Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~301148 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-04-29 | CVE-2013-2015 | The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. | Linux_kernel, Enterprise_linux, Enterprise_mrg | N/A | ||
| 2013-05-03 | CVE-2013-1979 | The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. | Linux_kernel | N/A | ||
| 2013-05-03 | CVE-2013-1959 | kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. | Linux_kernel | N/A | ||
| 2013-04-24 | CVE-2013-1958 | The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. | Linux_kernel | N/A | ||
| 2013-04-24 | CVE-2013-1957 | The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. | Linux_kernel | N/A | ||
| 2013-04-24 | CVE-2013-1956 | The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. | Linux_kernel | N/A | ||
| 2013-07-16 | CVE-2013-1943 | The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. | Ubuntu_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_eus | 7.8 |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2025-08-20 | CVE-2024-39954 | CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue. | N/A | N/A | |
| 2025-08-19 | CVE-2025-38554 | In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a reproducer for a hard to hit UAF issue that became possible after VMAs were allowed to be recycled by adding SLAB_TYPESAFE_BY_RCU to their cache. Race description is borrowed from Jann's discovery report: lock_vma_under_rcu() looks up a VMA locklessly with mas_walk() under rcu_read_lock(). At... | N/A | N/A | |
| 2025-08-19 | CVE-2025-38555 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function. 2. in func configfs_composite_bind() -> composite_dev_cleanup(): it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it will attempt... | N/A | N/A | |
| 2025-08-19 | CVE-2025-38556 | In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the... | N/A | N/A | |
| 2025-08-19 | CVE-2025-38557 | In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL pointer dereference whilst the power feature-report is toggled and sent to the device in apple_magic_backlight_report_set(). The power feature-report is expected to have two data fields, but if the descriptor declares one field then accessing field[1] and... | N/A | N/A | |
| 2025-08-19 | CVE-2025-38558 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34aca ("usb: gadget: uvc: Allow creating new color matching descriptors") that added handling for uncompressed and mjpeg format. Crash is seen when userspace configuration (via configfs) does... | N/A | N/A | |
| 2025-08-19 | CVE-2025-38559 | In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70... | N/A | N/A |