Filtered by vendor Linuxfoundation
Subscribe
Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20146 | 4 Google, Linuxfoundation, Mediatek and 1 more | 30 Android, Yocto, Mt2737 and 27 more | 2025-04-22 | N/A | 8.1 HIGH |
| In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835. | |||||
| CVE-2024-20145 | 5 Google, Linuxfoundation, Mediatek and 2 more | 22 Android, Yocto, Mt2737 and 19 more | 2025-04-22 | N/A | 6.6 MEDIUM |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040. | |||||
| CVE-2024-20144 | 5 Google, Linuxfoundation, Mediatek and 2 more | 36 Android, Yocto, Mt2737 and 33 more | 2025-04-22 | N/A | 6.6 MEDIUM |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041. | |||||
| CVE-2024-20143 | 5 Google, Linuxfoundation, Mediatek and 2 more | 24 Android, Yocto, Mt2737 and 21 more | 2025-04-22 | N/A | 6.6 MEDIUM |
| In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069. | |||||
| CVE-2024-20140 | 3 Google, Linuxfoundation, Mediatek | 13 Android, Yocto, Mt6739 and 10 more | 2025-04-22 | N/A | 6.7 MEDIUM |
| In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020. | |||||
| CVE-2025-20650 | 5 Google, Linuxfoundation, Mediatek and 2 more | 25 Android, Yocto, Mt2737 and 22 more | 2025-04-22 | N/A | 6.8 MEDIUM |
| In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061. | |||||
| CVE-2025-20651 | 5 Google, Linuxfoundation, Mediatek and 2 more | 25 Android, Yocto, Mt2737 and 22 more | 2025-04-22 | N/A | 4.1 MEDIUM |
| In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062. | |||||
| CVE-2025-2953 | 1 Linuxfoundation | 1 Pytorch | 2025-04-22 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects. | |||||
| CVE-2024-20152 | 4 Google, Linuxfoundation, Mediatek and 1 more | 24 Android, Yocto, Mt2737 and 21 more | 2025-04-21 | N/A | 4.4 MEDIUM |
| In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798. | |||||
| CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||||
| CVE-2019-19030 | 1 Linuxfoundation | 1 Harbor | 2025-04-14 | N/A | 5.3 MEDIUM |
| Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. | |||||
| CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 4.4 MEDIUM | N/A |
| The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||||
| CVE-2014-4338 | 1 Linuxfoundation | 1 Cups-filters | 2025-04-12 | 4.0 MEDIUM | N/A |
| cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | |||||
| CVE-2015-8560 | 3 Canonical, Debian, Linuxfoundation | 4 Ubuntu Linux, Debian Linux, Cups-filters and 1 more | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | |||||
| CVE-2016-3697 | 3 Docker, Linuxfoundation, Opensuse | 3 Docker, Runc, Opensuse | 2025-04-12 | 2.1 LOW | 7.8 HIGH |
| libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | |||||
| CVE-2013-6474 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2025-04-12 | 5.8 MEDIUM | N/A |
| The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2025-04-12 | 7.5 HIGH | N/A |
| The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2010-5325 | 3 Linuxfoundation, Oracle, Redhat | 8 Foomatic-filters, Linux, Enterprise Linux and 5 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. | |||||
| CVE-2013-6473 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. | |||||