Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40949 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm: shmem: fix getting incorrect lruvec when replacing a shmem folio
When testing shmem swapin, I encountered the warning below on my machine.
The reason is that replacing an old shmem folio with a new one causes
mem_cgroup_migrate() to clear the old folio's memcg data. As a result,
the old folio cannot get the correct memcg's lruvec needed to remove
itself from the LRU list when it is being freed. This could lead to
possib ...
Show More |
|||||
| CVE-2024-40975 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: x86-android-tablets: Unregister devices in reverse order
Not all subsystems support a device getting removed while there are
still consumers of the device with a reference to the device.
One example of this is the regulator subsystem. If a regulator gets
unregistered while there are still drivers holding a reference
a WARN() at drivers/regulator/core.c:5829 triggers, e.g.:
WARNING: CPU: 1 PID: 1587 at drivers/ ...
Show More |
|||||
| CVE-2025-55006 | 1 Frappe | 1 Learning | 2025-10-06 | N/A | 4.3 MEDIUM |
|
Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0.
|
|||||
| CVE-2024-40985 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net/tcp_ao: Don't leak ao_info on error-path
It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on
version 5 [1] of TCP-AO patches. Quite frustrative that having all these
selftests that I've written, running kmemtest & kcov was always in todo.
[1]: https://lore.kernel.org/netdev/[email protected]/
|
|||||
| CVE-2025-49146 | 1 Postgresql | 1 Postgresql Jdbc Driver | 2025-10-06 | N/A | 8.2 HIGH |
|
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requiremen ...
Show More |
|||||
| CVE-2014-2365 | 1 Advantech | 1 Advantech Webaccess | 2025-10-06 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
|
|||||
| CVE-2024-56680 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: intel/ipu6: do not handle interrupts when device is disabled
Some IPU6 devices have shared interrupts. We need to handle properly
case when interrupt is triggered from other device on shared irq line
and IPU6 itself disabled. In such case we get 0xffffffff from
ISR_STATUS register and handle all irq's cases, for what we are not
not prepared and usually hang the whole system.
To avoid the issue use pm_runtime_get_if_act ...
Show More |
|||||
| CVE-2024-56641 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net/smc: initialize close_work early to avoid warning
We encountered a warning that close_work was canceled before
initialization.
WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0
Workqueue: events smc_lgr_terminate_work [smc]
RIP: 0010:__flush_work+0x19e/0x1b0
Call Trace:
? __wake_up_common+0x7a/0x190
? work_busy+0x80/0x80
__cancel_work_timer+0xe3/0x160
smc_close_cancel_work ...
Show More |
|||||
| CVE-2024-9500 | 1 Autodesk | 1 Installer | 2025-10-06 | N/A | 7.8 HIGH |
|
A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.
|
|||||
| CVE-2022-48818 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: don't use devres for mdiobus
As explained in commits:
74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
mdiobus_free() will panic when called from devm_mdiobus_free() <-
devres_release_all() <- __device_release_driver(), and that mdiobus was
not previously unregistered.
The mv88e6xxx is an MDIO device, so the in ...
Show More |
|||||
| CVE-2022-48817 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: ar9331: register the mdiobus under devres
As explained in commits:
74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
mdiobus_free() will panic when called from devm_mdiobus_free() <-
devres_release_all() <- __device_release_driver(), and that mdiobus was
not previously unregistered.
The ar9331 is an MDIO device, so the ini ...
Show More |
|||||
| CVE-2022-48815 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: bcm_sf2: don't use devres for mdiobus
As explained in commits:
74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
mdiobus_free() will panic when called from devm_mdiobus_free() <-
devres_release_all() <- __device_release_driver(), and that mdiobus was
not previously unregistered.
The Starfighter 2 is a platform device, so t ...
Show More |
|||||
| CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2025-10-06 | N/A | 5.3 MEDIUM |
|
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.
|
|||||
| CVE-2024-42260 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Validate passed in drm syncobj handles in the performance extension
If userspace provides an unknown or invalid handle anywhere in the handle
array the rest of the driver will not handle that well.
Fix it by checking handle was looked up successfully or otherwise fail the
extension by jumping into the existing unwind.
