PT-2025-46753

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to file system quotas. A kernel panic can occur when the panic on warn setting is enabled, specifically during writeback operations triggered by ...

PT-2025-33766

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a reference leak in the nfsd open local fh function. A race condition can occur when multiple calls to nfsd open local fh both successfully call nfsd file...

Adobe Substance 3D Painter < 11.0.3 (APSB25-77)

The version of Adobe Substance 3D Painter installed on the remote host is prior to 11.0.3. It is, therefore, affected by a vulnerability as referenced in the APSB25-77 advisory. - Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could...

CVE-2011-10012

NetOp now part of Impero Software Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute...

CVE-2025-54195

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-49573

Affected software/versions: Substance3D Modeler

CVE-2025-49568

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

Linux Distros Unpatched Vulnerability : CVE-2021-39656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In configfsopenfile of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with...

CVE-2025-38028 NFS/localio: Fix a race in nfs_local_open_fh()

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfslocalopenfh Once the clp-cluuid.lock has been dropped, another CPU could come in and free the struct nfsdfile that was just added. To prevent that from happening, take the RCU read lock before droppi...

AZL-78978 CVE-2025-0913 affecting package golang 1.25.7-1

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

UBUNTU-CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

Symlink Attack

Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Symlink Attack. Go Vulnerability Report:os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix...

SUSE CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2022-20505

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981...

CVE-2018-19451

A command injection can occur for specially crafted PDF files in Foxit Reader SDK ActiveX Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution...

kernel: cachefiles: fix dentry leak in cachefiles_open_file()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix dentry leak in cachefilesopenfile A dentry leak may be caused when a lookup cookie and a cull are concurrent: P1 | P2 ----------------------------------------------------------- cachefileslookupcookie...

Ensure That the Number of Files That Can Be Opened by Users Is Correctly Configured

The number of files that can be opened in Linux is limited. Once the limit is reached by a user, other users can no longer open files. By default, openEuler limits the maximum number of file handles that can be opened by each user to 1024. If the value exceeds 1024, new file handles cannot be...

CVE-2025-46579

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed...

gimp: PSD buffer overflow RCE

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious PSD file, possibly enabling the execution of unauthorized code within the GIMP process...