Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47531 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object
function") we switched to a new/cleaner method of doing things. That's
good, but we missed a little bit.
Before that commit, we used to _first_ run through the
drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant
that we ran:
vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP;
...
Show More |
|||||
| CVE-2021-47454 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc/smp: do not decrement idle task preempt count in CPU offline
With PREEMPT_COUNT=y, when a CPU is offlined and then onlined again, we
get:
BUG: scheduling while atomic: swapper/1/0/0x00000000
no locks held by swapper/1/0.
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.0-rc2+ #100
Call Trace:
dump_stack_lvl+0xac/0x108
__schedule_bug+0xac/0xe0
__schedule+0xcf8/0x10d0
schedule_idle+0x3c/0x70
do_idle+0x2d8/0x4a0
cpu_ ...
Show More |
|||||
| CVE-2021-47457 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
Using wait_event_interruptible() to wait for complete transmission,
but do not check the result of wait_event_interruptible() which can be
interrupted. It will result in TX buffer has multiple accessors and
the later process interferes with the previous process.
Following is one of the problems reported by syzbot.
=================================== ...
Show More |
|||||
| CVE-2021-47480 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Put LLD module refcnt after SCSI device is released
SCSI host release is triggered when SCSI device is freed. We have to make
sure that the low-level device driver module won't be unloaded before SCSI
host instance is released because shost->hostt is required in the release
handler.
Make sure to put LLD module refcnt after SCSI device is released.
Fixes a kernel panic of 'BUG: unable to handle page fault for addr ...
Show More |
|||||
| CVE-2021-47481 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR
Normally the zero fill would hide the missing initialization, but an
errant set to desc_size in reg_create() causes a crash:
BUG: unable to handle page fault for address: 0000000800000000
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 5 PID: 890 Comm: ib_write_bw Not tainted 5.15.0-rc4+ #47
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf ...
Show More |
|||||
| CVE-2021-47491 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm: khugepaged: skip huge page collapse for special files
The read-only THP for filesystems will collapse THP for files opened
readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB
misses for large text segments. But it doesn't restrict the file types
so a THP could be collapsed for a non-regular file, for example, block
device, if it is opened readonly and mapped with EXEC permission. This
may cause bugs, ...
Show More |
|||||
| CVE-2021-47492 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm, thp: bail out early in collapse_file for writeback page
Currently collapse_file does not explicitly check PG_writeback, instead,
page_has_private and try_to_release_page are used to filter writeback
pages. This does not work for xfs with blocksize equal to or larger
than pagesize, because in such case xfs has no page->private.
This makes collapse_file bail out early for writeback page. Otherwise,
xfs end_page_writeback ...
Show More |
|||||
| CVE-2021-47502 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd934x: handle channel mappping list correctly
Currently each channel is added as list to dai channel list, however
there is danger of adding same channel to multiple dai channel list
which endups corrupting the other list where its already added.
This patch ensures that the channel is actually free before adding to
the dai channel list and also ensures that the channel is on the list
before deleting it.
This ...
Show More |
|||||
| CVE-2021-47504 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring: ensure task_work gets run as part of cancelations
If we successfully cancel a work item but that work item needs to be
processed through task_work, then we can be sleeping uninterruptibly
in io_uring_cancel_generic() and never process it. Hence we don't
make forward progress and we end up with an uninterruptible sleep
warning.
While in there, correct a comment that should be IFF, not IIF.
|
|||||
| CVE-2021-47509 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Limit the period size to 16MB
Set the practical limit to the period size (the fragment shift in OSS)
instead of a full 31bit; a too large value could lead to the exhaust
of memory as we allocate temporary buffers of the period size, too.
As of this patch, we set to 16MB limit, which should cover all use
cases.
|
|||||
| CVE-2021-47452 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: skip netdev events generated on netns removal
syzbot reported following (harmless) WARN:
WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468
nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline]
nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline]
__nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524
nft_netdev_event net/netfilter/nft_chai ...
Show More |
|||||
| CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-09-29 | N/A | 5.3 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
|
|||||
| CVE-2024-35122 | 1 Ibm | 1 I | 2025-09-29 | N/A | 2.8 LOW |
|
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.
|
|||||
| CVE-2024-43820 | 1 Linux | 1 Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
rm-raid devices will occasionally trigger the following warning when
being resumed after a table load because DM_RECOVERY_RUNNING is set:
WARNING: CPU: 7 PID: 5660 at drivers/md/dm-raid.c:4105 raid_resume+0xee/0x100 [dm_raid]
The failing check is:
WARN_ON_ONCE(test_bit(MD_RECOVERY_RUNNING, &mddev->recovery));
This check is designed to make sure that the sync thr ...
Show More |
|||||
| CVE-2024-22316 | 1 Ibm | 1 Sterling File Gateway | 2025-09-29 | N/A | 4.3 MEDIUM |
|
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
|
|||||
| CVE-2023-47489 | 1 Combodo | 1 Itop | 2025-09-29 | N/A | 7.8 HIGH |
|
CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.
|
|||||
| CVE-2025-10868 | 1 Gitlab | 1 Gitlab | 2025-09-29 | N/A | 3.5 LOW |
|
An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs.
|
|||||
| CVE-2024-56436 | 1 Huawei | 1 Harmonyos | 2025-09-27 | N/A | 5.5 MEDIUM |
|
Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-56435 | 1 Huawei | 1 Harmonyos | 2025-09-27 | N/A | 6.2 MEDIUM |
|
Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-56136 | 1 Zulip | 1 Zulip Server | 2025-09-27 | N/A | 5.3 MEDIUM |
|
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||
| CVE-2023-52881 | 1 Linux | 1 Linux Kernel | 2025-09-27 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: do not accept ACK of bytes we never sent
This patch is based on a detailed report and ideas from Yepeng Pan
and Christian Rossow.
