Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-26 | CVE-2022-49218 | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The link_status array was not large enough to read the Adjust Request Post Cursor2 register, so remove the common helper function to avoid an OOB read, found with a -Warray-bounds build: drivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_get_adjust_request_post_cursor': drivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds] 59 | return link_status[r - DP_LANE0_1_STATUS]; | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing 'link_status' 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE], | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Replace the only user of the helper with an open-coded fetch and decode, similar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c. | 7.1 |
| 2025-02-26 | CVE-2021-47636 | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() Function ubifs_wbuf_write_nolock() may access buf out of bounds in following process: ubifs_wbuf_write_nolock(): aligned_len = ALIGN(len, 8); // Assume len = 4089, aligned_len = 4096 if (aligned_len <= wbuf->avail) ... | 7.1 |
| 2025-02-26 | CVE-2021-47640 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix early region not updated correctly The shadow's page table is not updated when PTE_RPN_SHIFT is 24 and PAGE_SHIFT is 12. | 7.8 |
| 2025-02-25 | CVE-2024-45418 | Unspecified vulnerability in Zoom products Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. | 8.8 |
| 2025-02-25 | CVE-2024-45421 | Unspecified vulnerability in Zoom products Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. | 8.8 |
| 2025-02-25 | CVE-2024-45424 | Unspecified vulnerability in Zoom products Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access. | 7.5 |
| 2025-02-25 | CVE-2025-27110 | Encoding Error vulnerability in Trustwave Modsecurity 3.0.13 Libmodsecurity is one component of the ModSecurity v3 project. | 7.5 |
| 2025-02-25 | CVE-2025-27142 | Path Traversal vulnerability in Localsend LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. | 8.8 |
| 2025-02-25 | CVE-2024-12368 | Unspecified vulnerability in Odoo 15.0 Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users. | 8.8 |
| 2025-02-25 | CVE-2025-23046 | Incorrect Implementation of Authentication Algorithm vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 7.5 |