Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39904

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39922

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix incorrect map used in eee linkmode incorrectly used ixgbelpmap in loops intended to populate the supported and advertised EEE linkmode bitmaps based on ixgbelsmap. This results in incorrect bit setting and potential...

7.1CVSS6.6AI score0.00137EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39926

In the Linux kernel, the following vulnerability has been resolved: genetlink: fix genlbind invoking bind after -EPERM Per family bind/unbind callbacks were introduced to allow families to track multicast group consumer presence, e.g. to start or stop producing events depending on listeners...

5.5CVSS5.9AI score0.00135EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39896

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

7.8CVSS6.6AI score0.00137EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39900

In the Linux kernel, the following vulnerability has been resolved: netsched: genestimator: fix esttimer vs CONFIGPREEMPTRT=y syzbot reported a WARNING in esttimer 1 Problem here is that with CONFIGPREEMPTRT=y, timer callbacks can be preempted. Adopt preemptdisablenested/preemptenablenested to fi...

5.5CVSS5.9AI score0.00134EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39915

In the Linux kernel, the following vulnerability has been resolved: net: phy: transfer phyconfiginband locking responsibility to phylink Problem description =================== Lockdep reports a possible circular locking dependency AB/BA between &pl-statemutex and &phy-lock, as follows...

5.5CVSS5.9AI score0.00093EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39917

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds dynptr write in bpfcryptocrypt Stanislav reported that in bpfcryptocrypt the destination dynptr's size is not validated to be at least as large as the source dynptr's size before calling into the crypto...

7.8CVSS6.6AI score0.00142EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39916

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: avoid divide-by-zero in damonreclaimapplyparameters When creating a new scheme of DAMONRECLAIM, the calculation of 'minageregion' uses 'aggrinterval' as the divisor, which may lead to division-by-zero errors. Fi...

5.5CVSS6.4AI score0.00137EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39901

In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files The 'command' and 'netdevops' debugfs files are a legacy debugging interface supported by the i40e driver since its early days by commit 02e9c290814c "i40e: debugfs interface". Both of...

7.1CVSS7AI score0.00141EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39927

In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...

4.7CVSS6.3AI score0.001EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.3 views

CVE-2025-39903

In the Linux kernel, the following vulnerability has been resolved: ofnuma: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes nodes without CPUs, these nodes are not properly initialized, causing kernel panic during boot. ofnumainit ofnumaparsecpunodes nodesetni...

5.5CVSS5.9AI score0.00134EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39921

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: stop checking viability of op-maxfreq in supportsop callback In commit 13529647743d9 "spi: microchip-core-qspi: Support per spi-mem operation frequency switches" the logic for checking the viability of...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39893

In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered both when the spiregistercontroller function returns with an error and also on device removal. Change...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.3 views

CVE-2025-39924

In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with ZEROFSCOMPRESSIONRUNTIMEMAX and ensure consistency with...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39905

In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl-phydev writes with resolver Currently phylinkresolve protects itself against concurrent phylinkbringupphy or phylinkdisconnectphy calls which modify pl-phydev by relying on...

7CVSS6.6AI score0.00102EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39928

In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300i2cconfigxfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not...

5.5CVSS6AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39906

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: remove oem i2c adapter on finish Fixes a bug where unbinding of the GPU would leave the oem i2c adapter registered resulting in a null pointer dereference when applications try to access the invalid device. cherr...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.4 views

CVE-2025-39894

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: do not check confirmed bit in brnflocalin after confirm When send a broadcast packet to a tap device, which was added to a bridge, brnflocalin is called to confirm the conntrack. If another conntrack with...

5.5CVSS5.9AI score0.0014EPSS
Exploits0References27
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39902

In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in objecterr objecterr reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to...

5.5CVSS6.4AI score0.00149EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39898

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

7AI score
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39923

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controlled or remotely-power...

5.5CVSS6.4AI score0.0014EPSS
Exploits0References31
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39911

In the Linux kernel, the following vulnerability has been resolved: i40e: fix IRQ freeing in i40evsirequestirqmsix error path If requestirq in i40evsirequestirqmsix fails in an iteration later than the first, the error path wants to free the IRQs requested so far. However, it uses the wrong devid...

