linuxfoundation

523 tracked vulnerabilities.

CVE-2025-46150 MEDIUM
PyTorch 2.6.0-2.6.9 - Inconsistent FractionalMaxPool2d Results via torch.compile
Sep 25, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-46149 MEDIUM
PyTorch 2.6.0-2.6.9 - Reachable Assertion in nn.Fold with Inductor
Sep 25, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-46148 MEDIUM
PyTorch < 2.6.0 - Incorrect Pairwise Distance Calculation in nn.PairwiseDistance
Sep 25, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59410 LOW
Dragonfly < 2.1.0 - Missing Encryption of Sensitive Data via HTTP Download
Sep 17, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-59354 MEDIUM
Dragonfly < 2.1.0 - Use of Weak Hash via MD5 Collision
Sep 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59353 HIGH
Dragonfly < 2.1.0 - Improper Certificate Validation via mTLS Authentication Bypass
Sep 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59352 CRITICAL
Dragonfly < 2.1.0 - Path Traversal and Remote Code Execution via gRPC and HTTP APIs
Sep 17, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-59351 MEDIUM
Dragonfly < 2.1.0 - NULL Pointer Dereference
Sep 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59350 MEDIUM
Dragonfly < 2.1.0 - Observable Timing Discrepancy in Proxy Access Control
Sep 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59349 LOW
Dragonfly < 2.1.0 - Incorrect Permission Assignment for Critical Resource via Directory Creation
Sep 17, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-59348 HIGH
Dragonfly < 2.1.0 - Denial of Service via Uninitialized Variable in ProcessPieceFromSource
Sep 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59347 MEDIUM
Dragonfly < 2.1.0 - Improper Certificate Validation in HTTP Clients
Sep 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59346 MEDIUM
Dragonfly < 2.1.0 - Server-Side Request Forgery via Preheat Job URL Parameter
Sep 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59345 CRITICAL
Dragonfly < 2.1.0 - Unauthenticated Job Manipulation and Denial of Service via Manager API Endpoints
Sep 17, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-20705 HIGH
Yocto - Use-After-Free in monitor_hang
Sep 01, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-20696 MEDIUM
Yocto - Out-of-bounds Write in DA Component
Aug 04, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-53012 HIGH
MaterialX 1.39.2 - Denial of Service via Nested Import Chain Depth Exhaustion
Aug 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53011 HIGH
MaterialX 1.39.2 - Denial of Service via Malicious MTLX File Parsing
Aug 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53010 HIGH
MaterialX 1.39.2 - Denial of Service via Null Pointer Dereference in MTLX Shader Node Parsing
Aug 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53009 HIGH
MaterialX <= 1.39.2 - Stack-based Buffer Overflow in MTLX File Parsing
Aug 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-51480 HIGH
ONNX 1.17.0 - Path Traversal and Arbitrary File Write via External Data Location
Jul 22, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-20693 MEDIUM
Yocto - Out-of-Bounds Read in WLAN STA Driver
Jul 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-5150 MEDIUM
docarray < 0.40.1 - Prototype Pollution via __getitem__ Function
May 25, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-47291 HIGH
containerd 2.0.1-2.0.4 - Denial of Service via Incorrect Cgroup Hierarchy Assignment
May 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-47290 MEDIUM
containerd 2.1.0 - Time-of-check Time-of-use Race Condition during Image Unpacking
May 20, 2025
CVSS 5.9
EPSS 0.00
Products
yocto 114 pytorch 31 everest 29 nats-server 24 harbor 23 magma 22 containerd 16 runc 16 iot-yocto 15 cups-filters 14 backstage 13 dragonfly 13 open_network_operating_system 11 onnx 10 ceph 8 kubeedge 8 spinnaker 8 tekton_pipelines 8 automotive_grade_linux 6 cubefs 6 edge_virtualization_engine 5 foomatic-filters 5 osquery 5 dex 4 grpc_swift 4 indy-node 4 materialx 4 opendaylight 4 rekor 4 the_update_framework 4
Quick Filters
Critical CVEs With Exploits In CISA KEV