Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-49610 | 1 Linux | 1 Linux Kernel | 2025-10-23 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Prevent RSB underflow before vmenter
On VMX, there are some balanced returns between the time the guest's
SPEC_CTRL value is written, and the vmenter.
Balanced returns (matched by a preceding call) are usually ok, but it's
at least theoretically possible an NMI with a deep call stack could
empty the RSB before one of the returns.
For maximum paranoia, don't allow *any* returns (balanced or otherwise)
between the SP ...
Show More |
|||||
| CVE-2024-20767 | 1 Adobe | 1 Coldfusion | 2025-10-23 | N/A | 7.4 HIGH |
|
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.
|
|||||
| CVE-2024-6436 | 1 Rockwellautomation | 1 Sequencemanager | 2025-10-22 | N/A | 6.5 MEDIUM |
|
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, ...
Show More |
|||||
| CVE-2024-58018 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nvkm: correctly calculate the available space of the GSP cmdq buffer
r535_gsp_cmdq_push() waits for the available page in the GSP cmdq
buffer when handling a large RPC request. When it sees at least one
available page in the cmdq, it quits the waiting with the amount of
free buffer pages in the queue.
Unfortunately, it always takes the [write pointer, buf_size) as
available buffer pages before rolling back and wrongly calcula ...
Show More |
|||||
| CVE-2022-49565 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel/lbr: Fix unchecked MSR access error on HSW
The fuzzer triggers the below trace.
[ 7763.384369] unchecked MSR access error: WRMSR to 0x689
(tried to write 0x1fffffff8101349e) at rIP: 0xffffffff810704a4
(native_write_msr+0x4/0x20)
[ 7763.397420] Call Trace:
[ 7763.399881] <TASK>
[ 7763.401994] intel_pmu_lbr_restore+0x9a/0x1f0
[ 7763.406363] intel_pmu_lbr_sched_task+0x91/0x1c0
[ 7763.410992] __perf_event_task_ ...
Show More |
|||||
| CVE-2022-49562 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D
bits instead of mapping the PTE into kernel address space. The VM_PFNMAP
path is broken as it assumes that vm_pgoff is the base pfn of the mapped
VMA range, which is conceptually wrong as vm_pgoff is the offset relative
to the file and has nothing to do with the pfn. The horrific hack worke ...
Show More |
|||||
| CVE-2022-49555 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_qca: Use del_timer_sync() before freeing
While looking at a crash report on a timer list being corrupted, which
usually happens when a timer is freed while still active. This is
commonly triggered by code calling del_timer() instead of
del_timer_sync() just before freeing.
One possible culprit is the hci_qca driver, which does exactly that.
Eric mentioned that wake_retrans_timer could be rearmed via the work
q ...
Show More |
|||||
| CVE-2022-49659 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits
In commit 1be37d3b0414 ("can: m_can: fix periph RX path: use
rx-offload to ensure skbs are sent from softirq context") the RX path
for peripheral devices was switched to RX-offload.
Received CAN frames are pushed to RX-offload together with a
timestamp. RX-offload is designed to handle overflows of the timestamp
correctly, if 32 bit timestamps are ...
Show More |
|||||
| CVE-2022-49427 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
iommu/mediatek: Remove clk_disable in mtk_iommu_remove
After the commit b34ea31fe013 ("iommu/mediatek: Always enable the clk on
resume"), the iommu clock is controlled by the runtime callback.
thus remove the clk control in the mtk_iommu_remove.
Otherwise, it will warning like:
echo 14018000.iommu > /sys/bus/platform/drivers/mtk-iommu/unbind
[ 51.413044] ------------[ cut here ]------------
[ 51.413648] vpp0_smi_iommu a ...
Show More |
|||||
| CVE-2022-49430 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Input: gpio-keys - cancel delayed work only in case of GPIO
gpio_keys module can either accept gpios or interrupts. The module
initializes delayed work in case of gpios only and is only used if
debounce timer is not used, so make sure cancel_delayed_work_sync()
is called only when its gpio-backed and debounce_use_hrtimer is false.
This fixes the issue seen below when the gpio_keys module is unloaded and
an interrupt pin is us ...