(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)
|
|||||
| CVE-2024-42261 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Validate passed in drm syncobj handles in the timestamp extension
If userspace provides an unknown or invalid handle anywhere in the handle
array the rest of the driver will not handle that well.
Fix it by checking handle was looked up successfully or otherwise fail the
extension by jumping into the existing unwind.
(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)
|
|||||
| CVE-2025-55553 | 1 Linuxfoundation | 1 Pytorch | 2025-10-03 | N/A | 7.5 HIGH |
|
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
|
|||||
| CVE-2025-55557 | 1 Linuxfoundation | 1 Pytorch | 2025-10-03 | N/A | 7.5 HIGH |
|
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
|
|||||
| CVE-2025-46148 | 1 Linuxfoundation | 1 Pytorch | 2025-10-03 | N/A | 5.3 MEDIUM |
|
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
|
|||||
| CVE-2025-46150 | 1 Linuxfoundation | 1 Pytorch | 2025-10-03 | N/A | 5.3 MEDIUM |
|
In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
|
|||||
| CVE-2025-55551 | 1 Linuxfoundation | 1 Pytorch | 2025-10-03 | N/A | 7.5 HIGH |
|
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
|
|||||
| CVE-2024-38620 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: HCI: Remove HCI_AMP support
Since BT_HS has been remove HCI_AMP controllers no longer has any use so
remove it along with the capability of creating AMP controllers.
Since we no longer need to differentiate between AMP and Primary
controllers, as only HCI_PRIMARY is left, this also remove
hdev->dev_type altogether.
|
|||||
| CVE-2025-54591 | 1 Freshrss | 1 Freshrss | 2025-10-03 | N/A | 7.5 HIGH |
|
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSS_Auth::hasAccess() function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a defined firstAction() method with an override to make sure that every action requires access. If one doesn't, then every action has to check for access manually, and certain endpoints use neither the fi ...
Show More |
|||||
| CVE-2025-54875 | 1 Freshrss | 1 Freshrss | 2025-10-03 | N/A | 9.8 CRITICAL |
|
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, new_user_is_admin. This is fixed in version 1.27.0.
|
|||||
| CVE-2024-38614 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
openrisc: traps: Don't send signals to kernel mode threads
OpenRISC exception handling sends signals to user processes on floating
point exceptions and trap instructions (for debugging) among others.
There is a bug where the trap handling logic may send signals to kernel
threads, we should not send these signals to kernel threads, if that
happens we treat it as an error.
This patch adds conditions to die if the kernel receive ...
Show More |
|||||
| CVE-2024-38607 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
The via-macii ADB driver calls request_irq() after disabling hard
interrupts. But disabling interrupts isn't necessary here because the
VIA shift register interrupt was masked during VIA1 initialization.
|
|||||
| CVE-2024-38604 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
block: refine the EOF check in blkdev_iomap_begin
blkdev_iomap_begin rounds down the offset to the logical block size
before stashing it in iomap->offset and checking that it still is
inside the inode size.
Check the i_size check to the raw pos value so that we don't try a
zero size write if iter->pos is unaligned.
|
|||||
| CVE-2024-38663 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix list corruption from resetting io stat
Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"),
each iostat instance is added to blkcg percpu list, so blkcg_reset_stats()
can't reset the stat instance by memset(), otherwise the llist may be
corrupted.
Fix the issue by only resetting the counter part.
|
|||||
| CVE-2024-37026 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Only use reserved BCS instances for usm migrate exec queue
The GuC context scheduling queue is 2 entires deep, thus it is possible
for a migration job to be stuck behind a fault if migration exec queue
shares engines with user jobs. This can deadlock as the migrate exec
queue is required to service page faults. Avoid deadlock by only using
reserved BCS instances for usm migrate exec queue.
(cherry picked from commit 0 ...
Show More |
|||||
| CVE-2024-38636 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: multidev: fix to recognize valid zero block address
As reported by Yi Zhang in mailing list [1], kernel warning was catched
during zbd/010 test as below:
./check zbd/010
zbd/010 (test gap zone support with F2FS) [failed]
runtime ... 3.752s
something found in dmesg:
[ 4378.146781] run blktests zbd/010 at 2024-02-18 11:31:13
[ 4378.192349] null_blk: module loaded
[ 4378.209860] n ...
