Total
33466 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41079 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-10-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA. Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack. | ||||
| CVE-2024-41082 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-10-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of admin_q. If a reset (nvme reset or IO timeout) occurs before these commands finish, reconnect routine may fail to update nvme regs due to insufficient tags, which will cause kernel hang forever. In order to workaround this issue, maybe we can let reg_read32()/reg_read64()/reg_write32() use reserved tags. This maybe safe for nvmf: 1. For the disable ctrl path, we will not issue connect command 2. For the enable ctrl / fw activate path, since connect and reg_xx() are called serially. So the reserved tags may still be enough while reg_xx() use reserved tags. | ||||
| CVE-2024-41086 | 1 Linux | 1 Linux Kernel | 2025-10-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section - for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section | ||||
| CVE-2025-54871 | 2 Electroncapture, Steveseguin | 2 Electron Capture, Electroncapture | 2025-10-09 | 5.5 Medium |
| Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2.20.0. | ||||
| CVE-2023-5557 | 2 Gnome, Redhat | 6 Tracker Miners, Enterprise Linux, Rhel Aus and 3 more | 2025-10-09 | 7.5 High |
| A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. | ||||
| CVE-2023-36038 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2025-10-09 | 8.2 High |
| ASP.NET Core Denial of Service Vulnerability | ||||
| CVE-2023-36049 | 2 Microsoft, Redhat | 18 .net, .net Framework, Visual Studio 2022 and 15 more | 2025-10-09 | 7.6 High |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2023-36558 | 2 Microsoft, Redhat | 5 .net, Asp.net Core, Visual Studio 2022 and 2 more | 2025-10-09 | 6.2 Medium |
| ASP.NET Core Security Feature Bypass Vulnerability | ||||
| CVE-2023-36719 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-09 | 7.8 High |
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | ||||
| CVE-2023-36014 | 1 Microsoft | 1 Edge Chromium | 2025-10-09 | 7.3 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2023-36018 | 1 Microsoft | 1 Jupyter | 2025-10-09 | 7.8 High |
| Visual Studio Code Jupyter Extension Spoofing Vulnerability | ||||
| CVE-2023-36422 | 1 Microsoft | 1 Windows Defender | 2025-10-09 | 7.8 High |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | ||||
| CVE-2023-36028 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-10-09 | 9.8 Critical |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | ||||
| CVE-2023-36022 | 1 Microsoft | 1 Edge Chromium | 2025-10-09 | 6.6 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2023-36021 | 1 Microsoft | 1 On-prem Data Gateway | 2025-10-09 | 8 High |
| Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | ||||
| CVE-2023-36030 | 1 Microsoft | 1 Dynamics 365 | 2025-10-08 | 6.1 Medium |
| Microsoft Dynamics 365 Sales Spoofing Vulnerability | ||||
| CVE-2023-36029 | 1 Microsoft | 1 Edge | 2025-10-08 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2023-36035 | 1 Microsoft | 1 Exchange Server | 2025-10-08 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-36037 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-10-08 | 7.8 High |
| Microsoft Excel Security Feature Bypass Vulnerability | ||||
| CVE-2023-36045 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-10-08 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||