CVE-2025-9086
- EPSS 1.3%
- Veröffentlicht 12.09.2025 05:10:03
- Zuletzt bearbeitet 02.06.2026 14:16:40
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - ...
CVE-2025-39790
- EPSS 0.14%
- Veröffentlicht 11.09.2025 16:56:38
- Zuletzt bearbeitet 12.05.2026 13:17:11
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this p...
CVE-2025-39788
- EPSS 0.16%
- Veröffentlicht 11.09.2025 16:56:37
- Zuletzt bearbeitet 12.05.2026 13:17:11
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE On Google gs101, the number of UTP transfer request slots (nutrs) is 32, and in this case the driver ends up programming t...
CVE-2025-39787
- EPSS 0.15%
- Veröffentlicht 11.09.2025 16:56:36
- Zuletzt bearbeitet 12.05.2026 13:17:11
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case...
CVE-2025-39783
- EPSS 0.15%
- Veröffentlicht 11.09.2025 16:56:33
- Zuletzt bearbeitet 12.05.2026 13:17:11
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a list_del() on the epf_group field of struct pci_epf_driver in pci_epf_remove_cfs() is not correct as this field is a li...
CVE-2025-39782
- EPSS 0.12%
- Veröffentlicht 11.09.2025 16:56:32
- Zuletzt bearbeitet 12.05.2026 13:17:10
In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() periodically release j_list_lock after processing a bat...
CVE-2025-39776
- EPSS 0.14%
- Veröffentlicht 11.09.2025 16:56:28
- Zuletzt bearbeitet 12.05.2026 13:17:10
In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: clear page table entries at destroy_args() The mm/debug_vm_pagetable test allocates manually page table entries for the tests it runs, using also its manually ...
CVE-2025-39772
- EPSS 0.14%
- Veröffentlicht 11.09.2025 16:56:26
- Zuletzt bearbeitet 12.05.2026 13:17:10
In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmc_unload to free the resource, but the mutexes in mode.config are not init, which ...
CVE-2025-39773
- EPSS 0.11%
- Veröffentlicht 11.09.2025 16:56:26
- Zuletzt bearbeitet 12.05.2026 13:17:10
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable 'time' in br_multicast_send_query() may overflow...
CVE-2025-39770
- EPSS 0.14%
- Veröffentlicht 11.09.2025 16:56:24
- Zuletzt bearbeitet 12.05.2026 13:17:10
In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM When performing Generic Segmentation Offload (GSO) on an IPv6 packet that contains extension headers, the k...