Export limit exceeded: 17604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (17604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23069 | 1 Linux | 1 Linux Kernel | 2026-03-13 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message] | ||||
| CVE-2025-40119 | 1 Linux | 1 Linux Kernel | 2026-03-13 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4_mb_init() In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy() lacks null pointer checking, this leads to a null pointer dereference. ================================================================== EXT4-fs: no memory for groupinfo slab cache BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0002 [#1] SMP PTI CPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none) RIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40 Call Trace: <TASK> xa_destroy+0x61/0x130 ext4_mb_init+0x483/0x540 __ext4_fill_super+0x116d/0x17b0 ext4_fill_super+0xd3/0x280 get_tree_bdev_flags+0x132/0x1d0 vfs_get_tree+0x29/0xd0 do_new_mount+0x197/0x300 __x64_sys_mount+0x116/0x150 do_syscall_64+0x50/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== Therefore, add necessary null check to ext4_mb_avg_fragment_size_destroy() to prevent this issue. The same fix is also applied to ext4_mb_largest_free_orders_destroy(). | ||||
| CVE-2025-11790 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect Cloud Agent, Macos and 2 more | 2026-03-13 | N/A |
| Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | ||||
| CVE-2026-28719 | 3 Acronis, Linux, Microsoft | 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more | 2026-03-13 | N/A |
| Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | ||||
| CVE-2026-28723 | 3 Acronis, Linux, Microsoft | 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more | 2026-03-13 | N/A |
| Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | ||||
| CVE-2026-28725 | 3 Acronis, Linux, Microsoft | 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more | 2026-03-13 | N/A |
| Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | ||||
| CVE-2026-28724 | 3 Acronis, Linux, Microsoft | 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more | 2026-03-13 | N/A |
| Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | ||||
| CVE-2025-11791 | 4 Acronis, Apple, Linux and 1 more | 7 Acronis Cyber Protect 17, Agent, Cyber Protect and 4 more | 2026-03-13 | 7.1 High |
| Sensitive information disclosure and manipulation due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | ||||
| CVE-2025-30413 | 4 Acronis, Apple, Linux and 1 more | 7 Acronis Cyber Protect 17, Agent, Cyber Protect and 4 more | 2026-03-13 | 4.4 Medium |
| Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | ||||
| CVE-2026-3931 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-13 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-3924 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-03-13 | 7.5 High |
| use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-28709 | 3 Acronis, Linux, Microsoft | 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more | 2026-03-12 | 4.3 Medium |
| Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | ||||
| CVE-2026-28710 | 3 Acronis, Linux, Microsoft | 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more | 2026-03-12 | 9.8 Critical |
| Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | ||||
| CVE-2025-30412 | 3 Acronis, Linux, Microsoft | 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more | 2026-03-12 | N/A |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | ||||
| CVE-2025-30416 | 3 Acronis, Linux, Microsoft | 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more | 2026-03-12 | N/A |
| Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | ||||
| CVE-2025-30411 | 3 Acronis, Linux, Microsoft | 5 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect and 2 more | 2026-03-12 | N/A |
| Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800. | ||||
| CVE-2025-13219 | 2 Ibm, Linux | 2 Aspera Orchestrator, Linux Kernel | 2026-03-12 | 5.9 Medium |
| IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. | ||||
| CVE-2025-36226 | 2 Ibm, Linux | 3 Aspera Faspex, Aspera Faspex 5, Linux Kernel | 2026-03-12 | 5.4 Medium |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36227 | 2 Ibm, Linux | 3 Aspera Faspex, Aspera Faspex 5, Linux Kernel | 2026-03-12 | 5.4 Medium |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | ||||
| CVE-2025-13213 | 2 Ibm, Linux | 2 Aspera Orchestrator, Linux Kernel | 2026-03-12 | 5.4 Medium |
| IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking | ||||