7.8CVSS6.7AI score0.00147EPSS
Exploits0References31
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.3 views

CVE-2025-39908

In the Linux kernel, the following vulnerability has been resolved: net: devioctl: take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING: CPU: 13...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39912

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: restore creds before releasing pageio data Otherwise if the nfsd filecache code releases the nfsdfile immediately, it can trigger the BUGONcred == current-cred in putcred when it puts the nfsdfile-nffile-f-cred...

5.5CVSS6AI score0.00135EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39892

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39920

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Add error handling for addinterval in dovalidatemem In the dovalidatemem, the call to addinterval does not handle errors. If kmalloc fails in addinterval, it could result in a null pointer being inserted into the linked...

5.5CVSS6.4AI score0.00152EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.2 views

CVE-2025-39891

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...

7.1CVSS6.6AI score0.00152EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/10/01 8:15 a.m.1 views

CVE-2025-39913

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork. syzbot reported the splat below. 0 The repro does the following: 1. Load a skmsg prog that calls bpfmsgcorkbytesmsg, corkbytes 2. Attach the prog to a...

7.8CVSS6.6AI score0.00171EPSS
Exploits2References31
UbuntuCve
UbuntuCve
added 2025/09/30 6:15 p.m.2 views

CVE-2025-56200

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leadi...

6.1CVSS6.7AI score0.00309EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2025/09/30 3:15 p.m.3 views

CVE-2025-7493

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

9.1CVSS7.2AI score0.00523EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/09/30 12:0 a.m.2 views

CVE-2025-11153

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3...

7.5CVSS7.1AI score0.00217EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/09/30 12:0 a.m.2 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS5.9AI score0.00489EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/09/30 12:0 a.m.3 views

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

5.9CVSS6.7AI score0.02016EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/09/30 12:0 a.m.7 views

CVE-2025-9231

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

6.5CVSS7AI score0.02234EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/09/30 12:0 a.m.4 views

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS6.6AI score0.01744EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/09/30 12:0 a.m.4 views

CVE-2025-11152

Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3...

8.6CVSS7.3AI score0.00252EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/09/29 10:15 p.m.1 views

CVE-2025-59933

libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines...

7.8CVSS6AI score0.00176EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/09/29 5:15 p.m.6 views

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/09/29 12:15 p.m.1 views

CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

8.7CVSS6AI score0.00711EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/09/29 10:15 a.m.7 views

CVE-2025-11147

Reflected cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows malicious scripts XSS to be executed in “/html/.html”...

5.4CVSS5.8AI score0.00164EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/09/29 10:15 a.m.4 views

CVE-2025-11146

Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”...

5.4CVSS6AI score0.00164EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/09/29 12:0 a.m.8 views

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

7.8CVSS7AI score0.0788EPSS
Exploits3References4
UbuntuCve
UbuntuCve
added 2025/09/27 11:15 p.m.3 views

CVE-2025-11083

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public an...

7.8CVSS6.1AI score0.00235EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2025/09/27 11:15 p.m.4 views

CVE-2025-11082

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...

7.8CVSS6.4AI score0.00234EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2025/09/27 10:15 p.m.3 views

CVE-2025-11081

A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dumpdwarfsection of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named...

5.5CVSS5.6AI score0.00189EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2025/09/26 4:15 p.m.0 views

CVE-2025-59362

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...

4CVSS5.8AI score0.00362EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/09/26 4:15 p.m.2 views

CVE-2025-59842

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/09/26 2:15 p.m.1 views

CVE-2025-11017

A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer dereference. The attack must be initiated from a...

5.5CVSS5.6AI score0.00186EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2025/09/26 2:15 p.m.2 views

CVE-2025-11015

A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has bee...

5.3CVSS5.8AI score0.00134EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/09/26 1:15 p.m.1 views

CVE-2025-11014

A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The manipulation results in heap-based buffer overflow. The attack is only possible...

7.8CVSS6AI score0.00222EPSS
Exploits1References6
Total number of security vulnerabilities68528