the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling o...

5.7AI score0.00181EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39992

In the Linux kernel, the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to hit a zero entry while traversing the vmas in unusemm called from swapoff path and accessing it causes the OOPS: Unable to handle kernel NULL...

5.7AI score0.00182EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.2 views

CVE-2025-39994

In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...

5.7AI score0.00213EPSS
Exploits0References32
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39979

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace 1 caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte, where the HWS action refcount and mutex were not initialized and the counter...

5.7AI score0.00168EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.3 views

CVE-2025-39997

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...

5.7AI score0.00187EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.2 views

CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

7.1AI score0.0022EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39977

In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...

6.4AI score0.00188EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39973

In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ringlen param The ringlen parameter provided by the virtual function VF is assigned directly to the hardware memory context HMC without any validation. To address this, introduce an upper boundary check f...

6.7AI score0.00193EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39980

In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: ip nexthop add id 1 via 192.0.2.1 fdb ip nexthop add id 2 group 1 Error: Non FDB nexthop...

6.7AI score0.00188EPSS
Exploits0References33
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission conn-state == BTOPEN maybe freed, also since this also can happen wi...

6.7AI score0.00183EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39966

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput doesn't actually call fileoperations release synchronously, it puts the file on a work queue and it will be released eventually. This is normally fine, except for iommufd t...

7CVSS6.6AI score0.001EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39986

In the Linux kernel, the following vulnerability has been resolved: can: sun4ican: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACK...

7.1AI score0.00215EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.3 views

CVE-2025-39974

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in parseintegerlimit When config osnoise cpus by write syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds in parseintegerlimit+0x103/0x130 Read of size 1 at...

5.7AI score0.00168EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.3 views

CVE-2025-40000

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89coretxkickoffandwait There is a bug observed when rtw89coretxkickoffandwait tries to access already freed skbdata: BUG: KFENCE: use-after-free write in rtw89coretxkickoffandwait...

5.7AI score0.00183EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.3 views

CVE-2025-39995

In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...

5.8AI score0.00213EPSS
Exploits0References32
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.3 views

CVE-2025-39998

In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in targetlugpmembersshow function located in...

6AI score0.00235EPSS
Exploits0References32
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.3 views

CVE-2025-39991

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11kqmim3load If ab-fw.m3data points to data, then fw pointer remains null. Further, if m3mem is not allocated, then fw is dereferenced to be passed to ath11kerr function. Replace fw-size b...

5.7AI score0.00182EPSS
Exploits0References16
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.4 views

CVE-2025-39968

In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it...

6.7AI score0.00193EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.2 views

CVE-2025-39987

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKET...

7AI score0.0022EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.3 views

CVE-2025-39984

In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...

5.7AI score0.0018EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39970

In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for actionmeta Fix condition to check 'greater or equal' to prevent OOB dereference...

6.7AI score0.00193EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.4 views

CVE-2025-39990

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the helper function is valid in gethelperproto kernel test robot reported verifier bug 1 where the helper func pointer could be NULL due to disabled config option. As Alexei suggested we could check on that in...

5.7AI score0.0018EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39972

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...

6.7AI score0.00193EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39978

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2tcaddflow This code calls kfreercunewnode, rcu and then dereferences "newnode" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is...

6.7AI score0.00182EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.2 views

CVE-2025-39971

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evcconfigqueuesmsg...

6.4AI score0.00193EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2025/10/15 8:15 a.m.1 views

CVE-2025-39996

In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irqcheckwork in flexcoppciremove The original code uses canceldelayedwork in flexcoppciremove, which does not guarantee that the delayed work item irqcheckwork has fully completed if it...

5.7AI score0.00213EPSS
Exploits0References32
UbuntuCve
UbuntuCve
added 2025/10/15 12:0 a.m.1 views

CVE-2025-9640

A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability...

4.3CVSS6.6AI score0.00421EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/10/15 12:0 a.m.4 views

CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS7.5AI score0.39677EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2025/10/14 3:16 p.m.1 views

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

6CVSS7.4AI score0.00194EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11713

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

8.1CVSS5.9AI score0.00327EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.5 views

CVE-2025-11709

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

9.8CVSS7.3AI score0.00385EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.4 views

CVE-2025-11719

Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

9.8CVSS5.8AI score0.00323EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11721

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

9.8CVSS7.4AI score0.00332EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11714

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

8.8CVSS7.4AI score0.00306EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11718

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11712

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerabilit...

6.1CVSS6.4AI score0.0025EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS6.6AI score0.0021EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.4 views

CVE-2025-11710

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

9.8CVSS7.3AI score0.00385EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.5 views

CVE-2025-11715

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.8CVSS7.4AI score0.00299EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11717

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability was fixed in Firefox 144...

9.1CVSS5.8AI score0.00244EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.5 views

CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

8.1CVSS5.8AI score0.00244EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11708

Use-after-free in MediaTrackGraphImpl::GetInstance. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

9.8CVSS7.3AI score0.00465EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/10/14 6:15 a.m.3 views

CVE-2025-11731

A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads...

3.1CVSS5.8AI score0.00258EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/14 12:0 a.m.3 views

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

9.9CVSS7.3AI score0.66258EPSS
Exploits5References3
UbuntuCve
UbuntuCve
added 2025/10/14 12:0 a.m.3 views

CVE-2025-55248

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...

5.7CVSS7.1AI score0.00681EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/10/14 12:0 a.m.2 views

CVE-2025-55247

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally...

7.3CVSS7.2AI score0.00564EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/10/13 2:15 p.m.2 views

CVE-2025-39964

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...

3.3CVSS6.3AI score0.00227EPSS
Exploits0References42
UbuntuCve
UbuntuCve
added 2025/10/13 2:15 p.m.3 views

CVE-2025-39965

In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrmallocspi shouldn't use 0 as SPI x-id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 "xfrm: Duplicate SPI Handling", we now create states and add them to the byspi list with this value. xfrmstatedelete...

5.5CVSS6.3AI score0.00177EPSS
Exploits0References16
Total number of security vulnerabilities68528