VIR Vulnerability Intelligence Relay

Search

Found 16,402 results in 1349ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-41741 medium 5.5 FIX rhel sles rocky 1y ago Moderate: nginx security update
CVE-2022-1941 medium 5.5 FIX rhelarch arch sles 1y ago Moderate: protobuf security update
CVE-2024-53920 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:11030: emacs security update (Moderate)
CVE-2025-37864 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete ds…
CVE-2025-32873 medium 5.5 FIX arch arch slesdebian debian 1y ago An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performan…
CVE-2025-2487 medium 5.5 FIX debian debian rhel sles 1y ago Moderate: 389-ds-base security update
CVE-2024-3567 medium 5.5 FIX rhel sles rocky 1y ago A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This…
CVE-2023-6693 medium 5.5 FIX rhel rocky sles 1y ago A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_V…
CVE-2025-46734 medium 5.5 FIX debian debian 1y ago league/commonmark contains a XSS vulnerability in Attributes extension
CVE-2024-58135 medium 5.3 5.3 slesdebian debian mojolicious 1y ago Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate a…
CVE-2023-53133 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system c…
CVE-2022-49822 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt…
CVE-2022-49803 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: netdevsim: Fix memory leak of nsim_dev->fa_cookie kmemleak reports this issue: unreferenced object 0xffff8881bac872d0 (size 8): …
CVE-2025-37756 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unex…
CVE-2025-23160 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system com…
CVE-2025-23143 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago Linux kernel (Azure) vulnerabilities
CVE-2025-23141 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting…
CVE-2024-46826 medium 5.5 FIX rhel rocky sles 1y ago In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any mom…
CVE-2024-44990 medium 5.5 5.5 FIX rhel rocky sles 1y ago In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the point…
CVE-2020-27792 medium 5.5 FIX rocky slesdebian debian 1y ago RHSA-2025:4362: ghostscript security update (Moderate)
CVE-2025-1861 medium 5.5 FIX rockyalmalinux almalinux rhel 1y ago In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit o…
CVE-2025-1736 medium 5.5 FIX rockyalmalinux almalinux rhel 1y ago In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line chara…
CVE-2025-1734 medium 5.5 FIX rockyalmalinux almalinux rhel 1y ago In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as v…
CVE-2025-1219 medium 5.5 FIX rocky rhelalmalinux almalinux 1y ago In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-…
CVE-2025-1217 medium 5.5 FIX rockyalmalinux almalinux rhel 1y ago In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are …
CVE-2025-0395 medium 6.2 6.2 FIX rhel rockydebian debian 1y ago RHSA-2025:3828: glibc security update (Moderate)
CVE-2024-8929 medium 5.5 FIX rocky rhelalmalinux almalinux 1y ago Moderate: php:8.1 security update
CVE-2024-11234 medium 5.5 FIX rocky rhel sles 1y ago Moderate: php:8.1 security update
CVE-2024-11233 medium 5.5 FIX rocky rhel sles 1y ago Moderate: php:8.1 security update
CVE-2025-46653 low 3.1 3.1 FIX debian debian node-formidable 1y ago Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographic…
CVE-2025-46394 low 3.2 3.2 FIX arch archdebian debian sles busybox 1y ago In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
CVE-2025-30698 medium 5.5 FIX almalinux almalinux rhel rocky 1y ago Moderate: java-1.8.0-openjdk security update
CVE-2025-30691 medium 5.5 FIX rhel rocky sles 1y ago Moderate: java-1.8.0-openjdk security update
CVE-2025-21587 medium 5.5 FIX rhel rocky sles 1y ago Moderate: java-1.8.0-openjdk security update
CVE-2024-53150 medium 7.0 KEVFIX rhel rocky sles 1y ago Moderate: kernel security update
CVE-2025-3549 low 3.3 3.3 FIX debian debian sles assimp 1y ago A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/Ass…
CVE-2025-3548 low 3.3 3.3 FIX debian debian sles assimp 1y ago A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h …
CVE-2024-45341 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:3772: go-toolset:rhel8 security update (Moderate)
CVE-2025-3406 medium 6.5 6.5 slesdebian debian nothings 1y ago A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The mani…
CVE-2025-3359 medium 6.2 6.2 debian debian sles 1y ago A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.
