CVE-2025-40172 - accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()
CVE ID : CVE-2025-40172
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Currently, if find_and_map_user_pages() takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAIC_TRANS_DMA_XFER_CONT from the device where resources->xferred_dma_size is equal to the requested transaction size, the function will return 0 before allocating an sgt or setting the fields of the dma_xfer struct. In that case, encode_addr_size_pairs() will try to access the sgt which will lead to a general protection fault. Return an EINVAL in case the user provides a zero-sized ALP, or the device requests continuation after all of the bytes have been transferred.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40172
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Currently, if find_and_map_user_pages() takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAIC_TRANS_DMA_XFER_CONT from the device where resources->xferred_dma_size is equal to the requested transaction size, the function will return 0 before allocating an sgt or setting the fields of the dma_xfer struct. In that case, encode_addr_size_pairs() will try to access the sgt which will lead to a general protection fault. Return an EINVAL in case the user provides a zero-sized ALP, or the device requests continuation after all of the bytes have been transferred.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40173 - net/ip6_tunnel: Prevent perpetual tunnel growth
CVE ID : CVE-2025-40173
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net/ip6_tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too. While ipv4 tunnel headroom adjustment growth was limited in commit 5ae1e9922bbd ("net: ip_tunnel: prevent perpetual headroom growth"), ipv6 tunnel yet increases the headroom without any ceiling. Reflect ipv4 tunnel headroom adjustment limit on ipv6 version. Credits to Francesco Ruggeri, who was originally debugging this issue and wrote local Arista-specific patch and a reproducer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40173
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net/ip6_tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too. While ipv4 tunnel headroom adjustment growth was limited in commit 5ae1e9922bbd ("net: ip_tunnel: prevent perpetual headroom growth"), ipv6 tunnel yet increases the headroom without any ceiling. Reflect ipv4 tunnel headroom adjustment limit on ipv6 version. Credits to Francesco Ruggeri, who was originally debugging this issue and wrote local Arista-specific patch and a reproducer.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40174 - x86/mm: Fix SMP ordering in switch_mm_irqs_off()
CVE ID : CVE-2025-40174
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the ordering against flush_tlb_mm_range() goes out the window, and it becomes possible for switch_mm() to not observe a recent tlb_gen update and fail to flush the TLBs. [ dhansen: merge conflict fixed by Ingo ]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40174
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the ordering against flush_tlb_mm_range() goes out the window, and it becomes possible for switch_mm() to not observe a recent tlb_gen update and fail to flush the TLBs. [ dhansen: merge conflict fixed by Ingo ]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40175 - idpf: cleanup remaining SKBs in PTP flows
CVE ID : CVE-2025-40175
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps. Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40175
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never consumed by PTP flows - for example due to reset during running PTP apps. Add a check in release timestamping function to verify if the SKB assigned to Tx timestamp latch was freed, and release remaining SKBs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40176 - tls: wait for pending async decryptions if tls_strp_msg_hold fails
CVE ID : CVE-2025-40176
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with async decryption can lead to various issues (UAF on the skb, writing into userspace memory after the recv() call has returned). In this case, wait for all pending decryption requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40176
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with async decryption can lead to various issues (UAF on the skb, writing into userspace memory after the recv() call has returned). In this case, wait for all pending decryption requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40177 - accel/qaic: Fix bootlog initialization ordering
CVE ID : CVE-2025-40177
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to queuing the buffers. We currently initialize some of the resources after queuing the buffers which creates a race between the probe() and any data that comes back from the device. If the uninitialized resources are accessed, we could see page faults. Fix the init ordering to close the race.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40177
Published : Nov. 12, 2025, 11:15 a.m. | 3 hours, 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to queuing the buffers. We currently initialize some of the resources after queuing the buffers which creates a race between the probe() and any data that comes back from the device. If the uninitialized resources are accessed, we could see page faults. Fix the init ordering to close the race.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12998 - Broken Authentication in extension “Modules” (modules)
CVE ID : CVE-2025-12998
Published : Nov. 12, 2025, 12:15 p.m. | 2 hours, 42 minutes ago
Description : Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12998
Published : Nov. 12, 2025, 12:15 p.m. | 2 hours, 42 minutes ago
Description : Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62876 - Lightdm-Kde-Greeter Execution Privilege Escalation Vulnerability
CVE ID : CVE-2025-62876
Published : Nov. 12, 2025, 1:15 p.m. | 1 hour, 42 minutes ago
Description : A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62876
Published : Nov. 12, 2025, 1:15 p.m. | 1 hour, 42 minutes ago
Description : A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11565 - Apache Web Admin Path Traversal
CVE ID : CVE-2025-11565
Published : Nov. 12, 2025, 2:15 p.m. | 42 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11565
Published : Nov. 12, 2025, 2:15 p.m. | 42 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11566 - Apache HTTP Server Brute Force Authentication Bypass
CVE ID : CVE-2025-11566
Published : Nov. 12, 2025, 2:15 p.m. | 42 minutes ago
Description : CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11566
Published : Nov. 12, 2025, 2:15 p.m. | 42 minutes ago
Description : CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11567 - Citrix Vulnerability: Unsecured Installation Folder Permissions
CVE ID : CVE-2025-11567
Published : Nov. 12, 2025, 2:15 p.m. | 42 minutes ago
Description : CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11567
Published : Nov. 12, 2025, 2:15 p.m. | 42 minutes ago
Description : CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63289 - Sogexia Android App Insecure Key Storage
CVE ID : CVE-2025-63289
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63289
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63353 - FiberHome GPON ONU HG6145F1 Predictable Default Wi-Fi Password Vulnerability
CVE ID : CVE-2025-63353
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63353
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64280 - CentralSquare Community Development SQL Injection Vulnerability
CVE ID : CVE-2025-64280
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64280
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64281 - CentralSquare Community Development Authentication Bypass Vulnerability
CVE ID : CVE-2025-64281
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64281
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64293 - WordPress 0 Day Analytics plugin <= 4.0.0 - SQL Injection vulnerability
CVE ID : CVE-2025-64293
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through 4.0.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64293
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through 4.0.0.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9316 - N-central unauthenticated sessionID generation
CVE ID : CVE-2025-9316
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9316
Published : Nov. 12, 2025, 4:15 p.m. | 2 hours, 42 minutes ago
Description : N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11795 - JPG File Parsing Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-11795
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11795
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11797 - DWG File Parsing Use-After-Free Vulnerability
CVE ID : CVE-2025-11797
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11797
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13042 - Google Chrome Heap Corruption Vulnerability
CVE ID : CVE-2025-13042
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13042
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2843 - Observability-operator: observability operator privilege escalation
CVE ID : CVE-2025-2843
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cluster level by impersonating the ServiceAccount created by the Operator, resulting in privilege escalation and other issues.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2843
Published : Nov. 12, 2025, 5:15 p.m. | 1 hour, 42 minutes ago
Description : A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cluster level by impersonating the ServiceAccount created by the Operator, resulting in privilege escalation and other issues.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...