Show More |
|||||
| CVE-2022-49431 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
The device_node pointer is returned by of_find_compatible_node
with refcount incremented. We should use of_node_put() to avoid
the refcount leak.
|
|||||
| CVE-2022-49558 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: double hook unregistration in netns path
__nft_release_hooks() is called from pre_netns exit path which
unregisters the hooks, then the NETDEV_UNREGISTER event is triggered
which unregisters the hooks again.
[ 565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270
[...]
[ 565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G E 5.18.0- ...
Show More |
|||||
| CVE-2022-49559 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2
Remove WARNs that sanity check that KVM never lets a triple fault for L2
escape and incorrectly end up in L1. In normal operation, the sanity
check is perfectly valid, but it incorrectly assumes that it's impossible
for userspace to induce KVM_REQ_TRIPLE_FAULT without bouncing through
KVM_RUN (which guarantees kvm_check_nested_state() will see and handle
...
Show More |
|||||
| CVE-2022-49440 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas: Keep MSR[RI] set when calling RTAS
RTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit big
endian mode (MSR[SF,LE] unset).
The change in MSR is done in enter_rtas() in a relatively complex way,
since the MSR value could be hardcoded.
Furthermore, a panic has been reported when hitting the watchdog interrupt
while running in RTAS, this leads to the following stack trace:
watchdog: CPU 24 Hard LOC ...
Show More |
|||||
| CVE-2022-49456 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix missed rcu protection
When removing the rcu_read_lock in bond_ethtool_get_ts_info() as
discussed [1], I didn't notice it could be called via setsockopt,
which doesn't hold rcu lock, as syzbot pointed:
stack backtrace:
CPU: 0 PID: 3599 Comm: syz-executor317 Not tainted 5.18.0-rc5-syzkaller-01392-g01f4685797a5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call ...
Show More |
|||||
| CVE-2022-49458 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: don't free the IRQ if it was not requested
As msm_drm_uninit() is called from the msm_drm_init() error path,
additional care should be necessary as not to call the free_irq() for
the IRQ that was not requested before (because an error occured earlier
than the request_irq() call).
This fixed the issue reported with the following backtrace:
[ 8.571329] Trying to free already-free IRQ 187
[ 8.571339] WARNING: CPU ...
Show More |
|||||
| CVE-2022-49460 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: rk3399_dmc: Disable edev on remove()
Otherwise we hit an unablanced enable-count when unbinding the DFI
device:
[ 1279.659119] ------------[ cut here ]------------
[ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c
...
[ 1279.659352] Hardware name: Google Kevin (DT)
[ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
[ 1279.659371] ...
Show More |
|||||
| CVE-2022-49422 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
If a call to alloc_chrdev_region() fails, the already allocated resources
are leaking.
Add the needed error handling path to fix the leak.
|
|||||
| CVE-2022-49180 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
LSM: general protection fault in legacy_parse_param
The usual LSM hook "bail on fail" scheme doesn't work for cases where
a security module may return an error code indicating that it does not
recognize an input. In this particular case Smack sees a mount option
that it recognizes, and returns 0. A call to a BPF hook follows, which
returns -ENOPARAM, which confuses the caller because Smack has processed
its data.
The SELinux ...
Show More |
|||||
| CVE-2022-49174 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
In case of flex_bg feature (which is by default enabled), extents for
any given inode might span across blocks from two different block group.
ext4_mb_mark_bb() only reads the buffer_head of block bitmap once for the
starting block group, but it fails to read it again when the extent length
boundary overflows to another block group. Then in this below loop it
accesses m ...
Show More |
|||||
| CVE-2022-49500 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
wl1251: dynamically allocate memory used for DMA
With introduction of vmap'ed stacks, stack parameters can no
longer be used for DMA and now leads to kernel panic.
It happens at several places for the wl1251 (e.g. when
accessed through SDIO) making it unuseable on e.g. the
OpenPandora.
We solve this by allocating temporary buffers or use wl1251_read32().
Tested on v5.18-rc5 with OpenPandora.
|
|||||
| CVE-2022-49543 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
When test device recovery with below command, it has warning in message
as below.
echo assert > /sys/kernel/debug/ath11k/wcn6855\ hw2.0/simulate_fw_crash
echo assert > /sys/kernel/debug/ath11k/qca6390\ hw2.0/simulate_fw_crash
warning message:
[ 1965.642121] ath11k_pci 0000:06:00.0: simulating firmware assert crash
[ 1968.471364] ieee80211 phy0: Hardware restar ...
