Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-38282 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
kernfs: Relax constraint in draining guard
The active reference lifecycle provides the break/unbreak mechanism but
the active reference is not truly active after unbreak -- callers don't
use it afterwards but it's important for proper pairing of kn->active
counting. Assuming this mechanism is in place, the WARN check in
kernfs_should_drain_open_files() is too sensitive -- it may transiently
catch those (rightful) callers betwe ...
Show More |
|||||
| CVE-2025-38177 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: make hfsc_qlen_notify() idempotent
hfsc_qlen_notify() is not idempotent either and not friendly
to its callers, like fq_codel_dequeue(). Let's make it idempotent
to ease qdisc_tree_reduce_backlog() callers' life:
1. update_vf() decreases cl->cl_nactive, so we can check whether it is
non-zero before calling it.
2. eltree_remove() always removes RB node cl->el_node, but we can use
RB_EMPTY_NODE() + RB_CLEAR_NODE() ...
Show More |
|||||
| CVE-2025-38174 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Do not double dequeue a configuration request
Some of our devices crash in tb_cfg_request_dequeue():
general protection fault, probably for non-canonical address 0xdead000000000122
CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65
RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0
Call Trace:
<TASK>
? tb_cfg_request_dequeue+0x2d/0xa0
tb_cfg_request_work+0x33/0x80
worker_thread+0x386/0x8f0
kthread+0xed/0 ...
Show More |
|||||
| CVE-2025-38293 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix node corruption in ar->arvifs list
In current WLAN recovery code flow, ath11k_core_halt() only
reinitializes the "arvifs" list head. This will cause the
list node immediately following the list head to become an
invalid list node. Because the prev of that node still points
to the list head "arvifs", but the next of the list head "arvifs"
no longer points to that list node.
When a WLAN recovery occurs during ...
Show More |
|||||
| CVE-2023-23604 | 1 Mozilla | 1 Firefox | 2025-12-18 | N/A | 6.5 MEDIUM |
|
A duplicate `SystemPrincipal` object could be created when parsing a non-system html document via `DOMParser::ParseFromSafeString`. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.
|
|||||
| CVE-2023-23603 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-18 | N/A | 6.5 MEDIUM |
|
Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
|
|||||
| CVE-2023-23600 | 1 Mozilla | 1 Firefox | 2025-12-18 | N/A | 6.5 MEDIUM |
|
Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions.
*This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 109.
|
|||||
| CVE-2023-23598 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-12-18 | N/A | 6.5 MEDIUM |
|
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
|
|||||
| CVE-2021-27803 | 3 Debian, Fedoraproject, W1.fi | 3 Debian Linux, Fedora, Wpa Supplicant | 2025-12-18 | 5.4 MEDIUM | 7.5 HIGH |
|
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
|
|||||
| CVE-2025-43509 | 1 Apple | 1 Macos | 2025-12-18 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-11670 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-12-18 | N/A | 6.4 MEDIUM |
|
Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure.
This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
|
|||||
| CVE-2025-37731 | 1 Elastic | 1 Elasticsearch | 2025-12-18 | N/A | 6.8 MEDIUM |
|
Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
|
|||||
| CVE-2025-46287 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 6.5 MEDIUM |
|
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An attacker may be able to spoof their FaceTime caller ID.
|
|||||
| CVE-2025-46276 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
|
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43542 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 7.5 HIGH |
|
This issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, visionOS 26.2. Password fields may be unintentionally revealed when remotely controlling a device over FaceTime.
|
|||||
| CVE-2025-43538 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
|
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43523 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43519 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43517 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 3.3 LOW |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.
|
|||||
| CVE-2025-43513 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to read sensitive location information.
|
|||||
| CVE-2025-43512 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges.
|
|||||
| CVE-2025-43473 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43443 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-12-17 | N/A | 4.3 MEDIUM |
|
This issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
|
|||||
| CVE-2025-43423 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-12-17 | N/A | 2.0 LOW |
|
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.
|
|||||
| CVE-2025-43416 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.
|
|||||
| CVE-2025-38003 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add missing rcu read protection for procfs content
When the procfs content is generated for a bcm_op which is in the process
to be removed the procfs output might show unreliable data (UAF).
