AZL-59737 CVE-2025-29481 affecting package dwarves for versions less than 1.25-2

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under...

UBUNTU-CVE-2025-29481

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under...

UBUNTU-CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO Sample Adaptive Offset processing of libde265...

CVE-2025-22851

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow...

PT-2025-15455 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: A local code execution issue exists due to a threat actor being able to read outside of the allocated memory buffer, resulting from improper validation of user-supplied...

PT-2025-15283 · Libbpf +1 · Libbpf +1

Name of the Vulnerable Software and Affected Versions: libbpf version 1.5.0 Description: The issue is a buffer overflow vulnerability that allows a local attacker to execute arbitrary code via the bpf object init prog function of libbpf. Recommendations: For libbpf version 1.5.0, as a temporary...

PT-2025-15443 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: A local code execution issue exists due to an uninitialized pointer, resulting from improper validation of user-supplied data. This allows a threat actor to disclose...

PT-2025-15449 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: A local code execution issue exists due to a threat actor being able to write outside of the allocated memory buffer. This is a result of improper validation of...

PT-2025-15450 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: A local code execution issue exists due to a threat actor being able to write outside of the allocated memory buffer, resulting from improper validation of user-supplied...

CVE-2024-58104

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

Rockwell Automation 440G TLS-Z

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take over the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...

Local Code Execution (LCE)

XPixelGroup BasicSR is vulnerable to local code execution. The vulnerability is due to improper handling of a crafted SLURMNODELIST environment variable when executing "scontrol show hostname", allowing crafted input to influence command execution...

CVE-2025-2401 Buffer overflow in Immunity Debugger

Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking...

CVE-2024-27763

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...

CVE-2023-45588

An external control of file name or path vulnerability CWE-73 in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process...

CVE-2023-45588

An external control of file name or path vulnerability CWE-73 in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process...

Fortinet FortiClientMAC 安全漏洞

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code execution vulnerability exists in Fortinet FortiClientMAC that originates from an external control of a file name or path, which can be exploited by a local attacker to execute arbitrary co...

CVE-2025-21180

Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally...

CVE-2025-26630

Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally...

GHSA-86W8-VHW6-Q9QQ XPixelGroup BasicSR Command Injection

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURMNODELIST environment variable...