CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
In the Linux kernel's inside-secure/eip93 crypto driver, a vulnerability exists where all cryptographic algorithms are unregistered regardless of which are actually implemented in hardware. This causes a system panic on platforms that do not have all options implemented in silicon.
In the Linux kernel, a vulnerability was found in the IPVS module where protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. The issue is fixed by using the iph->len field, which contains the appropriate offset.
In the Linux kernel, the mscc ocelot network driver lacks lock protection in ocelot_port_xmit_inj(). The function calls ocelot_can_inject() and ocelot_port_inject_frame() without holding the injection group lock, potentially causing races. The fix adds ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register injection path.
In the Linux kernel, a vulnerability was found in the AppArmor module where the aa_sock_file_perm function does not check for NULL pointers for sock and sock->sk. This can lead to a NULL pointer dereference (oops) during socket setup or teardown, especially for af_unix sockets.
In the Linux kernel, the WARN_ON_ONCE warning when accessing the forward path array has been removed. Support for IPIP tunnels increased the likelihood of hitting this warning if userspace builds a sufficiently long forward path.
A vulnerability in the Erlang OTP public_key library allows improper following of a certificate's chain of trust. A non-CA certificate can be accepted as an intermediate issuer, enabling certificate chain forgery.
IBM Cloud APM w wersji Base Private 8.1.4 oraz Advanced Private 8.1.4, a także IBM Db2 dla systemów Linux, UNIX i Windows, mogą pozwolić uwierzytelnionemu użytkownikowi na spowodowanie odmowy usługi z powodu niewłaściwego neutralizowania specjalnych elementów w logice zapytań danych w środowisku Fenced.
A flaw in Samba's vfs_worm module allows bypassing WORM (write-once, read-many) protections during file rename operations. An authenticated user with write access to a share can overwrite a protected file by renaming a newly created file over an existing WORM-protected file.
In the Linux kernel, a memory leak of the ntfs_mount_options structure was found in the NTFS3 filesystem. The issue occurs in ntfs_fill_super() where the fc->fs_private pointer is set to NULL without freeing the allocated memory first, causing ntfs_fs_free() to skip deallocation.
In the Linux kernel, the NTFS3 filesystem has a vulnerability involving the use of uninitialized folios. Newly allocated folios are not marked as uptodate, and the ni_read_frame() function is skipped when the caller expects the frame to be completely overwritten, leaving part of the memory uninitialized.
In the Linux kernel, a deadlock was found in the ni_read_folio_cmpr function of the NTFS3 file system. The issue is caused by a lock inversion between the inode mutex (ni_lock) and page locks, leading to a deadlock between two tasks. The fix restructures locking: ni_lock is no longer taken in ntfs_read_folio(), but only after all page locks for the compressed frame have been acquired.
In the Linux kernel, in the accel/amdxdna driver, a vulnerability was found where a NULL pointer dereference can occur during context cleanup. The aie_destroy_context() function is called on error in aie2_create_context(), but it assumes the mailbox channel pointer is non-NULL. If mailbox channel creation fails, the pointer remains NULL, leading to a NULL pointer dereference.
In the Linux kernel, a NULL pointer dereference vulnerability was found in the Panthor DRM driver during panthor_fw_unplug(). The issue occurs when the MCU is in various states or the firmware is not loaded/initialized. The fix removes the MCU halt and wait procedures that could cause the error.
In the Linux kernel, a vulnerability was found in the DisplayPort MST driver where releasing a timeslot can cause a negative bit shift when VCPI (Virtual Channel Payload Identifier) is 0. This occurs after disconnecting a DP 2.1 monitor, when the delayed destroy work tries to create a payload mask using ~BIT(vcpi - 1), leading to a UBSAN shift-out-of-bounds error.
In the Linux kernel's Smack module, a vulnerability was found where writing a previously used value to /smack/doi disables networking for non-ambient labels. The issue is caused by retaining decommissioned DOIs that cannot be re-added, blocking the default domain map.
In the Linux kernel, a race condition was found in the amdxdna driver. When autosuspend is triggered, the rpm_on flag indicates an ongoing suspend/resume operation, but a userspace application may submit a command during this window, which gets executed before the device has actually resumed, leading to unexpected behavior.
IBM Cognos Analytics w wersjach 11.2.0, 11.2.4, 12.0 i 12.1.0 oraz IBM Cognos Transformer w wersjach 11.2.4, 12.0 i 12.1.0 są podatne na ataki typu cross-site scripting (XSS). Ta podatność umożliwia zdalnemu atakującemu wstrzyknięcie dowolnego kodu JavaScript do interfejsu użytkownika w przeglądarce.
IBM Operations Analytics - Log Analysis w wersjach od 1.3.5.0 do 1.3.8.4 nie wymaga domyślnie silnych haseł dla użytkowników, co ułatwia atakującym przejęcie kont użytkowników.
IBM SDI w wersjach od 7.2.0.0 do 7.2.0.14 oraz IBM Security Directory Integrator w wersjach od 10.0.0.0 do 10.0.0.2 mogą umożliwić zdalnemu atakującemu uzyskanie wrażliwych informacji, gdy w przeglądarce zwracany jest szczegółowy komunikat o błędzie technicznym. Informacje te mogą być wykorzystane w dalszych atakach na system.
W Keycloak, rozwiązaniu do zarządzania tożsamością i dostępem, znaleziono lukę. Gdy aplikacja kliencka jest skonfigurowana do akceptacji szerokich identyfikatorów URI, zdalny atakujący może manipulować procesem uwierzytelniania, tworząc specjalny adres internetowy.

