CVE-2025-29938

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution...

CVE-2026-40003

CVE-2026-40003 describes a USB-based arbitrary memory write vulnerability in the ZTE ZX297520V3 BootROM. The issue arises from lack of target address validation in the USB download mode, allowing writes to arbitrary locations in BootROM runtime memory. Potential consequences, as stated, include o...

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

PT-2026-36508

Name of the Vulnerable Software and Affected Versions Open-SAE-J1939 versions prior to commit b6caf884df46435e539b1ecbf92b6c29b345bdfe Description An integer underflow exists in the SAE J1939 Read Transport Protocol Data Transfer function. This allows attackers to write to arbitrary memory by usi...

CVE-2026-37534

CVE-2026-37534 describes an integer underflow in Open-SAE-J1939 (Open-SAE-J1939_Read_Transport_Protocol_Data_Transfer) triggered by a crafted CAN frame sequence number, allowing an attacker to write to arbitrary memory. Affected component is SAE_J1939_Read_Transport_Protocol_Data_Transfer; root c...

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

EUVD-2026-26687

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

CVE-2026-3437

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...

MiracleLinux 7 : nss-3.79.0-5.el7 (AXSA:2023-5233:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5233:03 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : nss-3.79.0-11.el8 (AXSA:2023-5224:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5224:01 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

CVE-2025-58409

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2019-2250

Kernel can write to arbitrary memory address passed by user while freeing/stopping a thread in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCS605, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SM7150, SXR1130...

CVE-2022-23428

An improper boundary check in edenruntime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

CVE-2025-55080

The vulnerability CVE-2025-55080 affects Eclipse ThreadX prior to version 6.4.3. Root cause: memory protection enabled, syscall parameter verification is insufficient, enabling an attacker to obtain an arbitrary memory read/write. Affected component: ThreadX RTOS (pre-6.4.3). Impact: arbitrary me...

PT-2025-42235

In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write...