CVE-2025-10238

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...

CVE-2025-10238

The CVE-2025-10238 entry documents a potential out-of-bounds write in the BIOS of some ThinkPad products that could allow a privileged local user to execute code in System Management Mode (SMM). Affected software/hardware is ThinkPad BIOS; the underlying cause is described as an out-of-bounds wri...

CVE-2025-30650 Junos OS: Privileged local user can gain access to a Linux-based FPC as root

A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards includ...

CVE-2025-30650

CVE-2025-30650 concerns Junos OS on Linux-based line cards. A Missing Authentication for Critical Function in command processing allows a privileged local user to gain root access to the Linux-based FPC. Affected line cards include: MPC7–MPC11; LC2101/LC2103; LC480/LC4800/LC9600; MX304 (built-in ...

CVE-2025-36238 Power System Exposure of Sensitive System Information

IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service procedures...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001752 advisory. A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000481 advisory. A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2023-3212)

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414301 advisory. A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could...

EUVD-2025-24414

Malicious code in bioql PyPI...

CVE-2025-0164

IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment...

kernel: ext4: use-after-free in ext4_xattr_set_entry()

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors...

kernel: ext4: use-after-free in ext4_xattr_set_entry()

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors...

kernel: ext4: use-after-free in ext4_xattr_set_entry()

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors...

CVE-2025-33045

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information disclosure, arbitrary data...

CVE-2025-24296

Improper input validation in some firmware for the IntelR E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access...

CVE-2025-20067

Observable timing discrepancy in firmware for some IntelR CSME and IntelR SPS may allow a privileged user to potentially enable information disclosure via local access...

CVE-2025-24296

CVE-2025-24296 affects Intel® E810 Ethernet firmware prior to 4.6. The issue is improper input validation in firmware, enabling a privileged user to cause a denial of service via local access. Intel attributes a local attack vector with low complexity and requires high privileges (per CVSS v3.1: ...

Linux Distros Unpatched Vulnerability : CVE-2021-3640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers rac...

CVE-2022-21240

Out of bounds read for some IntelR PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access...