As the removal of bcm_op's is already implemented with rcu handling this
patch adds the missing rcu_read_lock() and makes sure the list entries
are properly removed under rcu protection.
|
|||||
| CVE-2025-38009 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: disable napi on driver removal
A warning on driver removal started occurring after commit 9dd05df8403b
("net: warn if NAPI instance wasn't shut down"). Disable tx napi before
deleting it in mt76_dma_cleanup().
WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100
CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy)
Hardware name: ASUS System Product Name ...
Show More |
|||||
| CVE-2024-27410 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: reject iftype change with mesh ID change
It's currently possible to change the mesh ID when the
interface isn't yet in mesh mode, at the same time as
changing it into mesh mode. This leads to an overwrite
of data in the wdev->u union for the interface type it
currently has, causing cfg80211_change_iface() to do
wrong things when switching.
We could probably allow setting an interface to mesh
while setting the m ...
Show More |
|||||
| CVE-2024-27412 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
power: supply: bq27xxx-i2c: Do not free non existing IRQ
The bq27xxx i2c-client may not have an IRQ, in which case
client->irq will be 0. bq27xxx_battery_i2c_probe() already has
an if (client->irq) check wrapping the request_threaded_irq().
But bq27xxx_battery_i2c_remove() unconditionally calls
free_irq(client->irq) leading to:
[ 190.310742] ------------[ cut here ]------------
[ 190.310843] Trying to free already-free IRQ ...
Show More |
|||||
| CVE-2024-27413 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
efi/capsule-loader: fix incorrect allocation size
gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t:
drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]
295 | ...
Show More |
|||||
| CVE-2024-27414 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks
IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic
in the function `rtnl_bridge_setlink` to enable the loop to also check
the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment
removed the `break` statement and led to an error logic of the flags
writing back at ...
Show More |
|||||
| CVE-2024-27416 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
If we received HCI_EV_IO_CAPA_REQUEST while
HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote
does support SSP since otherwise this event shouldn't be generated.
|
|||||
| CVE-2024-35807 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix corruption during on-line resize
We observed a corruption during on-line resize of a file system that is
larger than 16 TiB with 4k block size. With having more then 2^32 blocks
resize_inode is turned off by default by mke2fs. The issue can be
reproduced on a smaller file system for convenience by explicitly
turning off resize_inode. An on-line resize across an 8 GiB boundary (the
size of a meta block group in this s ...
Show More |
|||||
| CVE-2024-35819 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
soc: fsl: qbman: Use raw spinlock for cgr_lock
smp_call_function always runs its callback in hard IRQ context, even on
PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock
for cgr_lock to ensure we aren't waiting on a sleeping task.
Although this bug has existed for a while, it was not apparent until
commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change")
which invokes smp_call_function_single ...
Show More |
|||||
| CVE-2024-35822 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: udc: remove warning when queue disabled ep
It is possible trigger below warning message from mass storage function,
WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104
pc : usb_ep_queue+0x7c/0x104
lr : fsg_main_thread+0x494/0x1b3c
Root cause is mass storage function try to queue request from main thread,
but other thread may already disable ep when function disable.
As there is no fun ...
Show More |
|||||
| CVE-2024-35825 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: ncm: Fix handling of zero block length packets
While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX
set to 65536, it has been observed that we receive short packets,
which come at interval of 5-10 seconds sometimes and have block
length zero but still contain 1-2 valid datagrams present.
According to the NCM spec:
"If wBlockLength = 0x0000, the block is terminated by a
short packet. In this case, the US ...
Show More |
|||||
| CVE-2024-35830 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: tc358743: register v4l2 async device only after successful setup
Ensure the device has been setup correctly before registering the v4l2
async device, thus allowing userspace to access.
|
|||||
| CVE-2024-35837 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: mvpp2: clear BM pool before initialization
Register value persist after booting the kernel using
kexec which results in kernel panic. Thus clear the
BM pool registers before initialisation to fix the issue.
|
|||||
| CVE-2025-38065 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
orangefs: Do not truncate file size
'len' is used to store the result of i_size_read(), so making 'len'
a size_t results in truncation to 4GiB on 32-bit systems.
|
|||||
| CVE-2025-38063 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-17 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
dm: fix unconditional IO throttle caused by REQ_PREFLUSH
When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()
generates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,
which causes the flush_bio to be throttled by wbt_wait().
An example from v5.4, similar problem also exists in upstream:
crash> bt 2091206
PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: "kworker/u260:0"
#0 [ffff ...
Show More |
|||||