5.5
CVE-2025-21801 - net: ravb: Fix missing rtnl lock in suspend/resume path
In the Linux kernel, the following vulnerability has been resolved: net: ravb: Fix missing rtnl lock in suspend/resume path Fix the suspend/resume path by ensuring the rtnl lock is held where required. Calls to ravb_open, ravb_close and wol operations must be performed under the rtnl lock to prevβ¦
5.5
CVE-2025-21773 - can: etas_es58x: fix potential NULL pointer dereference on udev->serial
In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: fix potential NULL pointer dereference on udev->serial The driver assumed that es58x_dev->udev->serial could never be NULL. While this is true on commercially available devices, an attacker could spoof the deviceβ¦
5.5
CVE-2025-21710 - tcp: correct handling of extreme memory squeeze
In the Linux kernel, the following vulnerability has been resolved: tcp: correct handling of extreme memory squeeze Testing with iperf3 using the "pasta" protocol splicer has revealed a problem in the way tcp handles window advertising in extreme memory squeeze situations. Under memory pressure,β¦
5.3
CVE-2024-38290 -
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
5.5
CVE-2024-58021 - HID: winwing: Add NULL check in winwing_init_led()
In the Linux kernel, the following vulnerability has been resolved: HID: winwing: Add NULL check in winwing_init_led() devm_kasprintf() can return a NULL pointer on failure,but this returned value in winwing_init_led() is not checked. Add NULL check in winwing_init_led(), to handle kernel NULL poβ¦
7.8
CVE-2024-57990 - wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write.
7.5
CVE-2025-25759 -
An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request.
5.5
CVE-2025-25325 -
An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.
5.5
CVE-2025-21778 - tracing: Do not allow mmap() of persistent ring buffer
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap() of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reserve_mem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 #PF: supervisorβ¦
5.5
CVE-2024-57975 - btrfs: do proper folio cleanup when run_delalloc_nocow() failed
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when run_delalloc_nocow() failed [BUG] With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash with the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range faiβ¦