Lucene search
K
UbuntucveRecent

68528 matches found

UbuntuCve
UbuntuCve
added 2025/07/30 2:15 p.m.2 views

CVE-2025-53008

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal mail receiver...

6.5CVSS5.9AI score0.00256EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/30 2:15 p.m.1 views

CVE-2025-52567

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided...

5CVSS5.9AI score0.0018EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/30 2:15 p.m.1 views

CVE-2025-52897

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/30 2:15 p.m.2 views

CVE-2025-54410

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...

5.2CVSS6.8AI score0.00152EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 2:15 p.m.4 views

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

6.9CVSS7.1AI score0.00384EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/30 2:15 p.m.3 views

CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...

5.1CVSS6.9AI score0.00215EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/30 6:15 a.m.2 views

CVE-2025-38498

In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...

5.5CVSS6.3AI score0.00162EPSS
Exploits0References26
UbuntuCve
UbuntuCve
added 2025/07/30 2:17 a.m.3 views

CVE-2025-8292

Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00315EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.2 views

CVE-2025-43216

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS6.9AI score0.01022EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.3 views

CVE-2025-43214

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS7.3AI score0.00961EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.5 views

CVE-2025-31278

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS7.2AI score0.01162EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.4 views

CVE-2025-31273

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS7.2AI score0.01067EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.6 views

CVE-2025-31277

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption...

8.8CVSS6AI score0.01481EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.2 views

CVE-2025-43211

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service...

6.2CVSS6.9AI score0.00374EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.4 views

CVE-2025-43213

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS5.8AI score0.00731EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.4 views

CVE-2025-43228

The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing...

4.3CVSS6.7AI score0.00854EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.3 views

CVE-2025-43265

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app...

4CVSS6.7AI score0.00303EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.3 views

CVE-2025-43212

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash...

6.5CVSS6.9AI score0.00974EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.5 views

CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information...

7.5CVSS7.1AI score0.0117EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/30 12:15 a.m.4 views

CVE-2025-43240

A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated...

6.2CVSS6.8AI score0.00886EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/29 10:15 p.m.4 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.8AI score0.00273EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/29 6:15 p.m.3 views

CVE-2025-27514

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed in version 10.0.1...

5.4CVSS5.9AI score0.00191EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/29 1:15 p.m.2 views

CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a...

9.1CVSS7.1AI score0.0023EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/29 12:0 a.m.1 views

CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

9.1CVSS6AI score0.00391EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/07/28 7:15 p.m.7 views

CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/07/28 7:15 p.m.1 views

CVE-2025-8283

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

3.7CVSS5.8AI score0.0029EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/07/28 6:15 p.m.3 views

CVE-2025-43023

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA...

9.1CVSS5.8AI score0.00244EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/07/28 1:15 p.m.6 views

CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.1 views

CVE-2025-38481

In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large The handling of the COMEDIINSNLIST ioctl allocates a kernel buffer to hold the array of struct comediinsn, getting the length from the ninsns member of the struct...

5.5CVSS6.3AI score0.00156EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.4 views

CVE-2025-38474

In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.6 views

CVE-2025-38472

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: exception RIP: nfctdeletefromlists+172 .. 7...

5.5CVSS5.9AI score0.00155EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.7 views

CVE-2025-38470

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the net device is put...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.8 views

CVE-2025-38478

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data elements beyond the first insn-n elements in some cases. The doinsnioctl...

5.5CVSS6.3AI score0.00156EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.3 views

CVE-2025-38495

In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account f...

5.5CVSS6.4AI score0.00198EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.3 views

CVE-2025-38492

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix race between cache write completion and ALLQUEUED being set When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the en...

4.7CVSS5.7AI score0.00087EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.3 views

CVE-2025-38487

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: echo 1e789080.lpc-snoop /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... 120.363594 Unable to handle kernel NULL pointer...

