Lucene search
+L

190 matches found

nvd
nvd
added yesterday7 views

CVE-2026-15029

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS0.00118EPSS
Exploits0References1
nvd
nvd
added yesterday8 views

CVE-2026-15030

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS0.00101EPSS
Exploits0References1
nvd
nvd
added yesterday8 views

CVE-2026-13585

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS0.00112EPSS
Exploits0References1
euvd
euvd
added yesterday10 views

EUVD-2026-44589

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
cvelist
cvelist
added yesterday30 views

CVE-2026-15029

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS0.00118EPSS
Exploits0References1
cve
cve
added yesterday11 views

CVE-2026-15029

The CVE-2026-15029 entry covers an Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager. The vulnerability permits a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
cve
cve
added yesterday9 views

CVE-2026-15030

The CVE-2026-15030 entry concerns ASUS components: System Control Interface v3, System Control Interface, and ASUS Business Manager. The weakness is an out-of-bounds read caused by a crafted IOCTL request that bypasses validation, enabling a local administrator to read memory regions beyond the i...

5.6CVSS6.1AI score0.00101EPSS
Exploits0References1
euvd
euvd
added yesterday7 views

EUVD-2026-44588

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS6.1AI score0.00101EPSS
Exploits0References1
cvelist
cvelist
added yesterday29 views

CVE-2026-15030

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS0.00101EPSS
Exploits0References1
ptsecurity
ptsecurity
added yesterday8 views

PT-2026-58873

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface driver affected versions not specified ASUS Business Manager affected versions not specified Description Improper resource allocation without limits or throttling, combined with the failure to remove sensitive...

8.2CVSS6.1AI score0.00112EPSS
Exploits0References9
susecve
susecve
added 2026/06/26 2:9 a.m.6 views

SUSE CVE-2026-53210

In the Linux kernel, the following vulnerability has been resolved: tee: shm: fix shm leak in registershmhelper registershmhelper allocates shm before calling ioviternpages. If ioviternpages returns 0, the function jumps to errctxput and leaks shm. This can be triggered by TEEIOCSHMREGISTER with...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53821 OpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocket

OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execut...

8.8CVSS5.4AI score0.00289EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

Orca Energija Orca heat pump 安全漏洞

Orca Energija Orca heat pump is a series of air-to-water heat pump systems developed by Orca Energija. There are security vulnerabilities in Orca Energija Orca heat pumps. These vulnerabilities stem from the lack of authentication and plaintext data transmission. Combined with the absence of...

6.3CVSS5.3AI score0.00114EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/29 2:6 a.m.10 views

CVE-2026-7480

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

7.3CVSS6.2AI score0.00135EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/29 2:6 a.m.34 views

CVE-2026-7480

CVE-2026-7480 : An Incorrect Permission Assignment for Critical Resource vulnerability affects the ASUS System Control Interface. A local user can elevate privileges to SYSTEM and execute arbitrary code by sending a crafted RPC call that bypasses the validation mechanism. This description is supp...

7.3CVSS6.2AI score0.00135EPSS
Exploits0References1
euvd
euvd
added 2026/05/29 2:6 a.m.13 views

EUVD-2026-33245

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control...

7.3CVSS6.2AI score0.00135EPSS
Exploits0References1
ubuntu
ubuntu
added 2026/05/25 8:24 a.m.19 views

USN-8299-1: Rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: A consistency check is performed on the mailbox/SMT channel. Upon receiving a completion interrupt, the shared memory area is accessed to retrieve the message header first. If the message sequence number...

4.7CVSS5.3AI score0.00174EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...

7CVSS6.5AI score0.0051EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fixed streaming cleanup upon release. The current implementation mxcisivideocleanupstreaming in mxcisivideorelease. This can lead to situations where any release call such as from a simple v4l2-ctl -l may...

5.7AI score0.00172EPSS
Exploits0References1
Rows per page
Query Builder