Lucene search
K

5610 matches found

OSV
OSV
added 2025/06/18 11:0 a.m.7 views

CVE-2022-49951 firmware_loader: Fix use-after-free during unregister

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...

7.8CVSS5.6AI score0.00207EPSS
Exploits0References5
CVE
CVE
added 2025/06/18 11:0 a.m.109 views

CVE-2022-49951

CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...

7.8CVSS6.4AI score0.00207EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2025/06/18 11:0 a.m.5 views

CVE-2022-49949

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...

5.5CVSS5.3AI score0.00179EPSS
Exploits0
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from firmwareloader not freeing memory during upload, which could lead to a memory leak...

5.5CVSS6.3AI score0.00179EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a post-release reuse issue with firmwareloader on logout...

7.8CVSS6.1AI score0.00207EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/18 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unreleased node references in spufsinitisolatedloader, which could lead to a reference count leak...

5.5CVSS6.1AI score0.00156EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2025/06/17 2:29 a.m.2 views

SUSE CVE-2025-6119

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...

5.3CVSS5.1AI score0.00185EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/06/17 2:29 a.m.3 views

SUSE CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

5.3CVSS5.1AI score0.00205EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/06/16 3:3 p.m.3 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01495EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2025/06/16 12:15 p.m.4 views

CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

5.3CVSS7.3AI score0.00205EPSS
Exploits1References6
OSV
OSV
added 2025/06/16 12:15 p.m.4 views

DEBIAN-CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

4.8CVSS5.1AI score0.00205EPSS
Exploits1References1
Snyk
Snyk
added 2025/06/16 11:42 a.m.1 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the ReadNodeChannels function in BVHLoader.cpp. An attacker can execute arbitrary code or cause a denial of service by manipulating the pNode argument after it has been freed. Remediation There is no fixed version for...

5.3CVSS7.8AI score0.00185EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/06/16 11:15 a.m.5 views

CVE-2025-6119

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...

5.3CVSS7.4AI score0.00185EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/15 2:37 p.m.6 views

Malicious code in zora-config-loader (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
OSV
OSV
added 2025/06/15 2:37 p.m.2 views

MAL-2025-5069 Malicious code in zora-config-loader (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/12 9:16 p.m.2 views

Malicious code in @biovia/amd-loader (npm)

The package communicates with a domain associated with malicious activity...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 4:38 a.m.5 views

Malicious code in @loybung/provider-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dc5e2aaa75780249ef49329cc88e74468511da4956872cadb22549951afb87e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
The Hacker News
The Hacker News
added 2025/06/04 3:24 p.m.18 views

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing aka vishing campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracki...

7.2AI score
Exploits0
Amd
Amd
added 2025/06/03 12:0 a.m.10 views

Versal™ Adaptive SoC – Improper Configuration of the Secure Stream Switch during Post-Boot Cryptographic Operations

AMD ID: AMD-SB-8011 Potential Impact: N/A Severity: N/A Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that allows a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECD...

3.2CVSS7.2AI score0.00126EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/05/29 12:0 a.m.3 views

PT-2025-23222 · Phpoffice · Phpoffice Math

Name of the Vulnerable Software and Affected Versions: PHPOffice Math versions prior to 0.3.0 Description: The issue allows an attacker to create a special XML file that, when processed, loads external entities, enabling the reading of local server files. This is due to the use of the libxml...

8.7CVSS6.1AI score0.00417EPSS
Exploits0References12
Rows per page
Query Builder