Linuxfoundation Security Vulnerabilities (CVEs)
Track 146 security vulnerabilities affecting Linuxfoundation products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Dragonfly versions before 2.1.0 contain a nil pointer dereference vulnerability where code panics when a function returns an error but its first retur...
Sep 17, 2025This vulnerability in Dragonfly allows peers to create or read arbitrary files on other peers' systems via gRPC and HTTP APIs, enabling data theft and...
Sep 17, 2025Dragonfly Manager versions before 2.1.0 have disabled TLS certificate verification in HTTP clients, making them vulnerable to man-in-the-middle attack...
Sep 17, 2025Dragonfly Manager web UI endpoints /api/v1/jobs and /preheats lack authentication in versions before 2.1.0, allowing unauthenticated attackers to crea...
Sep 17, 2025CVE-2025-20705 is a use-after-free vulnerability in the monitor_hang component that could lead to memory corruption. This allows local privilege escal...
Sep 1, 2025This CVE describes an out-of-bounds write vulnerability in DA (likely a MediaTek component) that could allow local privilege escalation. Attackers wit...
Aug 4, 2025MaterialX versions before 1.39.3 contain a null pointer dereference vulnerability when parsing malicious MTLX files. This allows attackers to crash ap...
Aug 1, 2025CVE-2025-53012 is a denial-of-service vulnerability in MaterialX library versions before 1.39.3 where unlimited nested file imports can cause stack ex...
Aug 1, 2025A bug in containerd's CRI implementation fails to place usernamespaced containers under Kubernetes' cgroup hierarchy, causing Kubernetes resource limi...
May 21, 2025A TOCTOU vulnerability in containerd v2.1.0 allows specially crafted container images to modify the host filesystem during image unpacking. Only conta...
May 20, 2025A critical Remote Command Execution vulnerability exists in PyTorch when loading models with torch.load(weights_only=True). Attackers can craft malici...
Apr 18, 2025This vulnerability in MediaTek DA software allows local attackers with physical access to escalate privileges through an out-of-bounds write. No user ...
Apr 7, 2025A critical memory corruption vulnerability in PyTorch's torch.lstm_cell function allows local attackers to potentially execute arbitrary code or crash...
Mar 31, 2025Insecure permissions in PipeCD v0.49 allow attackers to access the service account's authentication token, enabling privilege escalation within the Pi...
Mar 21, 2025This vulnerability in Kuadrant v0.11.3 allows attackers to access service account tokens due to insecure permissions in the secrets component. Attacke...
Mar 21, 2025A vulnerability in containerd allows containers launched with UID/GID values exceeding 32-bit signed integer limits to overflow and run as root (UID 0...
Mar 17, 2025This CVE describes an out-of-bounds write vulnerability in MediaTek's da component that could allow local privilege escalation. Attackers with physica...
Mar 3, 2025This CVE describes a Bluetooth firmware vulnerability in MediaTek chipsets where improper exception handling could trigger a reachable assertion. This...
Feb 3, 2025A reachable assertion vulnerability in Magma's decode_linked_ti_ie function allows attackers to cause Denial of Service (DoS) by sending crafted NAS p...
Jan 21, 2025A type confusion vulnerability in Magma's NAS message decoding function allows attackers to execute arbitrary code or cause denial of service via spec...
Jan 21, 2025A buffer overflow vulnerability in Magma's decode_esm_message_container function allows attackers to cause Denial of Service via crafted NAS packets. ...
Jan 21, 2025This vulnerability allows network-adjacent attackers to crash the Mobile Management Entity (MME) in Magma cellular core networks by sending a malforme...
Jan 21, 2025A buffer overflow vulnerability in Magma's decode_access_point_name_ie function allows attackers to cause denial of service via crafted NAS packets. T...
Jan 21, 2025A buffer overflow vulnerability in Magma's decode_protocol_configuration_options function allows attackers to cause Denial of Service (DoS) via crafte...
Jan 21, 2025This vulnerability is a buffer overflow in the decode_pdn_address function of the Linux Foundation Magma software, affecting versions up to 1.8.0. It ...