Show More |
|||||
| CVE-2022-49175 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
PM: core: keep irq flags in device_pm_check_callbacks()
The function device_pm_check_callbacks() can be called under the spin
lock (in the reported case it happens from genpd_add_device() ->
dev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes.
However this function uncoditionally uses spin_lock_irq() /
spin_unlock_irq(), thus not preserving the CPU flags. Use the
irqsave/irqrestore instead.
The backtrace f ...
Show More |
|||||
| CVE-2022-49545 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
At closing a USB MIDI output substream, there might be still a pending
work, which would eventually access the rawmidi runtime object that is
being released. For fixing the race, make sure to cancel the pending
work at closing.
|
|||||
| CVE-2022-49169 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: use spin_lock to avoid hang
[14696.634553] task:cat state:D stack: 0 pid:1613738 ppid:1613735 flags:0x00000004
[14696.638285] Call Trace:
[14696.639038] <TASK>
[14696.640032] __schedule+0x302/0x930
[14696.640969] schedule+0x58/0xd0
[14696.641799] schedule_preempt_disabled+0x18/0x30
[14696.642890] __mutex_lock.constprop.0+0x2fb/0x4f0
[14696.644035] ? mod_objcg_state+0x10c/0x310
[14696.645040] ? obj_c ...
Show More |
|||||
| CVE-2022-49173 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
spi: fsi: Implement a timeout for polling status
The data transfer routines must poll the status register to
determine when more data can be shifted in or out. If the hardware
gets into a bad state, these polling loops may never exit. Prevent
this by returning an error if a timeout is exceeded.
|
|||||
| CVE-2022-49552 | 1 Linux | 1 Linux Kernel | 2025-10-22 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix combination of jit blinding and pointers to bpf subprogs.
The combination of jit blinding and pointers to bpf subprogs causes:
[ 36.989548] BUG: unable to handle page fault for address: 0000000100000001
[ 36.990342] #PF: supervisor instruction fetch in kernel mode
[ 36.990968] #PF: error_code(0x0010) - not-present page
[ 36.994859] RIP: 0010:0x100000001
[ 36.995209] Code: Unable to access opcode bytes at RIP ...
Show More |
|||||
| CVE-2025-59294 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-22 | N/A | 2.1 LOW |
|
Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.
|
|||||
| CVE-2025-59494 | 1 Microsoft | 1 Azure Monitor Agent | 2025-10-22 | N/A | 7.8 HIGH |
|
Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2024-32499 | 1 Newforma | 1 Project Center | 2025-10-22 | N/A | 4.9 MEDIUM |
|
Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.
|
|||||
| CVE-2025-40662 | 1 Acc | 1 Dm Corporative Cms | 2025-10-22 | N/A | 7.5 HIGH |
|
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
|
|||||
| CVE-2015-1427 | 2 Elastic, Redhat | 2 Elasticsearch, Fuse | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
|
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
|
|||||
| CVE-2015-0071 | 1 Microsoft | 9 Internet Explorer, Windows 7, Windows 8 and 6 more | 2025-10-22 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
|
|||||
| CVE-2014-6352 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
|
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
|
|||||
| CVE-2014-6324 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2025-10-22 | 9.0 HIGH | 8.8 HIGH |
|
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
|
|||||
| CVE-2014-4123 | 1 Microsoft | 10 Internet Explorer, Windows 7, Windows 8 and 7 more | 2025-10-22 | 6.8 MEDIUM | 8.8 HIGH |
|
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.
|
|||||
| CVE-2014-4114 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
|
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
|
|||||
| CVE-2014-4113 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
|
|||||
| CVE-2014-4077 | 1 Microsoft | 5 Office 2007 Ime, Windows 7, Windows Server 2003 and 2 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
|
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.
|
|||||
| CVE-2014-3153 | 6 Canonical, Linux, Opensuse and 3 more | 9 Ubuntu Linux, Linux Kernel, Opensuse and 6 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
|
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
|
|||||