Lista CVE - 2025 / Ottobre
Visualizzazione 3701 - 3800 di 4280 CVE per Ottobre 2025 (Pagina 38 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-10151 | 2025-10-28 | Malicious TCP/IP thread locking leads into diverse malfunctions |
| CVE-2025-41090 | 2025-10-28 | Improper Access Control in CCN-CERT microCLAUDIA |
| CVE-2025-40025 | 2025-10-28 | f2fs: fix to do sanity check on node footer for non inode dnode |
| CVE-2025-40026 | 2025-10-28 | KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O |
| CVE-2025-40027 | 2025-10-28 | net/9p: fix double req put in p9_fd_cancelled |
| CVE-2025-40028 | 2025-10-28 | binder: fix double-free in dbitmap |
| CVE-2025-55758 | 2025-10-28 | Extension - jdownloads.com - CSRF vectors in jDownloads component 1.0.0 - 4.0.47 for Joomla |
| CVE-2025-40029 | 2025-10-28 | bus: fsl-mc: Check return value of platform_get_resource() |
| CVE-2025-40030 | 2025-10-28 | pinctrl: check the return value of pinmux_ops::get_function_name() |
| CVE-2025-40031 | 2025-10-28 | tee: fix register_shm_helper() |
| CVE-2025-40032 | 2025-10-28 | PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release |
| CVE-2025-40033 | 2025-10-28 | remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() |
| CVE-2025-40034 | 2025-10-28 | PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() |
| CVE-2025-40035 | 2025-10-28 | Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak |
| CVE-2025-40036 | 2025-10-28 | misc: fastrpc: fix possible map leak in fastrpc_put_args |
| CVE-2025-40037 | 2025-10-28 | fbdev: simplefb: Fix use after free in simplefb_detach_genpds() |
| CVE-2025-40038 | 2025-10-28 | KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid |
| CVE-2025-40039 | 2025-10-28 | ksmbd: Fix race condition in RPC handle list access |
| CVE-2025-40040 | 2025-10-28 | mm/ksm: fix flag-dropping behavior in ksm_madvise |
| CVE-2025-40041 | 2025-10-28 | LoongArch: BPF: Sign-extend struct ops return values properly |
| CVE-2025-40042 | 2025-10-28 | tracing: Fix race condition in kprobe initialization causing NULL pointer dereference |
| CVE-2025-40043 | 2025-10-28 | net: nfc: nci: Add parameter validation for packet data |
| CVE-2025-40044 | 2025-10-28 | fs: udf: fix OOB read in lengthAllocDescs handling |
| CVE-2025-40045 | 2025-10-28 | ASoC: codecs: wcd937x: set the comp soundwire port correctly |
| CVE-2025-40046 | 2025-10-28 | io_uring/zcrx: fix overshooting recv limit |
| CVE-2025-40047 | 2025-10-28 | io_uring/waitid: always prune wait queue entry in io_waitid_wait() |
| CVE-2025-40048 | 2025-10-28 | uio_hv_generic: Let userspace take care of interrupt mask |
| CVE-2025-40049 | 2025-10-28 | Squashfs: fix uninit-value in squashfs_get_parent |
| CVE-2025-40050 | 2025-10-28 | bpf: Skip scalar adjustment for BPF_NEG if dst is a pointer |
| CVE-2025-40051 | 2025-10-28 | vhost: vringh: Modify the return value check |
| CVE-2025-40052 | 2025-10-28 | smb: client: fix crypto buffers in non-linear memory |
| CVE-2025-40053 | 2025-10-28 | net: dlink: handle copy_thresh allocation failure |
| CVE-2025-40054 | 2025-10-28 | f2fs: fix UAF issue in f2fs_merge_page_bio() |
| CVE-2025-40055 | 2025-10-28 | ocfs2: fix double free in user_cluster_connect() |
| CVE-2025-40056 | 2025-10-28 | vhost: vringh: Fix copy_to_iter return value check |
| CVE-2025-40057 | 2025-10-28 | ptp: Add a upper bound on max_vclocks |
| CVE-2025-40058 | 2025-10-28 | iommu/vt-d: Disallow dirty tracking if incoherent page walk |
| CVE-2025-40059 | 2025-10-28 | coresight: Fix incorrect handling for return value of devm_kzalloc |
| CVE-2025-40060 | 2025-10-28 | coresight: trbe: Return NULL pointer for allocation failures |
| CVE-2025-40061 | 2025-10-28 | RDMA/rxe: Fix race in do_task() when draining |
| CVE-2025-40062 | 2025-10-28 | crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs |
| CVE-2025-40063 | 2025-10-28 | crypto: comp - Use same definition of context alloc and free ops |
| CVE-2025-40064 | 2025-10-28 | smc: Fix use-after-free in __pnet_find_base_ndev(). |
| CVE-2025-40065 | 2025-10-28 | RISC-V: KVM: Write hgatp register with valid mode bits |
| CVE-2025-40066 | 2025-10-28 | wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links() |
| CVE-2025-40067 | 2025-10-28 | fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist |
| CVE-2025-40068 | 2025-10-28 | fs: ntfs3: Fix integer overflow in run_unpack() |
| CVE-2025-40069 | 2025-10-28 | drm/msm: Fix obj leak in VM_BIND error path |
| CVE-2025-40070 | 2025-10-28 | pps: fix warning in pps_register_cdev when register device fail |
