CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
IBM WebSphere Application Server - Liberty w wersjach od 22.0.0.11 do 26.0.0.5 może umożliwić zdalnemu atakującemu obejście zabezpieczeń w określonych warunkach, wykorzystując specyficzny czasowy interwał.
IBM App Connect Enterprise w wersjach od 13.0.1.0 do 13.0.7.0 przechowuje potencjalnie wrażliwe informacje w plikach dziennika, które mogą być odczytane przez lokalnego użytkownika.
IBM WebSphere Application Server - Liberty w wersjach od 19.0.0.7 do 26.0.0.5 oraz IBM WebSphere Application Server w wersjach 9.0 i 8.5 są podatne na atak typu denial of service, spowodowany wysłaniem specjalnie przygotowanego żądania. Zdalny atakujący może wykorzystać tę podatność, aby spowodować zużycie zasobów pamięci serwera.
In the Linux kernel, the can:ucan driver had a lifetime management issue where resources tied to the USB interface were not properly released upon driver unbind, causing memory leaks.
In the Linux kernel, a vulnerability was found in the netfilter module where bitwise shift operations (nft_bitwise) did not reject a zero shift operand. This led to undefined behavior in the carry propagation logic, potentially causing incorrect operation or security breaches.
In the Linux kernel's CAIF subsystem, a vulnerability exists where `caif_connect()` does not clear the client service pointer (`adap_layer->dn`) during teardown, leading to a use-after-free when the socket is destroyed.
In the Linux kernel, the tpm2_read_public() function is missing tpm_buf_destroy() calls on two exit paths, causing a page allocation leak. The issue occurs when name_size() returns an error (unrecognized hash algorithm) and on the success path.
In the Linux kernel, a vulnerability in the md/md-llbitmap module was found due to incorrect operation order: the barrier raise occurred after the state machine call, potentially causing race conditions. The fix moves the barrier raise before the state machine transition in llbitmap_start_write() and llbitmap_start_discard().
In the rtw88 driver for Wi-Fi cards, a vulnerability was detected due to missing check for the existence of the PCI upstream bridge. The pci_upstream_bridge() function returns NULL when the device is on a root bus, which may cause a crash during initialization of the 8821CE card in an unusual PCI topology.
In the Linux kernel, the igorplugusb driver for infrared remote controls violates DMA coherency rules. The USB request structure may be subject to DMA on some host controllers, so it must be allocated separately to ensure memory coherency.
In the Linux kernel, a vulnerability in the zram driver causes partial discard operations to hang indefinitely. The issue is due to missing bio_endio() call after immediate request completion, leading to blkdiscard process freeze.
In the Linux kernel, the ALSA control function snd_ctl_elem_init_enum_names() lacks validation of buf_len before calling strnlen(). When buf_len reaches zero but items remain, calling strnlen(p, 0) with CONFIG_FORTIFY_SOURCE enabled may cause a kernel panic (BRK exception) instead of safely handling the error.
A memory leak was discovered in the Linux kernel's DAMON/stat mechanism. When damon_start() fails, the DAMON context is not destroyed and the global pointer is not reset, leading to a permanent memory leak.
A vulnerability has been identified in the Linux kernel that allows inconsistent reads of local FDB entries in bridges. The issue arises from multiple loads of the `f->dst` value, which can lead to a NULL pointer dereference.
A vulnerability related to resource leaks during SPI device setup failure has been fixed in the Linux kernel. It is important to call the controller cleanup() if spi_setup() fails.
A vulnerability in the Linux kernel has been resolved that affects KVM and SVM. The issue was that the INVLPGA instruction did not trigger a #UD error when EFER.SVME was set to 0.
A vulnerability in the Linux kernel related to the ocfs2 filesystem has been resolved, concerning dio operations. The issue involved exceeding the credit limit during write operations, which could lead to warnings in JBD2.
A vulnerability was identified in the Linux kernel that led to a null pointer dereference when device_add_disk() failed after device_add() succeeded. This issue has been resolved by correctly managing the device removal order.
A vulnerability related to DMA synchronization in the atmel-tdes module has been fixed in the Linux kernel. Incorrect use of the sync direction may lead to stale cache data being returned on non-coherent platforms.
A vulnerability related to memory leaks on probe failures has been fixed in the Linux kernel. In case of errors, it is necessary to deregister the controller, disable pins, and kill and free the RX URB to avoid memory leaks and use-after-free.

