ReportizFlow
Filtered by vendor
Subscriptions
Total
219 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0038 | 1 Amd | 1 Zynq Ultrascale+ | 2025-10-08 | 6.6 Medium |
| In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality. | ||||
| CVE-2024-38659 | 1 Linux | 1 Linux Kernel | 2025-10-03 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port. | ||||
| CVE-2024-56716 | 1 Linux | 1 Linux Kernel | 2025-10-01 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. | ||||
| CVE-2024-35964 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-24 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data. | ||||
| CVE-2024-35963 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-24 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data. | ||||
| CVE-2024-35965 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-09-24 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. | ||||
| CVE-2025-10094 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names. | ||||
| CVE-2025-2256 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. | ||||
| CVE-2024-53878 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-09-18 | 2.8 Low |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. | ||||
| CVE-2024-53879 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-09-18 | 2.8 Low |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. | ||||
| CVE-2025-43793 | 1 Liferay | 2 Dxp, Portal | 2025-09-17 | N/A |
| Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, which allows remote attackers who control a website that share the same TLD to read cookies set by the application. | ||||
| CVE-2024-5931 | 2 Zephyrproject, Zephyrproject-rtos | 2 Zephyr, Zephyr | 2025-09-17 | 6.3 Medium |
| BT: Unchecked user input in bap_broadcast_assistant | ||||
| CVE-2024-6768 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-09-15 | N/A |
| A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. | ||||
| CVE-2024-3036 | 2025-09-11 | 5.7 Medium | ||
| Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through 6.1.1-2. | ||||
| CVE-2025-32689 | 2 Themesgrove, Wordpress | 2 Wp Smartpay, Wordpress | 2025-09-10 | 7.5 High |
| Improper Validation of Specified Quantity in Input vulnerability in ThemesGrove WP SmartPay. This issue affects WP SmartPay: from n/a through 2.7.13. | ||||
| CVE-2025-0286 | 1 Paragon-software | 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more | 2025-09-09 | 8.4 High |
| Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine. | ||||
| CVE-2025-0285 | 1 Paragon-software | 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more | 2025-09-09 | 7.8 High |
| Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits. | ||||
| CVE-2024-36346 | 1 Amd | 2 Instinct Mi300a, Instinct Mi300x | 2025-09-08 | 6 Medium |
| Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition. | ||||
| CVE-2025-58835 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 5.3 Medium |
| Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bonus for Woo: from n/a through 7.4.1. | ||||
| CVE-2025-5808 | 1 Opentext | 1 Self Service Password Reset | 2025-08-31 | N/A |
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3. | ||||