Search

Search Results (314434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-55685 2025-10-15 7 High
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55681 2025-10-15 7 High
Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-55677 2025-10-15 7.8 High
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-55676 2025-10-15 5.5 Medium
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.
CVE-2025-55340 2025-10-15 7 High
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.
CVE-2025-55339 2025-10-15 7.8 High
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
CVE-2025-55338 2025-10-15 6.1 Medium
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55336 2025-10-15 5.5 Medium
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
CVE-2025-55335 2025-10-15 7.4 High
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-55333 2025-10-15 6.1 Medium
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55325 2025-10-15 5.5 Medium
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-55320 2025-10-15 6.7 Medium
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-24052 2025-10-15 7.8 High
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.
CVE-2025-24990 1 Microsoft 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more 2025-10-15 7.8 High
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.
CVE-2025-55247 2025-10-15 7.3 High
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2025-53782 2025-10-15 8.4 High
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-50174 2025-10-15 7 High
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-48004 2025-10-15 7.4 High
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-52616 2025-10-15 5.3 Medium
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.
CVE-2024-49569 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-15 5.7 Medium
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006 #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362 #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25 RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574 RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004 RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b This due to we have quiesced admi_q before cancel requests, but forgot to unquiesce before destroy it, as a result we fail to drain the pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and simplify the code.