Jan 21, 2025A buffer overflow vulnerability in Magma's decode_traffic_flow_template_packet_filter function allows attackers to cause denial of service via crafted...
Jan 21, 2025CVE-2023-37029 allows attackers to cause denial of service by sending oversized NAS packets to Magma MME, crashing it via assertion failure. This affe...
Jan 21, 2025A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-adjacent attackers to crash the MME service by sendi...
Jan 21, 2025A stack-based buffer overflow vulnerability in Magma's Mobile Management Entity (MME) allows remote attackers to crash the service by sending speciall...
Jan 21, 2025A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-adjacent attackers to crash the MME service by sendi...
Jan 21, 2025An unauthenticated remote attacker can crash the Mobile Management Entity (MME) in Magma cellular core networks by sending a specially crafted NAS pac...
Jan 21, 2025A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-adjacent attackers to crash the MME service by sendi...
Jan 21, 2025A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-adjacent attackers to crash the MME service by sendi...
Jan 21, 2025This vulnerability allows remote attackers to execute arbitrary code on affected devices via Wi-Fi without user interaction. It affects MediaTek chips...
Jan 6, 2025This vulnerability allows attackers to spoof Wi-Fi access point SSIDs, tricking client devices into connecting to malicious networks. This affects dev...
Jan 6, 2025This CVE describes an out-of-bounds write vulnerability in V6 DA (likely a MediaTek component) that allows local privilege escalation. Attackers with ...
Jan 6, 2025This vulnerability in V6 DA allows local privilege escalation through an out-of-bounds write due to missing bounds checks. An attacker with physical a...
Jan 6, 2025This vulnerability in MediaTek WLAN STA drivers allows remote attackers within wireless range to execute arbitrary code without user interaction. It a...
Jan 6, 2025This CVE describes a Bluetooth firmware vulnerability in MediaTek chipsets where improper handling of exceptional conditions can cause a firmware asse...
Dec 2, 2024This vulnerability allows authenticated Harbor users to modify tag retention policies in projects they shouldn't have access to. Attackers can exploit...
Nov 14, 2024This vulnerability in Harbor allows authenticated users to revoke robot account permissions belonging to projects they don't have access to. Attackers...
Nov 14, 2024This vulnerability in Harbor allows authenticated users to modify p2p preheat policies in projects they shouldn't have access to. Attackers can exploi...
Nov 14, 2024CVE-2024-20107 is an out-of-bounds read vulnerability in MediaTek's da component that allows local attackers to read memory beyond allocated buffers w...
Nov 4, 2024This vulnerability in MediaTek's da component allows local attackers to write beyond allocated memory boundaries, potentially gaining elevated privile...
Nov 4, 2024This vulnerability allows remote code execution through deserialization in PyTorch's RemoteModule feature. It affects users running PyTorch distribute...
Oct 29, 2024CVE-2024-9802 exposes sensitive information through a publicly accessible conformance validation endpoint in Zowe API Layer. This allows unauthenticat...
Oct 10, 2024This CVE describes an out-of-bounds write vulnerability in MediaTek power management components that allows local privilege escalation. Attackers with...
Oct 7, 2024CVE-2023-27584 is a critical authentication bypass vulnerability in Dragonfly, an open-source P2P file distribution system, due to a hardcoded JWT sec...
Sep 19, 2024This vulnerability in Backstage's TechDocs plugin allows attackers to access the entire AWS S3 or GCS storage bucket contents when using those provide...
Sep 17, 2024This vulnerability in MediaTek Wi-Fi drivers allows remote attackers to cause denial of service without authentication or user interaction. It affects...
Sep 2, 2024Why Monitor Linuxfoundation Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 146+ known vulnerabilities affecting Linuxfoundation products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Linuxfoundation packages in under 60 seconds. No agents required - completely agentless scanning that works across Linuxfoundation deployments.
Free vulnerability database: Access detailed information about every Linuxfoundation CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Linuxfoundation CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
