VIR Vulnerability Intelligence Relay

Search

Found 27,087 results in 1766ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-54130 unknown FIX slesdebian debian 5mo ago In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanit…
CVE-2025-68351 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get…
CVE-2025-14957 medium 5.5 5.5 debian debian webassembly 6mo ago A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builde…
CVE-2025-68161 unknown FIX debian debian sles 6mo ago Apache Log4j does not verify the TLS hostname in its Socket Appender
CVE-2025-68463 medium 4.9 4.9 FIX debian debian 6mo ago Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez
CVE-2025-8291 medium 5.5 FIX rocky rhelalmalinux almalinux 6mo ago The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD re…
CVE-2025-6491 medium 5.5 FIX rockyalmalinux almalinux rhel 6mo ago In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null …
CVE-2025-5987 medium 5.5 FIX rheldebian debian sles 6mo ago Moderate: libssh security update
CVE-2025-1735 medium 5.5 FIX rockyalmalinux almalinux rhel 6mo ago In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This coul…
CVE-2025-1220 medium 5.5 FIX rocky rhelalmalinux almalinux 6mo ago In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null cha…
CVE-2024-29371 unknown FIX slesdebian debian 6mo ago jose4j is vulnerable to DoS via compressed JWE content
CVE-2025-61985 medium 5.5 FIX rocky rhel sles 6mo ago ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
CVE-2025-61984 medium 5.5 FIX rocky rhel sles 6mo ago ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrus…
CVE-2025-38499 medium 5.5 5.5 FIX rhel sles rocky 6mo ago Important: kernel security update
CVE-2025-68154 unknown FIX debian debian 6mo ago systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows syste…
CVE-2025-68146 unknown FIX slesdebian debian 6mo ago filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user …
CVE-2025-68142 unknown FIX debian debian 6mo ago PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension (`pymdownx.blocks.caption`).…
CVE-2023-53900 medium 6.1 6.1 debian debian spip 6mo ago Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo …
CVE-2025-68315 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in free_nid_list As reported, on-disk footer.ino and footer.nid is the same and out-o…
CVE-2025-68307 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs The driver lacks the cleanup of failed transfers of …
CVE-2025-68251 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted ima…
CVE-2025-68239 unknown FIX slesdebian debian google 6mo ago In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using o…
CVE-2025-68201 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace.
CVE-2025-40347 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix the deadlock of enetc_mdio_lock After applying the workaround for err050089, the LS1028A platform experiences RCU…
CVE-2025-67735 unknown FIX slesdebian debian 6mo ago Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
CVE-2025-65431 unknown FIX debian debian 6mo ago django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions
CVE-2025-65430 unknown FIX debian debian 6mo ago django-allauth does not reject access tokens for inactive users
CVE-2025-14569 medium 5.3 5.3 debian debian 6mo ago A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after …
CVE-2025-40345 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes …
CVE-2025-14512 medium 6.5 6.5 FIX rheldebian debian sles gnomeredhat 6mo ago A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when pro…
CVE-2025-53069 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-53062 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-53054 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-53053 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-53045 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-53044 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-53042 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-53040 medium 5.5 FIX rocky rheldebian debian 6mo ago RHSA-2025:23137: mysql:8.4 security update (Moderate)
CVE-2025-67713 unknown FIX debian debian 6mo ago Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like /…
CVE-2025-66628 unknown FIX debian debian sles 6mo ago ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in…
CVE-2025-14087 medium 5.6 5.6 FIX rheldebian debian sles gnome 6mo ago A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GV…
CVE-2025-14307 unknown debian debian 6mo ago An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attacke…
CVE-2025-14306 unknown debian debian 6mo ago A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to travers…
CVE-2025-6218 unknown 1.5 KEVFIX debian debian 6mo ago RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
CVE-2025-39979 medium 5.5 FIX rhel sles rocky 6mo ago Moderate: kernel security update
CVE-2025-39925 medium 5.5 FIX rhel sles rocky 6mo ago Moderate: kernel security update
CVE-2025-40281 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto syzbot reported a possible shift-out-of-bounds [1] Blame…
CVE-2025-40280 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reini…
CVE-2025-40278 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . …
CVE-2025-66564 unknown FIX debian debian 6mo ago Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (whi…
CVE-2025-66506 unknown FIX debian debian 6mo ago Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.extractIssuerURL splits (via a call to str…
