7.1
CVE-2022-49945 - hwmon: (gpio-fan) Fix array out of bounds access
In the Linux kernel, the following vulnerability has been resolved: hwmon: (gpio-fan) Fix array out of bounds access The driver does not check if the cooling state passed to gpio_fan_set_cur_state() exceeds the maximum cooling state as stored in fan_data->num_speeds. Since the cooling state is laβ¦
5.5
CVE-2025-38070 - ASoC: sma1307: Add NULL check in sma1307_setting_loaded()
In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: Add NULL check in sma1307_setting_loaded() All varibale allocated by kzalloc and devm_kzalloc could be NULL. Multiple pointer checks and their cleanup are added. This issue is found by our static analysis tool
8.8
CVE-2025-46109 -
SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request
5.5
CVE-2022-50088 - mm/damon/reclaim: fix potential memory leak in damon_reclaim_init()
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() damon_reclaim_init() allocates a memory chunk for ctx with damon_new_ctx(). When damon_select_ops() fails, ctx is not released, which will lead to a memory leakβ¦
7.8
CVE-2025-44952 -
A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101.
5.5
CVE-2022-50063 - net: dsa: felix: suppress non-changes to the tagging protocol
In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way in which dsa_tree_change_tag_proto() works is that when dsa_tree_notify() fails, it doesn't know whether the operation failed mid way in a multi-switch tree, oβ¦
4.7
CVE-2025-38073 - kernel: block: fix race between set_blocksize and read paths
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2022-50010 - video: fbdev: i740fb: Check the argument of i740_calc_vclk()
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: i740fb: Check the argument of i740_calc_vclk() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug. If the user provides an iβ¦
7.1
CVE-2022-49948 - vt: Clear selection before changing the font
In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thusβ¦
9.9
CVE-2025-46157 -
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form