Filtered by vendor Linuxfoundation
Subscribe
Total
362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53009 | 1 Linuxfoundation | 1 Materialx | 2025-08-20 | N/A | 7.5 HIGH |
| MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3. | |||||
| CVE-2025-53010 | 1 Linuxfoundation | 1 Materialx | 2025-08-20 | N/A | 7.5 HIGH |
| MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3. | |||||
| CVE-2025-53011 | 1 Linuxfoundation | 1 Materialx | 2025-08-20 | N/A | 7.5 HIGH |
| MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses MaterialX by sending a malicious MTLX file. This is fixed in version 1.39.3. | |||||
| CVE-2025-53012 | 1 Linuxfoundation | 1 Materialx | 2025-08-20 | N/A | 7.5 HIGH |
| MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsing file imports, recursion is used to process nested files; however, there is no limit imposed to the depth of files that can be parsed by the library. By building a sufficiently deep chain of MaterialX files one referencing the next, it is possible to crash the process using the MaterialX library via stack exhaustion. This is fixed in version 1.39.3. | |||||
| CVE-2025-20696 | 6 Google, Linuxfoundation, Mediatek and 3 more | 37 Android, Yocto, Mt6739 and 34 more | 2025-08-18 | N/A | 6.8 MEDIUM |
| In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801. | |||||
| CVE-2024-48063 | 1 Linuxfoundation | 1 Pytorch | 2025-07-16 | N/A | 9.8 CRITICAL |
| In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing. | |||||
| CVE-2024-34043 | 1 Linuxfoundation | 1 Ric-app-kpimon-go | 2025-07-14 | N/A | 5.3 MEDIUM |
| O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | |||||
| CVE-2023-52725 | 1 Linuxfoundation | 1 Onos-kpimon | 2025-07-14 | N/A | 6.5 MEDIUM |
| Open Networking Foundation SD-RAN ONOS onos-kpimon 0.4.7 allows blocking of the errCh channel within the Start function of the monitoring package. | |||||
| CVE-2023-52726 | 1 Linuxfoundation | 1 Onos-ric-sdk-go | 2025-07-14 | N/A | 6.5 MEDIUM |
| Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream). | |||||
| CVE-2023-52728 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | N/A | 5.5 MEDIUM |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString. | |||||
| CVE-2023-52727 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | N/A | 8.1 HIGH |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in parseAlignBits. | |||||
| CVE-2023-52724 | 1 Linuxfoundation | 1 Onos-kpimon | 2025-07-14 | N/A | 8.1 HIGH |
| Open Networking Foundation SD-RAN onos-kpimon 0.4.7 allows out-of-bounds array access in the processIndicationFormat1 function. | |||||
| CVE-2025-20693 | 4 Google, Linuxfoundation, Mediatek and 1 more | 26 Android, Yocto, Mt2737 and 23 more | 2025-07-09 | N/A | 6.5 MEDIUM |
| In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421. | |||||
| CVE-2024-24420 | 1 Linuxfoundation | 1 Magma | 2025-07-03 | N/A | 7.5 HIGH |
| A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-24421 | 1 Linuxfoundation | 1 Magma | 2025-07-03 | N/A | 9.8 CRITICAL |
| A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-31580 | 1 Linuxfoundation | 1 Pytorch | 2025-06-10 | N/A | 4.0 MEDIUM |
| PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-31583 | 1 Linuxfoundation | 1 Pytorch | 2025-06-10 | N/A | 7.8 HIGH |
| Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. | |||||
| CVE-2024-31584 | 1 Linuxfoundation | 1 Pytorch | 2025-06-03 | N/A | 5.5 MEDIUM |
| Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. | |||||
| CVE-2025-5150 | 1 Linuxfoundation | 1 Docarray | 2025-06-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2998 | 1 Linuxfoundation | 1 Pytorch | 2025-05-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||