8.7
CVE-2025-4450 - D-Link DIR-619L formSetEasy_Wizard buffer overflow
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.04B04. Affected is the function formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosureβ¦
8.7
CVE-2025-4449 - D-Link DIR-619L formEasySetupWizard3 buffer overflow
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.04B04. This issue affects the function formEasySetupWizard3. The manipulation of the argument wan_connected leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about thiβ¦
8.7
CVE-2025-4448 - D-Link DIR-619L formEasySetupWizard buffer overflow
A vulnerability classified as critical was found in D-Link DIR-619L 2.04B04. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure. Thβ¦
8.6
CVE-2025-4446 - H3C GR-5400AX aspForm Edit_List_SSID buffer overflow
A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within the local network.
5.3
CVE-2025-4445 - D-Link DIR-605L wake_on_lan command injection
A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01. Affected is the function wake_on_lan. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure. This vulnerabiβ¦
5.5
CVE-2025-37887 - pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev infoβ¦
5.5
CVE-2025-37886 - pds_core: make wait_context part of q_info
In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than a stack variable that goes away after pdsc_adminq_post() is done so that the context is still available after the wait β¦
7.8
CVE-2025-37885 - KVM: x86: Reset IRTE to host control if *new* route isn't postable
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routiβ¦
5.5
CVE-2025-37884 - bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace() β¦
5.5
CVE-2025-37881 - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the β¦