Search

Search Results (364424 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-11925 2 Azure-access, Azure Access Technology 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more 2025-11-07 6.1 Medium
Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2024-0340 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-11-07 4.4 Medium
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
CVE-2023-53061 1 Linux 2 Kernel Kernel, Linux Kernel 2025-11-07 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible refcount leak in smb2_open() Reference count of acls will leak when memory allocation fails. Fix this by adding the missing posix_acl_release().
CVE-2023-53060 1 Linux 1 Linux Kernel 2025-11-07 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the extra rtnl_lock causes deadlock below [ 141.420169] <TASK> [ 141.420672] __schedule+0x2dd/0x840 [ 141.421427] schedule+0x50/0xc0 [ 141.422041] schedule_preempt_disabled+0x11/0x20 [ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 [ 141.423324] unregister_netdev+0xe/0x20 [ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] [ 141.423791] pci_device_remove+0x36/0xb0 [ 141.423990] device_release_driver_internal+0xc1/0x160 [ 141.424270] pci_stop_bus_device+0x6d/0x90 [ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 [ 141.424789] pci_iov_remove_virtfn+0xba/0x120 [ 141.425452] sriov_disable+0x2f/0xf0 [ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] [ 141.426353] igb_remove+0xa0/0x130 [igb] [ 141.426599] pci_device_remove+0x36/0xb0 [ 141.426796] device_release_driver_internal+0xc1/0x160 [ 141.427060] driver_detach+0x44/0x90 [ 141.427253] bus_remove_driver+0x55/0xe0 [ 141.427477] pci_unregister_driver+0x2a/0xa0 [ 141.428296] __x64_sys_delete_module+0x141/0x2b0 [ 141.429126] ? mntput_no_expire+0x4a/0x240 [ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 [ 141.429653] do_syscall_64+0x5b/0x80 [ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0 [ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.430849] ? do_syscall_64+0x67/0x80 [ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 [ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.432482] ? do_syscall_64+0x67/0x80 [ 141.432714] ? exc_page_fault+0x64/0x140 [ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc Since the igb_disable_sriov() will call pci_disable_sriov() before releasing any resources, the netdev core will synchronize the cleanup to avoid any races. This patch removes the useless rtnl_(un)lock to guarantee correctness.
CVE-2023-53058 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-11-07 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code.
CVE-2024-4841 1 Lollms 1 Lollms-webui 2025-11-07 3.3 Low
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
CVE-2024-30145 1 Hcltech 1 Domino Leap 2025-11-07 6.5 Medium
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications.
CVE-2025-2915 1 Hdfgroup 1 Hdf5 2025-11-07 3.3 Low
A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2024-52316 3 Apache, Debian, Redhat 4 Tomcat, Debian Linux, Enterprise Linux and 1 more 2025-11-07 9.8 Critical
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
CVE-2024-42384 1 Cesanta 1 Mongoose 2025-11-07 7.5 High
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
CVE-2025-21079 1 Samsung 2 Members, Samsung Members 2025-11-07 7.1 High
Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.
CVE-2024-1151 4 Debian, Fedoraproject, Linux and 1 more 5 Debian Linux, Fedora, Linux Kernel and 2 more 2025-11-07 5.5 Medium
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
CVE-2025-54604 2 Bitcoin, Bitcoincore 3 Bitcoin, Bitcoin Core, Bitcoin Core 2025-11-07 7.5 High
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
CVE-2025-54605 2 Bitcoin, Bitcoincore 3 Bitcoin, Bitcoin Core, Bitcoin Core 2025-11-07 7.5 High
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
CVE-2025-12422 2 Azure-access, Azure Access Technology 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more 2025-11-07 9.8 Critical
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12423 2 Azure-access, Azure Access Technology 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more 2025-11-07 7.5 High
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12424 2 Azure-access, Azure Access Technology 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more 2025-11-07 9.8 Critical
Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12425 2 Azure-access, Azure Access Technology 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more 2025-11-07 7.8 High
Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12476 2 Azure-access, Azure Access Technology 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more 2025-11-07 9.8 Critical
Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
CVE-2025-12477 2 Azure-access, Azure Access Technology 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more 2025-11-07 9.8 Critical
Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .