VIR Vulnerability Intelligence Relay

Search

Found 27,141 results in 1443ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2025-48924 unknown FIX debian debian sles 11mo ago Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.…
CVE-2025-38347 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for mo…
CVE-2025-38312 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x8000…
CVE-2025-38285 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN() in get_bpf_raw_tp_regs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 g…
CVE-2025-7207 medium 5.5 5.5 FIX debian debian mruby 11mo ago A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs H…
CVE-2025-4673 medium 5.5 FIX rhel rockyarch arch 11mo ago RHSA-2025:10672: go-toolset:rhel8 security update (Moderate)
CVE-2025-24294 medium 5.5 FIX rocky rhel sles 11mo ago RHSA-2025:23062: ruby:3.3 security update (Moderate)
CVE-2025-22874 medium 5.5 FIX rhelarch archdebian debian 11mo ago Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rath…
CVE-2025-5024 medium 5.5 FIX rheldebian debian sles 11mo ago A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may b…
CVE-2025-48060 medium 5.5 FIX rhel rockydebian debian 11mo ago jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash hap…
CVE-2024-23337 medium 5.5 FIX rhel rocky sles 11mo ago jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denia…
CVE-2024-54661 medium 5.5 FIX rhel rocky sles 11mo ago readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.
CVE-2025-7069 medium 5.5 5.5 debian debian sles hdfgroup 11mo ago A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffe…
CVE-2025-7068 medium 5.5 5.5 debian debian sles hdfgroup 11mo ago A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attack…
CVE-2025-7067 medium 5.5 5.5 debian debian sles hdfgroup 11mo ago A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-b…
CVE-2025-49601 medium 6.5 6.5 FIX debian debian trustedfirmware 11mo ago In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncate…
CVE-2025-49600 medium 4.9 4.9 FIX debian debian trustedfirmware 11mo ago In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault…
CVE-2025-38231 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfs…
CVE-2025-38222 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data…
CVE-2025-38215 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuf…
CVE-2025-38214 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate me…
CVE-2025-38192 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flip…
CVE-2025-38167 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may …
CVE-2025-38105 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver mig…
CVE-2025-38100 medium 5.5 5.5 FIX slesdebian debian linux-kernel 11mo ago In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fai…
CVE-2025-6554 unknown 1.5 KEVFIX debian debian 11mo ago Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2025-53103 unknown FIX debian debian sles 11mo ago junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener
CVE-2025-5702 medium 5.5 FIX rheldebian debian sles 11mo ago Moderate: glibc security update
CVE-2023-52933 medium 5.5 FIX rhel slesdebian debian 11mo ago Moderate: kernel security update
CVE-2025-6858 medium 5.5 5.5 debian debian sles hdfgroup 11mo ago A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null point…
CVE-2025-52890 unknown FIX debian debian 1y ago Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security optio…
CVE-2025-52889 unknown FIX debian debian 1y ago Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) th…
CVE-2024-53064 medium 5.5 FIX rocky slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpf_vc_core_init error path In an event where the platform running the device control plane is rebooted, reset is dete…
CVE-2022-48919 medium 5.5 FIX rocky slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call dea…
CVE-2025-5455 medium 5.5 FIX rhel sles rocky 1y ago Moderate: qt5-qtbase security update
CVE-2025-47268 medium 5.5 FIX rheldebian debian sles 1y ago Moderate: iputils security update
CVE-2025-3576 medium 5.9 5.9 FIX rhel rockydebian debian 1y ago RHSA-2025:8411: krb5 security update (Moderate)
CVE-2025-25724 medium 5.5 FIX rheldebian debian sles 1y ago Moderate: libarchive security update
CVE-2025-24495 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:10991: microcode_ctl security update (Moderate)
CVE-2025-20623 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:10991: microcode_ctl security update (Moderate)
CVE-2025-20012 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:10991: microcode_ctl security update (Moderate)
CVE-2024-45332 medium 5.5 FIX rhel rocky sles 1y ago RHSA-2025:10991: microcode_ctl security update (Moderate)
CVE-2024-43420 medium 5.5 FIX rhel rocky sles 1y ago RHSA-2025:10991: microcode_ctl security update (Moderate)
CVE-2025-6498 medium 5.5 5.5 debian debian htacg 1y ago A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possibl…
CVE-2025-3891 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:4597: mod_auth_openidc:2.3 security update (Moderate)
CVE-2025-37738 medium 5.5 FIX rhel rocky sles 1y ago Moderate: kernel security update
CVE-2025-23150 medium 5.5 FIX rhel rocky sles 1y ago Moderate: kernel security update
CVE-2025-22104 medium 5.5 FIX rhel sles rocky 1y ago Moderate: kernel security update
CVE-2025-21919 medium 5.5 FIX rhel rocky sles 1y ago Moderate: kernel security update
CVE-2025-21883 medium 5.5 FIX rhel sles rocky 1y ago Moderate: kernel security update
