CVE List - 2025 / October
Showing 601 - 700 of 4280 CVEs for October 2025 (Page 7 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-53559 | 2025-10-04 | ip_vti: fix potential slab-use-after-free in decode_session6 |
| CVE-2023-53560 | 2025-10-04 | tracing/histograms: Add histograms to hist_vars if they have referenced variables |
| CVE-2023-53561 | 2025-10-04 | net: wwan: iosm: fix NULL pointer dereference when removing device |
| CVE-2023-53562 | 2025-10-04 | drm/msm: fix vram leak on bind errors |
| CVE-2023-53563 | 2025-10-04 | cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver |
| CVE-2023-53564 | 2025-10-04 | ocfs2: fix defrag path triggering jbd2 ASSERT |
| CVE-2023-53565 | 2025-10-04 | wifi: brcmfmac: Check for probe() id argument being NULL |
| CVE-2023-53566 | 2025-10-04 | netfilter: nft_set_rbtree: fix null deref on element insertion |
| CVE-2023-53567 | 2025-10-04 | spi: qup: Don't skip cleanup in remove's error path |
| CVE-2023-53568 | 2025-10-04 | s390/zcrypt: don't leak memory if dev_set_name() fails |
| CVE-2023-53569 | 2025-10-04 | ext2: Check block size validity during mount |
| CVE-2023-53570 | 2025-10-04 | wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() |
| CVE-2023-53571 | 2025-10-04 | drm/i915: Make intel_get_crtc_new_encoder() less oopsy |
| CVE-2023-53572 | 2025-10-04 | clk: imx: scu: use _safe list iterator to avoid a use after free |
| CVE-2023-53573 | 2025-10-04 | clk: rs9: Fix suspend/resume |
| CVE-2023-53574 | 2025-10-04 | wifi: rtw88: delete timer and free skb queue when unloading |
| CVE-2023-53575 | 2025-10-04 | wifi: iwlwifi: mvm: fix potential array out of bounds access |
| CVE-2023-53576 | 2025-10-04 | null_blk: Always check queue mode setting from configfs |
| CVE-2023-53577 | 2025-10-04 | bpf, cpumap: Make sure kthread is running before map update returns |
| CVE-2023-53578 | 2025-10-04 | net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() |
| CVE-2023-53579 | 2025-10-04 | gpio: mvebu: fix irq domain leak |
| CVE-2022-50488 | 2025-10-04 | block, bfq: fix possible uaf for 'bfqq->bic' |
| CVE-2022-50489 | 2025-10-04 | drm/mipi-dsi: Detach devices when removing the host |
| CVE-2022-50490 | 2025-10-04 | bpf: Propagate error from htab_lock_bucket() to userspace |
| CVE-2022-50491 | 2025-10-04 | coresight: cti: Fix hang in cti_disable_hw() |
| CVE-2022-50492 | 2025-10-04 | drm/msm: fix use-after-free on probe deferral |
| CVE-2022-50493 | 2025-10-04 | scsi: qla2xxx: Fix crash when I/O abort times out |
| CVE-2022-50494 | 2025-10-04 | thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash |
| CVE-2022-50496 | 2025-10-04 | dm cache: Fix UAF in destroy() |
| CVE-2022-50497 | 2025-10-04 | binfmt_misc: fix shift-out-of-bounds in check_special_flags |
| CVE-2022-50498 | 2025-10-04 | eth: alx: take rtnl_lock on resume |
| CVE-2022-50499 | 2025-10-04 | media: dvb-core: Fix double free in dvb_register_device() |
| CVE-2022-50500 | 2025-10-04 | netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed |
| CVE-2022-50501 | 2025-10-04 | media: coda: Add check for dcoda_iram_alloc |
| CVE-2022-50503 | 2025-10-04 | mtd: lpddr2_nvm: Fix possible null-ptr-deref |
| CVE-2022-50504 | 2025-10-04 | powerpc/rtas: avoid scheduling in rtas_os_term() |
| CVE-2022-50505 | 2025-10-04 | iommu/amd: Fix pci device refcount leak in ppr_notifier() |
| CVE-2022-50506 | 2025-10-04 | drbd: only clone bio if we have a backing device |
| CVE-2022-50507 | 2025-10-04 | fs/ntfs3: Validate data run offset |
| CVE-2022-50508 | 2025-10-04 | wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power |
| CVE-2023-53580 | 2025-10-04 | USB: Gadget: core: Help prevent panic during UVC unconfigure |
| CVE-2023-53581 | 2025-10-04 | net/mlx5e: Check for NOT_READY flag state after locking |
| CVE-2023-53582 | 2025-10-04 | wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds |
| CVE-2023-53583 | 2025-10-04 | perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() |
| CVE-2023-53584 | 2025-10-04 | ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process |
| CVE-2023-53585 | 2025-10-04 | bpf: reject unhashed sockets in bpf_sk_assign |
| CVE-2023-53586 | 2025-10-04 | scsi: target: Fix multiple LUN_RESET handling |
| CVE-2023-53587 | 2025-10-04 | ring-buffer: Sync IRQ works before buffer destruction |
| CVE-2023-53588 | 2025-10-04 | wifi: mac80211: check for station first in client probe |
| CVE-2023-53589 | 2025-10-04 | wifi: iwlwifi: mvm: don't trust firmware n_channels |
