CVE-2025-59505 Windows Smart Card Reader Elevation of Privilege Vulnerability

...

CVE-2025-59505 Windows Smart Card Reader Elevation of Privilege Vulnerability

...

CVE-2025-59505

CVE-2025-59505 is a Windows Smart Card Reader privilege-escalation vulnerability described as a double-free issue that could allow an authenticated local attacker to gain elevated privileges. The connected material confirms the CVE is categorized as a high-severity (CVSS v3.1 base 7.8) local, use...

kernel: ring-buffer: Validate the persistent meta data subbuf array

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...

Windows Smart Card Reader Elevation of Privilege Vulnerability

Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally...

[SECURITY] Fedora 43 Update: rust-reqsign-file-read-tokio-2.0.1-1.fc43

Tokio-based file reader implementation for reqsign...

Teamcenter Visualization WRL File Parsing Vulnerabilities

Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...

BIT-GOLANG-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

BIT-GOLANG-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

Rigged Poker Games

The Department of Justice has indicted thirty-one people over the high-tech rigging of high-stakes poker games. In a typical legitimate poker game, a dealer uses a shuffling machine to shuffle the cards randomly before dealing them to all the players in a particular order. As set forth in the...

kernel: ethtool: check device is present when getting link settings

A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash...

MAL-2025-49375 Malicious code in rbx-reader-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26b8d14a0bd74bf3ed3daec6aa05cdff66d71efb652ea3727f5eee4812f39293 The package rbx-reader-ts was found to contain malicious code. Source: ghsa-malware e2cc8e418629e96adc1f49efc1c9e67a21f94eb0594d1e6a66ce25023f0afcc4...

Malicious code in rbx-reader-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26b8d14a0bd74bf3ed3daec6aa05cdff66d71efb652ea3727f5eee4812f39293 The package rbx-reader-ts was found to contain malicious code. Source: ghsa-malware e2cc8e418629e96adc1f49efc1c9e67a21f94eb0594d1e6a66ce25023f0afcc4...

Malicious Package

Overview rbx-reader-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-37946

Malicious code in rbx-reader-ts npm...

[SECURITY] Fedora 43 Update: rust-reqsign-file-read-tokio-2.0.0-1.fc43

Tokio-based file reader implementation for reqsign...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989076)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989076 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibmultipathuseneigh. While reading sysctlfibmultipathuseneigh...

CVE-2025-12108

The CVE-2025-12108 instance affects the Survision LPR Camera system, where authentication is not enforced by default, allowing access to the configuration wizard without login credentials. Affected component: the device’s access/configuration flow (license plate recognition camera system). Impact...

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

[SECURITY] Fedora 42 Update: rust-reqsign-file-read-tokio-2.0.0-1.fc42

Tokio-based file reader implementation for reqsign...