CVE-2025-36920

In hypalloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-61614

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed...

CVE-2025-24333

CVE-2025-24333 affects Nokia Single RAN baseband software prior to 24R1-SR 1.0 MP. The root cause is an administrative shell input validation fault that could allow an authenticated admin to inject commands into the baseband OAM service process via special characters in the internal COMA_config.x...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Nvidia NVIDIA TLK 输入验证错误漏洞

Nvidia NVIDIA TLK is a scheduler from Nvidia Corporation of America for use with Trusted Firmware-A TF-A. NVIDIA TLK suffers from an Input Validation Error vulnerability that stems from Trusty TLK containing a vulnerability in the NVIDIA TLK kernel function, where a missing check allows...

The vulnerability of the XLookupColor() function in the libX11 library, which stems from insufficient input data validation, allows a malicious actor to perform denial-of-service attacks.

The vulnerability of the XLookupColor function in the libX11 library is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a denial-of-service attack by running a specially created application on the system...

USN-4446-2 squid3 regression

USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain...

The vulnerability of the Windows operating system’s font library allows a hacker to execute arbitrary code.

The vulnerability of Windows font libraries is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted embedded font...

Multiple Cisco Products FXOS and UCS Fabric Interconnect Software Input Validation Vulnerabilities

Cisco Firepower 4100 Series Next-Generation Firewall and so on are the products of the American Cisco Cisco company.Cisco Firepower 4100 Series Next-Generation Firewall is a firewall product.UCS 6200 Cisco Firepower 4100 Series Next-Generation Firewall is a firewall product. UCS 6200 Series Fabri...

The vulnerability of the perfAddFormServer.gwtsvc component in the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the perfAddFormServer.gwtsvc component in the HPE Intelligent Management Center PLAT software platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely by using the beanName...