Export limit exceeded: 34838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53181 | 1 Linux | 1 Linux Kernel | 2025-12-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: Stop leaking on krealloc() failure Currently dma_resv_get_fences() will leak the previously allocated array if the fence iteration got restarted and the krealloc_array() fails. Free the old array by hand, and make sure we still clear the returned *fences so the caller won't end up accessing freed memory. Some (but not all) of the callers of dma_resv_get_fences() seem to still trawl through the array even when dma_resv_get_fences() failed. And let's zero out *num_fences as well for good measure. | ||||
| CVE-2023-53185 | 1 Linux | 1 Linux Kernel | 2025-12-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services. Reject such service connection responses. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | ||||
| CVE-2023-53193 | 1 Linux | 1 Linux Kernel | 2025-12-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini The gmc.ecc_irq is enabled by firmware per IFWI setting, and the host driver is not privileged to enable/disable the interrupt. So, it is meaningless to use the amdgpu_irq_put function in gmc_v10_0_hw_fini, which also leads to the call trace. [ 82.340264] Call Trace: [ 82.340265] <TASK> [ 82.340269] gmc_v10_0_hw_fini+0x83/0xa0 [amdgpu] [ 82.340447] gmc_v10_0_suspend+0xe/0x20 [amdgpu] [ 82.340623] amdgpu_device_ip_suspend_phase2+0x127/0x1c0 [amdgpu] [ 82.340789] amdgpu_device_ip_suspend+0x3d/0x80 [amdgpu] [ 82.340955] amdgpu_device_pre_asic_reset+0xdd/0x2b0 [amdgpu] [ 82.341122] amdgpu_device_gpu_recover.cold+0x4dd/0xbb2 [amdgpu] [ 82.341359] amdgpu_debugfs_reset_work+0x4c/0x70 [amdgpu] [ 82.341529] process_one_work+0x21d/0x3f0 [ 82.341535] worker_thread+0x1fa/0x3c0 [ 82.341538] ? process_one_work+0x3f0/0x3f0 [ 82.341540] kthread+0xff/0x130 [ 82.341544] ? kthread_complete_and_exit+0x20/0x20 [ 82.341547] ret_from_fork+0x22/0x30 | ||||
| CVE-2025-64312 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 4.9 Medium |
| Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58305 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 6.2 Medium |
| Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58304 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 4.9 Medium |
| Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58302 | 1 Huawei | 2 Emui, Harmonyos | 2025-12-02 | 8.4 High |
| Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-64315 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 4.4 Medium |
| Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. | ||||
| CVE-2025-64313 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 5.3 Medium |
| Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-64311 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 5.1 Medium |
| Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58316 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 7.3 High |
| DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58315 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 5.5 Medium |
| Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58312 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 5.1 Medium |
| Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58309 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 6.8 Medium |
| Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2025-58294 | 1 Huawei | 1 Harmonyos | 2025-12-02 | 6.2 Medium |
| Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-11131 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-01 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2020-13956 | 5 Apache, Netapp, Oracle and 2 more | 27 Httpclient, Active Iq Unified Manager, Snapcenter and 24 more | 2025-12-01 | 5.3 Medium |
| Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | ||||
| CVE-2024-23683 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-11-28 | 8.2 High |
| Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||||
| CVE-2024-23682 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-11-28 | 8.2 High |
| Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||||
| CVE-2023-30804 | 1 Sangfor | 1 Next-gen Application Firewall | 2025-11-28 | 4.9 Medium |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803. | ||||