| CVE-2025-40071 | 2025-10-28 | tty: n_gsm: Don't block input queue by waiting MSC |
| CVE-2025-40072 | 2025-10-28 | fanotify: Validate the return value of mnt_ns_from_dentry() before dereferencing |
| CVE-2025-40073 | 2025-10-28 | drm/msm: Do not validate SSPP when it is not ready |
| CVE-2025-40074 | 2025-10-28 | ipv4: start using dst_dev_rcu() |
| CVE-2025-40075 | 2025-10-28 | tcp_metrics: use dst_dev_net_rcu() |
| CVE-2025-40076 | 2025-10-28 | PCI: rcar-host: Pass proper IRQ domain to generic_handle_domain_irq() |
| CVE-2025-40077 | 2025-10-28 | f2fs: fix to avoid overflow while left shift operation |
| CVE-2025-40078 | 2025-10-28 | bpf: Explicitly check accesses to bpf_sock_addr |
| CVE-2025-40079 | 2025-10-28 | riscv, bpf: Sign extend struct ops return values properly |
| CVE-2025-40080 | 2025-10-28 | nbd: restrict sockets to TCP and UDP |
| CVE-2025-40081 | 2025-10-28 | perf: arm_spe: Prevent overflow in PERF_IDX2OFF() |
| CVE-2025-40082 | 2025-10-28 | hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() |
| CVE-2025-9313 | 2025-10-28 | Unauthorized database access in Asseco mMedica |
| CVE-2025-1036 | 2025-10-28 | Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on... |
| CVE-2025-1037 | 2025-10-28 | By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH)... |
| CVE-2025-1038 | 2025-10-28 | The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of... |
| CVE-2025-12390 | 2025-10-28 | Org.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session id |
| CVE-2025-12103 | 2025-10-28 | Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace |
| CVE-2025-53814 | 2025-10-28 | A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can... |
| CVE-2025-53855 | 2025-10-28 | An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker... |
| CVE-2025-12380 | 2025-10-28 | Use-after-free in WebGPU internals triggered from a compromised child process |
| CVE-2025-34303 | 2025-10-28 | IPFire < v2.29 Stored XSS via Whitelisted Host Creation |
| CVE-2025-34313 | 2025-10-28 | IPFire < v2.29 Stored XSS via User Quota Rule URL Filter |
| CVE-2025-34314 | 2025-10-28 | IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter |
| CVE-2025-34302 | 2025-10-28 | IPFire < v2.29 Stored XSS via Service Creation |
| CVE-2025-34315 | 2025-10-28 | IPFire < v2.29 Stored XSS via Remote Syslog Server Address |
| CVE-2025-34310 | 2025-10-28 | IPFire < v2.29 Stored XSS via Quality of Service (QoS) Settings |
| CVE-2025-34305 | 2025-10-28 | IPFire < v2.29 Stored XSS via Multiple Methods in cleanhtml() |
| CVE-2025-34316 | 2025-10-28 | IPFire < v2.29 Stored XSS via Mail Server Settings |
| CVE-2025-34301 | 2025-10-28 | IPFire < v2.29 Stored XSS via Location Group Creation |
| CVE-2025-34309 | 2025-10-28 | IPFire < v2.29 Stored XSS via Dynamic DNS Host |
| CVE-2025-34317 | 2025-10-28 | IPFire < v2.29 Stored XSS via DNS Creation (dns.cgi) |
| CVE-2025-34318 | 2025-10-28 | IPFire < v2.29 Stored XSS via DNS Creation (proxy.cgi) |
| CVE-2025-34308 | 2025-10-28 | IPFire < v2.29 Stored XSS via Default Time Sync |
| CVE-2025-34306 | 2025-10-28 | IPFire < v2.29 Stored XSS via Default IP Search Value |
| CVE-2025-34307 | 2025-10-28 | IPFire < v2.29 Stored XSS via Default Country Search |
| CVE-2025-34304 | 2025-10-28 | IPFire < v2.29 SQL Injection via OpenVPN Connection Logs |
| CVE-2025-34312 | 2025-10-28 | IPFire < v2.29 Command Injection via URL Filter Blacklist |
| CVE-2025-34311 | 2025-10-28 | IPFire < v2.29 Command Injection via Proxy Report Creation |
| CVE-2025-36081 | 2025-10-28 | Multiple Vulnerabilities in IBM Concert Software. |
| CVE-2025-36083 | 2025-10-28 | Multiple Vulnerabilities in IBM Concert Software. |
| CVE-2025-36085 | 2025-10-28 | Multiple Vulnerabilities in IBM Concert Software. |
| CVE-2025-34294 | 2025-10-28 | Wazuh File Integrity Monitoring (FIM) & Active Response Arbitrary File Deletion as SYSTEM |
| CVE-2025-36386 | 2025-10-28 | There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics |
| CVE-2025-12422 | 2025-10-28 | Vulnerable Upgrade Feature (Arbitrary File Write) |
| CVE-2025-12423 | 2025-10-28 | Denial of Service - Protocol Manipulation |
| CVE-2025-12424 | 2025-10-28 | Privilege Escalation through SUID-bit Binary |
| CVE-2025-12425 | 2025-10-28 | Local Privilege Escalation |
| CVE-2025-40843 | 2025-10-28 | Buffer overflow in CodeChecker log command |
| CVE-2025-27093 | 2025-10-28 | Sliver does not restricted traffic between Wireguard clients. |
| CVE-2025-59837 | 2025-10-28 | astro allows bypass of image proxy domain validation leading to SSRF and potential XSS |