Lucene search
+L
UbuntucveRecent

71772 matches found

UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53237

In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix NULL pointer dereference in suspend/resume mvebupwmsuspend and mvebupwmresume are called for all GPIO banks during suspend/resume, but not all banks have PWM functionality. GPIO banks without PWM have mvchip-mvpw...

5.5CVSS6AI score0.00127EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53243

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseqexituserupdate There is an bug in which an uninitialized stack variable is used in rseqexituserupdate as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseqsetidsgetcsadd...

5.5CVSS6AI score0.00112EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53177

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix NULL pointer dereference PCIe errors detected by a Root Port or Downstream Port cause error recovery services to run on all subordinate devices regardless of administrative state. The .errordetected callback,...

5.5CVSS6AI score0.00122EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53144

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix NULL dereference in getqueueids When usrqueueidarray is NULL and numqueues is non-zero, getqueueids returns NULL. The callers check only ISERR on the return value; since ISERRNULL == false the check passes, and...

5.5CVSS6AI score0.00122EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS6AI score0.00106EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...

7.1CVSS6AI score0.00126EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53264

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53230

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5querynicvportmaclist mlx5querynicvportmaclist sizes its firmware command buffer using the PF's logmaxcurrentuc/mclist capabilities. When querying a VF vport with a larger configured max via...

8.7CVSS6.1AI score0.00131EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53171

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...

8.8CVSS6.1AI score0.00137EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53179

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...

7.1CVSS6AI score0.00131EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.5CVSS6AI score0.00127EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53218

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53143

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The v11 MQD manager incorrectly assigned the CP-compute variants of checkpointmqd/restoremqd for KFDMQDTYPESDMA queues. These functions use sizeofstruct...

7.8CVSS6.1AI score0.00142EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53242

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...

7.8CVSS6AI score0.00138EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53231

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfpbusaddupstream for genphy deadlocks,...

5.5CVSS6AI score0.00087EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.5CVSS6AI score0.00128EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53263

In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpaniphcmcastctxaddrcompress uses &data1 as destination and &ipaddr-s6addr11 as source, but both should be offset by one: &data2 and...

5.5CVSS6AI score0.00119EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS6AI score0.00122EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53259

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...

7.8CVSS6AI score0.00123EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53233

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

7.8CVSS6AI score0.00138EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53212

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix use-after-free on object destroy nfttunnelobjdestroy calls metadatadstfree which directly kfrees the metadatadst, ignoring the dstentry refcount. Packets that took a reference via dsthold in...

7.8CVSS6AI score0.00125EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53217

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...

8.6CVSS6AI score0.00401EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/06/25 9:16 a.m.4 views

CVE-2026-53165

In the Linux kernel, the following vulnerability has been resolved: iomap: avoid potential null folio-mapping deref during error reporting When a buffered read fails, iomapfinishfolioread reports the error with fserrorreportiofolio-mapping-host, .... This is called after ifs-readbytespending has...

7.5CVSS6AI score0.00359EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/25 5:16 a.m.3 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.2AI score0.0036EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 12:17 a.m.3 views

CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS6AI score0.01113EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 12:17 a.m.2 views

CVE-2025-60466

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5CVSS6.1AI score0.00121EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/06/25 12:17 a.m.2 views

CVE-2025-60473

A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5.5CVSS6.1AI score0.00141EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/06/25 12:17 a.m.2 views

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS6.1AI score0.00221EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/25 12:0 a.m.2 views

CVE-2026-48785

Unknown description...

6.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 12:0 a.m.3 views

CVE-2026-12490

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port and not the tls-auth-port or over over TCP over the regular...

8.2CVSS6.1AI score0.00139EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 12:0 a.m.3 views

CVE-2026-12244

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 12:0 a.m.3 views

CVE-2026-12245

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS6.1AI score0.00274EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 12:0 a.m.3 views

CVE-2026-12246

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

8.1CVSS6.1AI score0.00265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/25 12:0 a.m.4 views

CVE-2026-47215

Unknown description...

6.1AI score0.0001EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/06/24 11:16 p.m.3 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS6.1AI score0.00456EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 11:16 p.m.3 views

CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

6.1CVSS6AI score0.00155EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 11:16 p.m.3 views

CVE-2026-39899

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS6AI score0.00261EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 11:16 p.m.3 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS6AI score0.00436EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/06/24 11:16 p.m.2 views

CVE-2025-60474

A buffer overflow in the gfmediaimport function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.2AI score0.00579EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/06/24 11:16 p.m.3 views

CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

7.5CVSS6.1AI score0.0051EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/06/24 11:16 p.m.3 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS6.1AI score0.00315EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 10:16 p.m.3 views

CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS6.1AI score0.00363EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 10:16 p.m.3 views

CVE-2026-39897

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This issue has been fixed in version 1.2.31...

6.1CVSS6AI score0.00155EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 10:16 p.m.3 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS6.1AI score0.00104EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/06/24 10:16 p.m.2 views

CVE-2026-2050

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.2AI score0.00552EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 10:16 p.m.2 views

CVE-2025-60468

GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service local. The component is: filtercore/filterpid.c L:574-580: function gffilterpidinstswapdeletetask improperly accesses freed objects...

5.5CVSS6AI score0.0013EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/06/24 9:16 p.m.3 views

CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 8:16 p.m.4 views

CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.1AI score0.00404EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/06/24 7:17 p.m.2 views

CVE-2025-60471

A use-after-free in the gffilterpidreconfiguretaskdiscard function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5.5CVSS6.1AI score0.00136EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/06/24 7:17 p.m.4 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6.2AI score0.00701EPSS
Exploits0References2
Total number of security vulnerabilities71772