Show More |
|||||
| CVE-2024-38626 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
fuse: clear FR_SENT when re-adding requests into pending list
The following warning was reported by lee bruce:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300
fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300
Modules linked in:
CPU: 0 PID: 8264 Comm: ab2 Not tainted 6.9.0-rc7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
RIP: 0010:fuse_request_end+0x685/0x7e0 fs/fuse/dev. ...
Show More |
|||||
| CVE-2021-47623 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc/fixmap: Fix VM debug warning on unmap
Unmapping a fixmap entry is done by calling __set_fixmap()
with FIXMAP_PAGE_CLEAR as flags.
Today, powerpc __set_fixmap() calls map_kernel_page().
map_kernel_page() is not happy when called a second time
for the same page.
WARNING: CPU: 0 PID: 1 at arch/powerpc/mm/pgtable.c:194 set_pte_at+0xc/0x1e8
CPU: 0 PID: 1 Comm: swapper Not tainted 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d- ...
Show More |
|||||
| CVE-2024-40923 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
vmxnet3: disable rx data ring on dma allocation failure
When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,
the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset
rq->data_ring.desc_size for the data ring that failed, which presumably
causes the hypervisor to reference it on packet reception.
To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell
the hypervisor to disable ...
Show More |
|||||
| CVE-2024-40917 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
memblock: make memblock_set_node() also warn about use of MAX_NUMNODES
On an (old) x86 system with SRAT just covering space above 4Gb:
ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0xfffffffff] hotplug
the commit referenced below leads to this NUMA configuration no longer
being refused by a CONFIG_NUMA=y kernel (previously
NUMA: nodes only cover 6144MB of your 8185MB e820 RAM. Not used.
No NUMA configuration found
...
Show More |
|||||
| CVE-2022-48814 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: seville: register the mdiobus under devres
As explained in commits:
74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
mdiobus_free() will panic when called from devm_mdiobus_free() <-
devres_release_all() <- __device_release_driver(), and that mdiobus was
not previously unregistered.
The Seville VSC9959 switch is a platfor ...
Show More |
|||||
| CVE-2022-48813 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: felix: don't use devres for mdiobus
As explained in commits:
74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
mdiobus_free() will panic when called from devm_mdiobus_free() <-
devres_release_all() <- __device_release_driver(), and that mdiobus was
not previously unregistered.
The Felix VSC9959 switch is a PCI device, so t ...
Show More |
|||||
| CVE-2022-48812 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: lantiq_gswip: don't use devres for mdiobus
As explained in commits:
74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")
5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres")
mdiobus_free() will panic when called from devm_mdiobus_free() <-
devres_release_all() <- __device_release_driver(), and that mdiobus was
not previously unregistered.
The GSWIP switch is a platform device, ...
Show More |
|||||
| CVE-2022-48802 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: task_mmu.c: don't read mapcount for migration entry
The syzbot reported the below BUG:
kernel BUG at include/linux/page-flags.h:785!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4392 Comm: syz-executor560 Not tainted 5.16.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:PageDoubleMap include/linux/page-flags.h:785 [inline]
RI ...
Show More |
|||||
| CVE-2022-48799 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix list corruption in perf_cgroup_switch()
There's list corruption on cgrp_cpuctx_list. This happens on the
following path:
perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)
cpu_ctx_sched_in
ctx_sched_in
ctx_pinned_sched_in
merge_sched_in
perf_cgroup_event_disable: remove the event from the list
Use list_for_each_entry_safe() to allow removing an ent ...
Show More |
|||||
| CVE-2022-48798 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
s390/cio: verify the driver availability for path_event call
If no driver is attached to a device or the driver does not provide the
path_event function, an FCES path-event on this device could end up in a
kernel-panic. Verify the driver availability before the path_event
function call.
|
|||||
| CVE-2022-48797 | 1 Linux | 1 Linux Kernel | 2025-10-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm: don't try to NUMA-migrate COW pages that have other uses
Oded Gabbay reports that enabling NUMA balancing causes corruption with
his Gaudi accelerator test load:
"All the details are in the bug, but the bottom line is that somehow,
this patch causes corruption when the numa balancing feature is
enabled AND we don't use process affinity AND we use GUP to pin pages
so our accelerator can DMA to/from system memory.
...
Show More |
|||||