Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-58010 In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't res... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-58011 In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-58013 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ===================... | 7.8 | HIGH | — | 0 |
| CVE-2024-58014 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check... | 7.1 | HIGH | — | 0 |
| CVE-2024-58015 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. Ar... | 7.1 | HIGH | — | 0 |
| CVE-2024-58016 In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-58017 In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow,... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-58018 In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-58019 In the Linux kernel, the following vulnerability has been resolved: nvkm/gsp: correctly advance the read pointer of GSP message queue A GSP event message consists three parts: message header, RPC he... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-58020 In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned val... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21732 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can res... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-21733 In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoise option OSNOISE_WORKLOAD disabled, b... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21817 In the Linux kernel, the following vulnerability has been resolved: block: mark GFP_NOIO around sysfs ->store() sysfs ->store is called with queue freezed, meantime we have several ->store() callbac... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21734 In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix copy buffer page size For non-registered buffer, fastrpc driver copies the buffer and pass it to the remote sub... | 7.8 | HIGH | — | 0 |
| CVE-2025-21735 In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more tha... | 7.8 | HIGH | — | 0 |
| CVE-2025-21736 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix possible int overflows in nilfs_fiemap() Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result by b... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21738 In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-68846 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affec... | 7.1 | HIGH | — | 0 |
| CVE-2025-21745 In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21747 In the Linux kernel, the following vulnerability has been resolved: drm/ast: astdp: Fix timeout for enabling video signal The ASTDP transmitter sometimes takes up to 1 second for enabling the video ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21748 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipc_msg_alloc() can potentially overflo... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21749 In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rose_bind() syzbot reported a soft lockup in rose_loopback_timer(), with a repro calling bind() from... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-4002 The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cr... | 3.5 | LOW | — | 0 |
| CVE-2025-21753 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if... | 7.8 | HIGH | — | 0 |
| CVE-2025-21754 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a trans... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21756 In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() a... | 7.8 | HIGH | — | 0 |
| CVE-2025-21758 In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no long... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21760 In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock()... | 7.8 | HIGH | — | 0 |
| CVE-2025-21761 In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RCU... | 7.8 | HIGH | — | 0 |
| CVE-2025-21762 In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potent... | 7.8 | HIGH | — | 0 |
| CVE-2025-21763 In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protecti... | 7.8 | HIGH | — | 0 |
| CVE-2025-21764 In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection... | 7.8 | HIGH | — | 0 |
| CVE-2025-68847 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through <= 0.72. | 7.1 | HIGH | — | 0 |
| CVE-2025-21765 In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21766 In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21767 In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PR... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21768 In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-1300 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missi... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-21771 In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix incorrect autogroup migration detection scx_move_task() is called from sched_move_task() and tells the BPF schedule... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21772 In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffs... | 7.8 | HIGH | — | 0 |
| CVE-2025-21775 In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. This is actually ha... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21776 In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause us... | 5.5 | MEDIUM | — | 0 |
| CVE-2015-1193 Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | N/A | NONE | — | 0 |
| CVE-2025-21777 In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21778 In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap() of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reserve_mem... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21779 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel Advertise support for Hyper-V's SEND_IPI and SEND_IPI... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21780 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and th... | 7.8 | HIGH | — | 0 |
| CVE-2025-21787 In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21781 In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix panic during interface removal Reference counting is used to ensure that batadv_hardif_neigh_node and batadv_hard_... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21782 In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several peop... | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.