7.1
CVE-2025-21782 - orangefs: fix a oob in orangefs_debug_write
In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch.
5.5
CVE-2024-58001 - ocfs2: handle a symlink read error correctly
In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, anβ¦
7.5
CVE-2025-25760 -
A Server-Side Request Forgery (SSRF) in the component admin_webgather.php of SUCMS v1.0 allows attackers to access internal data and services via a crafted GET request.
5.5
CVE-2024-57989 - wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL but this returned value is not checked.
5.4
CVE-2024-53408 -
AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerability.
5.5
CVE-2024-57981 - usb: xhci: Fix NULL pointer dereference on certain command aborts
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is lateβ¦
5.5
CVE-2025-21816 - hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
In the Linux kernel, the following vulnerability has been resolved: hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling taβ¦
5.5
CVE-2025-21824 - gpu: host1x: Fix a use of uninitialized mutex
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra") caused a use of uninitialized mutex leading to below warning when CONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC aβ¦
7.5
CVE-2025-25729 -
An information disclosure vulnerability in Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 allows attackers to obtain hardcoded cleartext credentials via the update or boot process.
5.5
CVE-2025-21740 - kernel: KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.