CVE-2025-66516 unknown FIX debian debian 6mo ago Apache Tika has XXE vulnerability
CVE-2025-40264 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrb_params in case of OS2BMC be_insert_vlan_in_pkt() is called with the wrb_params argument being NULL at be_send_pk…
CVE-2025-40263 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`…
CVE-2025-40262 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an ad…
CVE-2025-40261 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending I/O to com…
CVE-2025-40257 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcp_pm_del_add_timer() mptcp_pm_del_add_timer() can call sk_stop_timer_sync(sk, &entry->add_timer) while a…
CVE-2025-40254 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the set(nsh(...)) action is completely wr…
CVE-2025-40250 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rma…
CVE-2025-40214 unknown FIX slesdebian debian 6mo ago In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of …
CVE-2025-14010 medium 5.5 5.5 FIX debian debian redhat 6mo ago Ansible Community General Collection is vulnerable to exposure of sensitive information
CVE-2024-3884 unknown debian debian 6mo ago Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
CVE-2025-66453 unknown slesdebian debian 6mo ago Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
CVE-2025-65955 unknown FIX debian debian sles 6mo ago ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests …
CVE-2025-4598 medium 4.7 4.7 FIX arch arch rhel sles systemd_projectredhat 6mo ago Moderate: systemd security update
CVE-2025-61727 unknown FIX debian debian sles 6mo ago An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com doe…
CVE-2025-64460 unknown FIX slesdebian debian 6mo ago Django is vulnerable to DoS via XML serializer text extraction
CVE-2025-13372 unknown FIX slesdebian debian 6mo ago Django is vulnerable to SQL injection in column aliases
CVE-2025-66412 medium 5.4 5.4 FIX debian debian angular 6mo ago Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scriptin…
CVE-2025-9714 medium 5.5 5.5 FIX rheldebian debian sles xmlsoft 6mo ago Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPat…
CVE-2025-40186 medium 5.5 FIX slesdebian debian rhel 6mo ago In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a l…
CVE-2025-40185 medium 5.5 FIX rhel sles rocky 6mo ago Moderate: kernel security update
CVE-2025-40058 medium 5.5 FIX rhel sles rocky 6mo ago Moderate: kernel security update
CVE-2025-39981 medium 5.5 FIX rhel sles rocky 6mo ago Moderate: kernel security update
CVE-2025-39955 medium 5.5 FIX rocky rhel sles 6mo ago Moderate: kernel security update
CVE-2025-39918 medium 5.5 FIX rhel sles rocky 6mo ago Moderate: kernel security update
CVE-2025-12183 unknown debian debian 6mo ago LZ4 Java Compression has Out-of-bounds memory operations which can cause DoS
CVE-2025-66035 unknown FIX debian debian 6mo ago Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF tok…
CVE-2025-9624 unknown debian debian 6mo ago OpenSearch is vulnerable to DoS via complex query_string inputs
CVE-2025-39843 medium 5.5 5.5 FIX rhel sles rocky 7mo ago Moderate: kernel security update
CVE-2025-58183 medium 5.5 FIX rocky rheldebian debian 7mo ago Moderate: image-builder security update
CVE-2025-47914 unknown FIX debian debian sles 7mo ago SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
CVE-2025-58181 unknown FIX debian debian sles 7mo ago SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
CVE-2025-12119 unknown FIX debian debian 7mo ago A mongoc_bulk_operation_t may read invalid memory if large options are passed.
CVE-2025-13223 unknown 1.5 KEVFIX debian debian 7mo ago Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-61664 medium 4.9 4.9 FIX debian debian sles 7mo ago A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when it…
CVE-2025-54771 medium 4.9 4.9 FIX debian debian sles 7mo ago A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invali…
CVE-2025-54770 medium 4.9 4.9 FIX debian debian sles 7mo ago A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan…
CVE-2025-65015 unknown FIX debian debian 7mo ago joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the …
CVE-2025-65073 unknown FIX debian debian 7mo ago OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
CVE-2025-40047 medium 5.5 FIX rhel slesdebian debian 7mo ago In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait…
CVE-2025-39983 medium 5.5 FIX rhel slesdebian debian 7mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when proces…
CVE-2025-39982 medium 5.5 FIX rhel slesdebian debian 7mo ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connec…
CVE-2025-39973 medium 5.5 FIX rhel slesdebian debian 7mo ago In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to th…
CVE-2025-39971 medium 5.5 FIX rocky rhel sles 7mo ago In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx…
CVE-2025-39881 medium 5.5 FIX rhel slesdebian debian 7mo ago In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure St…
CVE-2025-39697 medium 4.7 4.7 FIX rocky rhel sles 7mo ago In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attache…
CVE-2025-13120 medium 5.5 5.5 debian debian mruby 7mo ago A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approache…
CVE-2025-64507 unknown FIX debian debian 7mo ago Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a c…
CVE-2025-64500 unknown FIX debian debian 7mo ago Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Start…