Количество 19 519
Количество 19 519
CVE-2025-7458
SQLite integer overflow in key info allocation may lead to information disclosure.
CVE-2025-7425
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
CVE-2025-7424
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
CVE-2025-7395
Domain Name Validation Bypass with Apple Native Certificate Validation
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.
CVE-2025-7345
Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf
CVE-2025-7339
on-headers vulnerable to http response header manipulation
CVE-2025-7207
mruby nregs codegen.c scope_new heap-based overflow
CVE-2025-71269
btrfs: do not free data reservation in fallback from inline due to -ENOSPC
CVE-2025-71267
fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
CVE-2025-71266
fs: ntfs3: check return value of indx_find to avoid infinite loop
CVE-2025-71265
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
CVE-2025-71239
audit: add fchmodat2() to change attributes class
CVE-2025-71238
scsi: qla2xxx: Fix bsg_done() causing double free
CVE-2025-71237
nilfs2: Fix potential block overflow that cause system hang
CVE-2025-71236
scsi: qla2xxx: Validate sp before freeing associated memory
CVE-2025-71235
scsi: qla2xxx: Delay module unload while fabric scan in progress
CVE-2025-71234
wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
CVE-2025-71233
PCI: endpoint: Avoid creating sub-groups asynchronously
CVE-2025-71232
scsi: qla2xxx: Free sp in error path to fix system crash
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-7458 SQLite integer overflow in key info allocation may lead to information disclosure. | CVSS3: 9.1 | 0% Низкий | 8 месяцев назад |
| CVE-2025-7425 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr | CVSS3: 7.8 | 0% Низкий | 7 месяцев назад |
| CVE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes | CVSS3: 7.3 | 0% Низкий | 7 месяцев назад |
| CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation | 0% Низкий | 7 месяцев назад | |
| CVE-2025-7394 In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. | 0% Низкий | 7 месяцев назад | |
| CVE-2025-7345 Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2025-7339 on-headers vulnerable to http response header manipulation | 0% Низкий | 6 месяцев назад | |
| CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow | 0% Низкий | 7 месяцев назад | |
| CVE-2025-71269 btrfs: do not free data reservation in fallback from inline due to -ENOSPC | 0% Низкий | 9 дней назад | |
| CVE-2025-71267 fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST | CVSS3: 5.5 | 0% Низкий | 10 дней назад |
| CVE-2025-71266 fs: ntfs3: check return value of indx_find to avoid infinite loop | CVSS3: 5.5 | 0% Низкий | 10 дней назад |
| CVE-2025-71265 fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata | CVSS3: 5.5 | 0% Низкий | 10 дней назад |
| CVE-2025-71239 audit: add fchmodat2() to change attributes class | CVSS3: 5.5 | 0% Низкий | 11 дней назад |
| CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free | CVSS3: 6.2 | 0% Низкий | 24 дня назад |
| CVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang | CVSS3: 5.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memory | 0% Низкий | около 1 месяца назад | |
| CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress | CVSS3: 5.5 | 0% Низкий | 30 дней назад |
| CVE-2025-71234 wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add | 0% Низкий | около 1 месяца назад | |
| CVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronously | CVSS3: 8.4 | 0% Низкий | около 1 месяца назад |
| CVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash | CVSS3: 4.7 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу