Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-10 | CVE-2025-21690 | Allocation of Resources Without Limits or Throttling vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooting from the VM side. | 5.5 |
| 2025-02-09 | CVE-2024-57949 | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock() <--- Warns because interrupts are enabled This was broken in commit b97e8a2f7130, which replaced the original raw_spin_[un]lock() pair with guard(raw_spinlock_irq). Fix the issue by using guard(raw_spinlock). [ tglx: Massaged change log ] | 5.5 |
| 2025-02-09 | CVE-2025-21684 | Improper Locking vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions may be called in raw spinlock context. | 5.5 |
| 2025-02-09 | CVE-2025-21685 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open() before setting the client ops via serdev_device_set_client_ops(). | 4.7 |
| 2025-02-08 | CVE-2025-0169 | Cross-site Scripting vulnerability in Scriptsbundle DWT Listing The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-08 | CVE-2024-54176 | IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | 4.3 |
| 2025-02-08 | CVE-2024-13850 | The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. | 5.5 |
| 2025-02-07 | CVE-2025-1106 | A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. | 5.4 |
| 2025-02-07 | CVE-2025-1105 | A vulnerability was found in SiberianCMS 4.20.6. | 4.3 |
| 2025-02-07 | CVE-2025-0302 | Integer Overflow or Wraparound vulnerability in Openatom Openharmony 4.1.0/4.1.1 in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow. | 5.5 |