5.5CVSS6.2AI score0.0015EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.2 views

CVE-2025-38490

In the Linux kernel, the following vulnerability has been resolved: net: libwx: remove duplicate pagepoolputfullpage pagepoolputfullpage should only be invoked when freeing Rx buffers or building a skb if the size is too short. At other times, the pages need to be reused. So remove the redundant...

7.8CVSS6.4AI score0.00151EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.2 views

CVE-2025-38489

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfarchtextpoke with newaddr == NULL again Commit 7ded842b356d "s390/bpf: Fix bpfplt pointer arithmetic" has accidentally removed the critical piece of commit c730fce7c70c "s390/bpf: Fix bpfarchtextpoke with newaddr...

5.5CVSS6.2AI score0.00136EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.3 views

CVE-2025-38496

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: fix sched in atomic context If "tryverifyintasklet" is set for dm-verity, DMBUFIOCLIENTNOSLEEP is enabled for dm-bufio. However, when bufio tries to evict buffers, there is a chance to trigger scheduling in spinlockbh,...

5.5CVSS6.1AI score0.00139EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.5 views

CVE-2025-38476

In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpldosrhinline. Running lwtdstcacherefloop.sh in selftest with KASAN triggers the splat below 0. rpldosrhinline fetches ipv6hdrskb and accesses it after skbcowhead, which is illegal as the header could ...

7.8CVSS6.3AI score0.0015EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.2 views

CVE-2025-38491

In the Linux kernel, the following vulnerability has been resolved: mptcp: make fallback action and fallback decision atomic Syzkaller reported the following splat: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcpdofallback net/mptcp/protocol.h:1223 inline WARNING: CPU: 1 PID: 7704 at...

5.5CVSS5.9AI score0.00107EPSS
Exploits0References27
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.3 views

CVE-2025-38477

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

4.7CVSS6.3AI score0.00115EPSS
Exploits0References47
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.1 views

CVE-2025-38468

In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...

5.5CVSS6.3AI score0.00162EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.2 views

CVE-2025-38485

In the Linux kernel, the following vulnerability has been resolved: iio: accel: fxls8962af: Fix use after free in fxls8962affifoflush fxls8962affifoflush uses indiodev-activescanmask with iioforeachactivechannel without making sure the indiodev stays in buffer mode. There is a race if indiodev...

7.8CVSS6.5AI score0.00151EPSS
Exploits0References29
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.4 views

CVE-2025-38475

In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inetsock type confusion. syzbot reported weird splats 01 in cipsov4socksetattr while freeing inetsksk-inetopt. The address was freed multiple times even though it was read-only memory...

5.5CVSS6.2AI score0.00135EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.1 views

CVE-2025-38469

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls kvmxenschedoppoll does a kmallocarray when a VM polls the host for more than one event channel potr nrports 1. After the kmallocarray, the error paths ne...

5.5CVSS5.9AI score0.00148EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.1 views

CVE-2025-38486

In the Linux kernel, the following vulnerability has been resolved: soundwire: Revert "soundwire: qcom: Add setchannelmap api support" This reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch broke Dragonboard 845c sdm845. I see: Unexpected kernel BRK exception at EL1 Internal...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.4 views

CVE-2025-38473

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix null-ptr-deref in l2capsockresumecb syzbot reported null-ptr-deref in l2capsockresumecb. 0 l2capsockresumecb has a similar problem that was fixed by commit 1bff51ea59a9 "Bluetooth: fix use-after-free error in...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References38
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.2 views

CVE-2025-38493

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix crash in timerlatdumpstack We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 byte write of buffer size 0 WARNING: CPU:...

5.5CVSS6AI score0.00151EPSS
Exploits0References28
UbuntuCve
UbuntuCve
added 2025/07/28 12:15 p.m.2 views

CVE-2025-38480

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized data in insnrwemulatebits For Comedi INSNREAD and INSNWRITE instructions on "digital" subdevices subdevice types COMEDISUBDDI, COMEDISUBDDO, and COMEDISUBDDIO, it is common for the subdevice drive...

5.5CVSS6.1AI score0.00158EPSS
Exploits0References38
Total number of security vulnerabilities68528