Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-27810 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-27632 A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-55604 Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a com... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-27830 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. | 7.8 | HIGH | β | 0 |
| CVE-2025-27831 An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-27832 An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-24808 Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-30225 Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Dire... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-30350 Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Dire... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-21867 In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The ... | 7.8 | HIGH | β | 0 |
| CVE-2023-52986 In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener A listening socket linked to a sockmap has its sk_prot overri... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21869 In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II (p... | 7.8 | HIGH | β | 0 |
| CVE-2025-21870 In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21871 In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or kille... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52998 In the Linux kernel, the following vulnerability has been resolved: net: fec: Use page_pool_put_full_page when freeing rx buffers The page_pool_release_page was used when freeing rx buffers, and thi... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-58090 In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-58091 In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannot rely on it ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21872 In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we (re)map the entire ta... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21873 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-22013 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21874 In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journal_sectors is ze... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21875 In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21876 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit <d74169ceb0d2> ("iommu/vt-d: Allocate DMAR fault interrupts locally") moved the call t... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21877 In the Linux kernel, the following vulnerability has been resolved: usbnet: gl620a: fix endpoint checking in genelink_bind() Syzbot reports [1] a warning in usb_submit_urb() triggered by inconsisten... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21878 In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: disable interrupt enable bit before devm_request_irq The customer reports that there is a soft lockup issue related to ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21881 In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21882 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix vport QoS cleanup on error When enabling vport QoS fails, the scheduling node was never freed, causing a leak. Add ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21883 In the Linux kernel, the following vulnerability has been resolved: ice: Fix deinitializing VF in error path If ice_ena_vfs() fails after calling ice_create_vf_entries(), it frees all VFs without re... | 7.8 | HIGH | β | 0 |
| CVE-2025-21884 In the Linux kernel, the following vulnerability has been resolved: net: better track kernel sockets lifetime While kernel sockets are dismantled during pernet_operations->exit(), their freeing can ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21885 In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers While using nvme target with use_srq on, below kernel p... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21888 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21889 In the Linux kernel, the following vulnerability has been resolved: perf/core: Add RCU read lock protection to perf_iterate_ctx() The perf_iterate_ctx() function performs RCU list traversal but curr... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21890 In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpf_rx_rsc() idpf_rx_rsc() uses skb_transport_offset(skb) while the transport header is not set yet. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21891 In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlan_process_v6_outbound() was assuming the IPv6 network... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21892 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-32072 Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through... | N/A | NONE | β | 0 |
| CVE-2021-4454 In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate The conclusion "j1939_session_deactivate() should be called with a... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-49739 In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-49744 In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork() without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller re... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-49745 In the Linux kernel, the following vulnerability has been resolved: fpga: m10bmc-sec: Fix probe rollback Handle probe error rollbacks properly to avoid leaks. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-53009 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not co... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-49747 In the Linux kernel, the following vulnerability has been resolved: erofs/zmap.c: Fix incorrect offset calculation Effective offset to add to length was being incorrectly calculated, which resulted ... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-49760 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() Patch series "mm/hugetlb: uffd-wp fixes for hugetlb_change_prot... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52928 In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrack_insn The verifier skips invalid kfunc call in check_kfunc_call(), which would be capture... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52929 In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after dev_set_name() If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does not put this. Wh... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-10087 Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets di... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-52933 In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52934 In the Linux kernel, the following vulnerability has been resolved: mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 ("mm/madvise: add file and shmem support to MADV_COLLA... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-52940 In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lru_gen_migrate_mm() assumes lru_gen_add_mm() runs prior to itself. This isn... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-52941 In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: ... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.