Filtered by vendor Linuxfoundation
Subscriptions
Total
361 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48063 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-07-16 | 9.8 Critical |
| In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. | ||||
| CVE-2024-34043 | 2 O-ran, Linuxfoundation | 2 Ricapp Kpimon Go, Ric-app-kpimon-go | 2025-07-14 | 5.3 Medium |
| O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | ||||
| CVE-2023-52725 | 2 Linuxfoundation, Open Networking Foundation | 2 Onos-kpimon, Sd-ran Onos | 2025-07-14 | 6.5 Medium |
| Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package. | ||||
| CVE-2023-52726 | 2 Linuxfoundation, Onosproject | 2 Onos-ric-sdk-go, Onos | 2025-07-14 | 6.5 Medium |
| Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream). | ||||
| CVE-2023-52728 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | 5.5 Medium |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString. | ||||
| CVE-2023-52727 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | 8.1 High |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits. | ||||
| CVE-2023-52724 | 1 Linuxfoundation | 1 Onos-kpimon | 2025-07-14 | 8.1 High |
| Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function. | ||||
| CVE-2025-20693 | 4 Google, Linuxfoundation, Mediatek and 1 more | 26 Android, Yocto, Mt2737 and 23 more | 2025-07-09 | 6.5 Medium |
| In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421. | ||||
| CVE-2024-24420 | 1 Linuxfoundation | 1 Magma | 2025-07-03 | 7.5 High |
| A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2024-24421 | 1 Linuxfoundation | 1 Magma | 2025-07-03 | 9.8 Critical |
| A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet. | ||||
| CVE-2023-6944 | 2 Linuxfoundation, Redhat | 3 Backstage, Red Hat Developer Hub, Rhdh | 2025-06-17 | 5.7 Medium |
| A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. | ||||
| CVE-2023-46740 | 1 Linuxfoundation | 1 Cubefs | 2025-06-17 | 6.5 Medium |
| CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the “accessKey”. To create the "accesKey", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade. | ||||
| CVE-2023-46739 | 1 Linuxfoundation | 1 Cubefs | 2025-06-17 | 6.5 Medium |
| CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading. | ||||
| CVE-2024-31580 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-06-10 | 4 Medium |
| PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-31583 | 2 Linuxfoundation, Pytorchlightning | 2 Pytorch, Pytorch Lightning | 2025-06-10 | 7.8 High |
| Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. | ||||
| CVE-2024-23656 | 1 Linuxfoundation | 1 Dex | 2025-06-03 | 7.5 High |
| Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | ||||
| CVE-2023-46741 | 1 Linuxfoundation | 1 Cubefs | 2025-06-03 | 4.8 Medium |
| CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has succesfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading. | ||||
| CVE-2023-46742 | 1 Linuxfoundation | 1 Cubefs | 2025-06-03 | 4.8 Medium |
| CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS. | ||||
| CVE-2024-31584 | 2 Linuxfoundation, Pytorchlightning | 2 Pytorch, Pytorch Lightning | 2025-06-03 | 5.5 Medium |
| Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. | ||||
| CVE-2025-5150 | 1 Linuxfoundation | 1 Docarray | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||