Lista CVE - 2025 / Giugno
Visualizzazione 2401 - 2500 di 3683 CVE per Giugno 2025 (Pagina 25 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-50183 | 2025-06-18 | drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init |
| CVE-2022-50184 | 2025-06-18 | drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init |
| CVE-2022-50185 | 2025-06-18 | drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() |
| CVE-2022-50186 | 2025-06-18 | ath11k: fix missing skb drop on htc_tx_completion error |
| CVE-2022-50187 | 2025-06-18 | ath11k: fix netdev open race |
| CVE-2022-50188 | 2025-06-18 | drm/meson: Fix refcount leak in meson_encoder_hdmi_init |
| CVE-2022-50189 | 2025-06-18 | tools/power turbostat: Fix file pointer leak |
| CVE-2022-50190 | 2025-06-18 | spi: Fix simplification of devm_spi_register_controller |
| CVE-2022-50191 | 2025-06-18 | regulator: of: Fix refcount leak bug in of_get_regulation_constraints() |
| CVE-2022-50192 | 2025-06-18 | spi: tegra20-slink: fix UAF in tegra_slink_remove() |
| CVE-2022-50193 | 2025-06-18 | erofs: wake up all waiters after z_erofs_lzma_head ready |
| CVE-2022-50194 | 2025-06-18 | soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register |
| CVE-2022-50195 | 2025-06-18 | ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock |
| CVE-2022-50196 | 2025-06-18 | soc: qcom: ocmem: Fix refcount leak in of_get_ocmem |
| CVE-2022-50197 | 2025-06-18 | cpufreq: zynq: Fix refcount leak in zynq_get_revision |
| CVE-2022-50198 | 2025-06-18 | ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init |
| CVE-2022-50199 | 2025-06-18 | ARM: OMAP2+: Fix refcount leak in omapdss_init_of |
| CVE-2022-50200 | 2025-06-18 | selinux: Add boundary check in put_entry() |
| CVE-2022-50201 | 2025-06-18 | selinux: fix memleak in security_read_state_kernel() |
| CVE-2022-50202 | 2025-06-18 | PM: hibernate: defer device probing when resuming from hibernation |
| CVE-2022-50203 | 2025-06-18 | ARM: OMAP2+: display: Fix refcount leak bug |
| CVE-2022-50204 | 2025-06-18 | ARM: OMAP2+: pdata-quirks: Fix refcount leak bug |
| CVE-2022-50205 | 2025-06-18 | ext2: Add more validity checks for inode counts |
| CVE-2022-50206 | 2025-06-18 | arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-50207 | 2025-06-18 | ARM: bcm: Fix refcount leak in bcm_kona_smc_init |
| CVE-2022-50208 | 2025-06-18 | soc: amlogic: Fix refcount leak in meson-secure-pwrc.c |
| CVE-2022-50209 | 2025-06-18 | meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init |
| CVE-2022-50210 | 2025-06-18 | MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK |
| CVE-2022-50211 | 2025-06-18 | md-raid10: fix KASAN warning |
| CVE-2022-50212 | 2025-06-18 | netfilter: nf_tables: do not allow CHAIN_ID to refer to another table |
| CVE-2022-50213 | 2025-06-18 | netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-50214 | 2025-06-18 | coresight: Clear the connection field properly |
| CVE-2022-50215 | 2025-06-18 | scsi: sg: Allow waiting for commands to complete on removed device |
| CVE-2022-50217 | 2025-06-18 | fuse: write inode in fuse_release() |
| CVE-2022-50218 | 2025-06-18 | iio: light: isl29028: Fix the warning in isl29028_remove() |
| CVE-2022-50219 | 2025-06-18 | bpf: Fix KASAN use-after-free Read in compute_effective_progs |
| CVE-2022-50220 | 2025-06-18 | usbnet: Fix linkwatch use-after-free on disconnect |
| CVE-2022-50221 | 2025-06-18 | drm/fb-helper: Fix out-of-bounds access |
| CVE-2022-50222 | 2025-06-18 | tty: vt: initialize unicode screen buffer |
| CVE-2022-50223 | 2025-06-18 | LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK |
| CVE-2022-50224 | 2025-06-18 | KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT |
| CVE-2022-50225 | 2025-06-18 | riscv:uprobe fix SR_SPIE set/clear handling |
| CVE-2022-50226 | 2025-06-18 | crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak |
| CVE-2022-50227 | 2025-06-18 | KVM: x86/xen: Initialize Xen timer only once |
| CVE-2022-50228 | 2025-06-18 | KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 |
| CVE-2022-50229 | 2025-06-18 | ALSA: bcd2000: Fix a UAF bug on the error path of probing |
| CVE-2022-50230 | 2025-06-18 | arm64: set UXN on swapper page tables |
| CVE-2022-50231 | 2025-06-18 | crypto: arm64/poly1305 - fix a read out-of-bound |
| CVE-2022-50232 | 2025-06-18 | arm64: set UXN on swapper page tables |
| CVE-2025-6220 | 2025-06-18 | Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' |
| CVE-2025-6240 | 2025-06-18 | Profisee Path Traversal Vulnerability |
| CVE-2024-54183 | 2025-06-18 | IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting |
| CVE-2025-4820 | 2025-06-18 | Incorrect congestion window growth by optimistic ACK |
| CVE-2025-4821 | 2025-06-18 | Incorrect congestion window growth by invalid ACK ranges |
| CVE-2025-36048 | 2025-06-18 | IBM webMethods Integration Sever code execution |
| CVE-2025-36049 | 2025-06-18 | IBM webMethods Integration Sever XML external entity injection |
| CVE-2024-54172 | 2025-06-18 | IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site request forgery |
| CVE-2025-1348 | 2025-06-18 | IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure |
| CVE-2025-20234 | 2025-06-18 | ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2025-1349 | 2025-06-18 | IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting |
| CVE-2025-20271 | 2025-06-18 | Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability |
| CVE-2025-20260 | 2025-06-18 | ClamAV PDF Scanning Buffer Overflow Vulnerability |
| CVE-2025-6191 | 2025-06-18 | Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:... |
| CVE-2025-6192 | 2025-06-18 | Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-49590 | 2025-06-18 | CryptPad Dom-Based Cross-Site Scripting (XSS) Vulnerability |
| CVE-2025-49591 | 2025-06-18 | CryptPad 2FA Bypass Vulnerability |
| CVE-2025-24287 | 2025-06-18 | A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions. |
| CVE-2025-23121 | 2025-06-18 | A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user |
| CVE-2025-23170 | 2025-06-18 | The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command... |
| CVE-2025-23169 | 2025-06-18 | The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or... |
| CVE-2025-23173 | 2025-06-18 | The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible... |
| CVE-2025-23172 | 2025-06-18 | The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an... |
| CVE-2025-24286 | 2025-06-18 | A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. |
| CVE-2025-23168 | 2025-06-18 | The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing... |
| CVE-2025-23171 | 2025-06-18 | The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to... |
| CVE-2024-45208 | 2025-06-18 | The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA)... |
| CVE-2025-24291 | 2025-06-18 | The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments... |
| CVE-2025-24288 | 2025-06-18 | The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize... |
| CVE-2025-50181 | 2025-06-19 | urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation |
| CVE-2025-50182 | 2025-06-19 | urllib3 does not control redirects in browsers and Node.js |
| CVE-2025-6201 | 2025-06-19 | Pixel Manager for WooCommerce (PRO) <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode |
| CVE-2025-50183 | 2025-06-19 | OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer |
| CVE-2025-4661 | 2025-06-19 | Path transversal vulnerability potentially leading to sensitive information disclosure |
| CVE-2025-52467 | 2025-06-19 | pgai secrets exfiltration via `pull_request_target` |
| CVE-2025-50201 | 2025-06-19 | WeGIA OS Command Injection in debug_info.php parameter 'branch' |
| CVE-2025-4367 | 2025-06-19 | Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode |
| CVE-2025-4479 | 2025-06-19 | ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget |
| CVE-2025-52474 | 2025-06-19 | WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint |
| CVE-2025-5524 | 2025-06-19 | OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag |
| CVE-2025-5490 | 2025-06-19 | Football Pool <= 2.12.4 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2025-4571 | 2025-06-19 | GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification |
| CVE-2025-4965 | 2025-06-19 | WPBakery Page Builder <= 8.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via Grid Builder |
| CVE-2025-5071 | 2025-06-19 | AI Engine 2.8.0 - 2.8.3 - Authenticated (Subscriber+) Insufficient Authorization to Privilege Escalation via MCP |
| CVE-2025-5234 | 2025-06-19 | Gutenverse News <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via elementId Parameter |
| CVE-2025-49763 | 2025-06-19 | Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin |
| CVE-2025-31698 | 2025-06-19 | Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL |
| CVE-2025-32896 | 2025-06-19 | Apache SeaTunnel: Unauthenticated insecure access |
| CVE-2025-6019 | 2025-06-19 | Libblockdev: lpe from allow_active to root in libblockdev via udisks |
| CVE-2025-6266 | 2025-06-19 | Teledyne FLIR AX8 upload.php unrestricted upload |
| CVE-2025-4738 | 2025-06-19 | Authenticated SQLi in Yirmibes Software's MY ERP |