CVE-2025-24813 medium 8.0 KEVEXPFIX rhel rocky sles 1y ago Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apach…
CVE-2025-3198 medium 5.5 5.5 FIX debian debian sles gnu 1y ago A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objd…
CVE-2025-3196 medium 5.5 5.5 FIX debian debian sles assimp 1y ago A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/M…
CVE-2025-31115 medium 5.5 FIX arch arch slesdebian debian 1y ago XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at lea…
CVE-2024-8176 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:4048: xmlrpc-c security update (Moderate)
CVE-2024-43855 medium 5.5 FIX rhel slesdebian debian 1y ago In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in pro…
CVE-2025-2926 medium 5.5 5.5 debian debian sles hdfgroup 1y ago A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null point…
CVE-2025-2925 medium 5.5 5.5 debian debian sles hdfgroup 1y ago A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem le…
CVE-2025-2924 medium 5.5 5.5 debian debian sles hdfgroup 1y ago A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free…
CVE-2025-2923 low 3.3 3.3 debian debian sles hdfgroup 1y ago A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the…
CVE-2025-2915 medium 5.5 5.5 debian debian sles hdfgroup 1y ago A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_…
CVE-2025-2914 low 3.3 3.3 debian debian sles hdfgroup 1y ago A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect…
CVE-2025-2913 medium 5.3 5.3 debian debian sles hdfgroup 1y ago A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_b…
CVE-2025-2912 medium 5.3 5.3 debian debian sles hdfgroup 1y ago A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the…
CVE-2024-45336 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:3772: go-toolset:rhel8 security update (Moderate)
CVE-2024-7347 medium 5.5 FIX rhel sles rocky 1y ago Moderate: nginx:1.24 security update
CVE-2025-27810 medium 4.8 4.8 FIX debian debian armtrustedfirmware 1y ago Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to…
CVE-2025-27809 medium 5.4 5.4 FIX debian debian armtrustedfirmware 1y ago Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostna…
CVE-2025-21865 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Brad Spengler reported the list_del() corruption splat in gtp_n…
CVE-2025-21862 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-exec…
CVE-2025-21859 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a r…
CVE-2025-21845 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_…
CVE-2024-50302 medium 5.5 7.0 KEVFIX rhel rocky sles 1y ago Important: kernel security update
CVE-2025-21835 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming e…
CVE-2024-58085 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), …
CVE-2024-58071 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, …
CVE-2024-58063 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When init…
CVE-2024-58058 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: ubifs: skip dumping tnc tree when zroot is null Clearing slab cache will free all znode in memory and make c->zroot.znode = NULL,…
CVE-2024-58051 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: Add check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned val…
CVE-2025-21814 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all …
CVE-2025-21776 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause u…
CVE-2025-21767 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a P…
CVE-2025-21766 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it…
CVE-2025-21758 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no lon…
CVE-2025-21744 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a p…
CVE-2024-58020 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but this returned va…
CVE-2024-58017 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow…
CVE-2024-58016 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled b…
CVE-2025-21712 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime After commit ec6bb299c7c3 ("md/md-bitmap: add 'sync_size' into …
CVE-2025-21711 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rose_setsockopt() In case of possible unpredictably large arguments passed to rose_setsock…
CVE-2024-57996 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 act…
CVE-2024-57977 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: memcg: fix soft lockup in the OOM process A soft lockup issue was found in the product with about 56,000 tasks were in the OOM cg…
CVE-2022-49183 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in betwe…
CVE-2022-49135 medium 5.5 5.5 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix t…
CVE-2025-27221 medium 5.5 FIX rhel rocky sles 1y ago RHSA-2025:4063: ruby:3.1 security update (Moderate)
CVE-2025-27220 medium 5.5 FIX rhel rocky sles 1y ago RHSA-2025:4063: ruby:3.1 security update (Moderate)
CVE-2025-27219 medium 5.5 FIX rhel rocky sles 1y ago RHSA-2025:4063: ruby:3.1 security update (Moderate)
CVE-2025-21490 medium 5.5 FIX rocky rhel sles 1y ago Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vul…
CVE-2023-52490 medium 5.5 FIX rhel slesdebian debian 1y ago Moderate: kernel security update
CVE-2024-57256 medium 6.8 6.8 FIX slesdebian debian denx 1y ago An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resultin…
CVE-2025-1376 low 2.5 2.5 debian debian sles elfutils_project 1y ago A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipu…
CVE-2025-1352 medium 5.0 5.0 debian debian sles elfutils_project 1y ago A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. …
CVE-2025-21701 medium 4.7 4.7 FIX slesdebian debian linux-kernel 1y ago In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered whi…
CVE-2025-25184 medium 5.5 FIX rhel slesdebian debian 1y ago Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline character…
CVE-2022-49043 medium 5.5 FIX rhel rocky sles 1y ago xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
CVE-2025-25186 medium 5.5 FIX rhel rocky sles 1y ago RHSA-2025:10217: ruby:3.3 security update (Moderate)
CVE-2024-52533 medium 5.5 FIX rhel rockydebian debian 1y ago RHSA-2025:11327: glib2 security update (Moderate)
CVE-2024-41184 medium 5.5 FIX rhel rocky sles 1y ago RHSA-2025:0743: keepalived security update (Moderate)
CVE-2024-21096 medium 5.5 FIX rhel rocky sles 1y ago Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnera…
CVE-2019-12900 medium 5.5 FIX rheldebian debian rocky 1y ago RHSA-2025:0733: bzip2 security and bug fix update (Moderate)