CVE-2025-6375 medium 5.5 5.5 FIX slesdebian debian pocoproject 1y ago A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation…
CVE-2025-38083 medium 4.7 4.7 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the…
CVE-2025-6270 medium 5.3 5.3 debian debian sles hdfgroup 1y ago A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads t…
CVE-2025-6269 medium 5.3 5.3 debian debian sles hdfgroup 1y ago A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to he…
CVE-2022-49957 unknown FIX slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initial…
CVE-2025-38071 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblock_phys_alloc_range() At least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of …
CVE-2025-38067 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior…
CVE-2025-38063 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() ge…
CVE-2025-38058 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - …
CVE-2025-49124 unknown FIX slesdebian debian 1y ago Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects A…
CVE-2025-6120 medium 5.3 5.3 debian debian sles assimp 1y ago A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/Ha…
CVE-2025-6119 medium 5.3 5.3 debian debian assimp 1y ago A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib…
CVE-2025-4748 medium 5.5 FIX arch archdebian debian sles 1y ago Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is as…
CVE-2025-41234 unknown FIX debian debian 1y ago Spring Framework vulnerable to a reflected file download (RFD)
CVE-2025-49146 unknown FIX debian debian sles 1y ago pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration
CVE-2022-49395 medium 5.5 FIX rocky slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes…
CVE-2025-5899 medium 5.3 5.3 debian debian 1y ago A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp…
CVE-2025-5898 medium 5.3 5.3 slesdebian debian 1y ago A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The m…
CVE-2025-4802 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:8686: glibc security update (Moderate)
CVE-2025-32433 unknown 2.5 KEVEXPFIX debian debian sles 1y ago Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially l…
CVE-2024-42009 unknown 1.5 KEVFIX debian debian 1y ago RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desan…
CVE-2025-49128 unknown FIX debian debian 1y ago Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
CVE-2025-5419 unknown 1.5 KEVFIX debian debian 1y ago Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-35036 unknown debian debian 1y ago Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language
CVE-2023-24824 medium 5.5 FIX rockydebian debian rhel 1y ago RHSA-2025:8427: pandoc security update (Moderate)
CVE-2020-16156 medium 5.5 FIX arch arch rocky sles 1y ago CPAN 2.28 allows Signature Verification Bypass.
CVE-2022-3424 medium 5.5 FIX rhel slesdebian debian 1y ago Moderate: kernel security update
CVE-2025-5278 medium 4.4 4.4 arch archdebian debian sles 1y ago A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafte…
CVE-2025-21964 medium 5.5 FIX rhel sles rocky 1y ago Moderate: kernel security update
CVE-2025-4949 unknown debian debian sles 1y ago Eclipse JGit XML External Entity (XXE) Vulnerability
CVE-2025-4969 medium 6.5 6.5 FIX debian debian sles 1y ago A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially…
CVE-2025-37968 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twic…
CVE-2025-37931 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing…
CVE-2025-47273 medium 5.5 FIX rhel rocky sles 1y ago Moderate: fence-agents security update
CVE-2025-31257 medium 4.7 4.7 FIX rhel rockyarch arch apple 1y ago This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously…
CVE-2025-22233 unknown debian debian 1y ago Spring Framework DataBinder Case Sensitive Match Exception
CVE-2025-4476 medium 4.3 4.3 FIX debian debian sles 1y ago A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a spe…
CVE-2025-47279 unknown FIX debian debian 1y ago Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server …
CVE-2022-4055 medium 5.5 rhel slesdebian debian 1y ago Moderate: xdg-utils security update
CVE-2025-46836 medium 6.6 6.6 FIX slesdebian debian 1y ago net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (l…
CVE-2025-27832 medium 5.5 FIX rheldebian debian sles 1y ago Moderate: ghostscript security update
CVE-2020-13790 medium 5.5 FIX rocky slesdebian debian 1y ago RHSA-2025:7540: libjpeg-turbo security update (Moderate)
CVE-2019-19012 medium 5.5 FIX rockydebian debian rhel 1y ago RHSA-2025:7539: ruby:2.5 security update (Moderate)
CVE-2025-71151 medium 5.5 FIX rhel slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, th…
CVE-2025-68179 medium 5.5 FIX rhel slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP As reported by Luiz Capitulino enabling HVO on s390 leads to reproducible crashe…
CVE-2025-30472 medium 5.5 FIX rheldebian debian sles 1y ago Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
CVE-2025-26465 medium 6.8 6.8 FIX rhel rocky sles openbsdnetappredhat 1y ago A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occur…
CVE-2025-24528 medium 5.5 FIX rheldebian debian sles 1y ago RHSA-2025:2722: krb5 security update (Moderate)
CVE-2025-23419 medium 5.5 FIX rhel slesdebian debian 1y ago When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. Thi…
CVE-2025-22087 medium 5.5 FIX rhel slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes the interpreters[] array…