| CVE-2023-53590 | 2025-10-04 | sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop |
| CVE-2023-53591 | 2025-10-04 | net/mlx5e: Fix deadlock in tc route query code |
| CVE-2023-53592 | 2025-10-04 | gpio: sifive: Fix refcount leak in sifive_gpio_probe |
| CVE-2023-53593 | 2025-10-04 | cifs: Release folio lock on fscache read hit. |
| CVE-2023-53594 | 2025-10-04 | driver core: fix resource leak in device_add() |
| CVE-2023-53595 | 2025-10-04 | octeontx2-pf: mcs: Fix NULL pointer dereferences |
| CVE-2023-53596 | 2025-10-04 | drivers: base: Free devm resources when unregistering a device |
| CVE-2023-53597 | 2025-10-04 | cifs: fix mid leak during reconnection after timeout threshold |
| CVE-2023-53598 | 2025-10-04 | bus: mhi: host: Range check CHDBOFF and ERDBOFF |
| CVE-2023-53599 | 2025-10-04 | crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390 |
| CVE-2023-53600 | 2025-10-04 | tunnels: fix kasan splat when generating ipv4 pmtu error |
| CVE-2023-53601 | 2025-10-04 | bonding: do not assume skb mac_header is set |
| CVE-2023-53602 | 2025-10-04 | wifi: ath11k: fix memory leak in WMI firmware stats |
| CVE-2023-53603 | 2025-10-04 | scsi: qla2xxx: Avoid fcport pointer dereference |
| CVE-2023-53604 | 2025-10-04 | dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path |
| CVE-2023-53605 | 2025-10-04 | drm: amd: display: Fix memory leakage |
| CVE-2023-53606 | 2025-10-04 | nfsd: clean up potential nfsd_file refcount leaks in COPY codepath |
| CVE-2023-53607 | 2025-10-04 | ALSA: ymfpci: Fix BUG_ON in probe function |
| CVE-2023-53608 | 2025-10-04 | nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() |
| CVE-2023-53609 | 2025-10-04 | scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed" |
| CVE-2023-53610 | 2025-10-04 | irqchip: Fix refcount leak in platform_irqchip_probe |
| CVE-2023-53611 | 2025-10-04 | ipmi_si: fix a memleak in try_smi_init() |
| CVE-2023-53612 | 2025-10-04 | hwmon: (coretemp) Simplify platform device handling |
| CVE-2023-53613 | 2025-10-04 | dax: Fix dax_mapping_release() use after free |
| CVE-2023-53614 | 2025-10-04 | mm/ksm: fix race with VMA iteration and mm_struct teardown |
| CVE-2023-53615 | 2025-10-04 | scsi: qla2xxx: Fix deletion race condition |
| CVE-2023-53616 | 2025-10-04 | jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount |
| CVE-2025-11272 | 2025-10-04 | SeriaWei ZKEACMS POST Request UrlRedirectionController.cs Delete improper authorization |
| CVE-2025-11273 | 2025-10-04 | LaChatterie Verger provider.ts redirectToAuthorization deserialization |
| CVE-2025-11274 | 2025-10-05 | Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile allocation of resources |
| CVE-2025-11275 | 2025-10-05 | Open Asset Import Library Assimp OpenDDLParserUtils.h getNextSeparator heap-based overflow |
| CVE-2025-11276 | 2025-10-05 | Rebuild Comment/Guestbook cross site scripting |
| CVE-2025-11277 | 2025-10-05 | Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow |
| CVE-2025-11278 | 2025-10-05 | AllStarLink Supermon AllMon2 cross site scripting |
| CVE-2025-11279 | 2025-10-05 | Axosoft Scrum and Bug Tracking Add Work Item csv injection |
| CVE-2025-61882 | 2025-10-05 | Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2025-11280 | 2025-10-05 | Frappe LMS Assignment Picture files direct request |
| CVE-2025-11281 | 2025-10-05 | Frappe LMS Unpublished Course courses access control |
| CVE-2025-11282 | 2025-10-05 | Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting |
| CVE-2025-11283 | 2025-10-05 | Frappe LMS Course cross site scripting |
| CVE-2025-11284 | 2025-10-05 | Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password |
| CVE-2025-11285 | 2025-10-05 | samanhappy MCPHub serverController.ts os command injection |
| CVE-2025-11286 | 2025-10-05 | samanhappy MCPHub MCPRouter Service serverController.ts server-side request forgery |
| CVE-2025-11287 | 2025-10-05 | samanhappy MCPHub sseService.ts handleSseConnectionfunction improper authentication |
| CVE-2025-11288 | 2025-10-05 | CRMEB GET Parameter product sql injection |
| CVE-2025-8406 | 2025-10-05 | Path Traversal in zenml-io/zenml |
| CVE-2025-8917 | 2025-10-05 | Path Traversal Leading to Remote Code Execution in allegroai/clearml |
| CVE-2025-11289 | 2025-10-05 | westboy CicadasCMS Template Management TemplateFileServiceImpl.java save cross site scripting |
| CVE-2025-11290 | 2025-10-05 | CRMEB JWT HMAC Secret hard-coded key |
| CVE-2025-11291 | 2025-10-05 | ixmaps website2017 HTTP GET Request map.php cross site scripting |