ACK seq validation is currently following RFC 5961 5.2 guidelines:
The ACK value is considered acceptable only if
it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=
SND.NXT). All incoming segments whose ACK value doesn't satisfy the
above condition MUST be discarded and ...
Show More |
|||||
| CVE-2024-37313 | 1 Nextcloud | 1 Nextcloud Server | 2025-09-26 | N/A | 7.3 HIGH |
|
Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.
|
|||||
| CVE-2022-48664 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix hang during unmount when stopping a space reclaim worker
Often when running generic/562 from fstests we can hang during unmount,
resulting in a trace like this:
Sep 07 11:52:00 debian9 unknown: run fstests generic/562 at 2022-09-07 11:52:00
Sep 07 11:55:32 debian9 kernel: INFO: task umount:49438 blocked for more than 120 seconds.
Sep 07 11:55:32 debian9 kernel: Not tainted 6.0.0-rc2-btrfs-next-122 #1
...
Show More |
|||||
| CVE-2024-2431 | 1 Paloaltonetworks | 1 Globalprotect | 2025-09-26 | N/A | 5.5 MEDIUM |
|
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.
|
|||||
| CVE-2024-2432 | 1 Paloaltonetworks | 1 Globalprotect | 2025-09-26 | N/A | 4.5 MEDIUM |
|
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
|
|||||
| CVE-2024-57955 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 6.1 MEDIUM |
|
Arbitrary write vulnerability in the Gallery module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-57954 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 6.2 MEDIUM |
|
Permission verification vulnerability in the media library module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-56438 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-26 | N/A | 6.0 MEDIUM |
|
Vulnerability of improper memory address protection in the HUKS module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2025-46593 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 5.1 MEDIUM |
|
Process residence vulnerability in abnormal scenarios in the print module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2025-46589 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 4.4 MEDIUM |
|
Vulnerability of unauthorized access in the app lock module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
|
|||||
| CVE-2025-46588 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 4.4 MEDIUM |
|
Vulnerability of unauthorized access in the app lock module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
|
|||||
| CVE-2025-31171 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 6.8 MEDIUM |
|
File read permission bypass vulnerability in the kernel file system module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2025-2713 | 1 Google | 1 Gvisor | 2025-09-26 | N/A | 7.8 HIGH |
|
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
|
|||||
| CVE-2023-52871 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: llcc: Handle a second device without data corruption
Usually there is only one llcc device. But if there were a second, even
a failed probe call would modify the global drv_data pointer. So check
if drv_data is valid before overwriting it.
|
|||||
| CVE-2024-27411 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: keep DMA buffers required for suspend/resume
Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly.
This is likely not as big an issue on systems where the NVGPU is the only GPU, but on multi-GPU set ups it leads to a regression where the kernel module errors and results in a system-wide rendering freeze.
This commit addresses that regression by moving the ...
Show More |
|||||
| CVE-2024-6284 | 1 Google | 1 Nftables | 2025-09-26 | N/A | 7.3 HIGH |
|
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).
This issue affects: https://pkg.go.dev/github.com/google/[email protected]
The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/[email protected]
|
|||||
| CVE-2023-52791 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
i2c: core: Run atomic i2c xfer when !preemptible
Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is
disabled. However, non-atomic i2c transfers require preemption (e.g. in
wait_for_completion() while waiting for the DMA).
panic() calls preempt_disable_notrace() before calling
emergency_restart(). Therefore, if an i2c device is used for the
restart, the xfer should be atomic. This avoids warnings like:
[ 12.6 ...
Show More |
|||||
| CVE-2023-52813 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Fix hungtask for PADATA_RESET
We found a hungtask bug in test_aead_vec_cfg as follows:
INFO: task cryptomgr_test:391009 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Call trace:
__switch_to+0x98/0xe0
__schedule+0x6c4/0xf40
schedule+0xd8/0x1b4
schedule_timeout+0x474/0x560
wait_for_common+0x368/0x4e0
wait_for_completion+0x20/0x30
wait_for_com ...
Show More |
|||||
| CVE-2023-52828 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Detect IP == ksym.end as part of BPF program
Now that bpf_throw kfunc is the first such call instruction that has
noreturn semantics within the verifier, this also kicks in dead code
elimination in unprecedented ways. For one, any instruction following
a bpf_throw call will never be marked as seen. Moreover, if a callchain
ends up throwing, any instructions after the call instruction to the
eventually throwing subprog in ...
Show More |
|||||
| CVE-2023-52834 | 1 Linux | 1 Linux Kernel | 2025-09-26 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
atl1c: Work around the DMA RX overflow issue
This is based on alx driver commit 881d0327db37 ("net: alx: Work around
the DMA RX overflow issue").
The alx and atl1c drivers had RX overflow error which was why a custom
allocator was created to avoid certain addresses. The simpler workaround
then created for alx driver, but not for atl1c due to lack of tester.
Instead of using a custom allocator, check the allocated skb address ...
Show More |
|||||