UBUNTU-CVE-2025-40304

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

CVE-2025-40304

CVE-2025-40304: Linux kernel fbdev rendering bounds check added for bit_putcs to prevent vmalloc-out-of-bounds writes when clipping framebuffer text at screen edges. The fix clips Y off-screen, adjusts image height, breaks on off-screen X, and updates the character count when clipping width to av...

CVE-2025-40304 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

CVE-2025-40304

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

CVE-2025-40304 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

PT-2025-49477

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the vc screen module. Specifically, a struct vc data pointer in the vcs write function can be freed by vc port destruct after a ca...

PT-2025-49582

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-29864

Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29...

Huawei HarmonyOS screen recording framework module memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...

Huawei HarmonyOS screen recording framework module memory misreference vulnerability (CNVD-2025-30254)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of split-screen view and could lead to UI spoofing by a remote attacker via a specially crafted domain name...

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

A new Android malware named Albiriox has been advertised under a malware-as-a-service MaaS model to offer a "full spectrum" of features to facilitate on-device fraud ODF, screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list comprising over 400...

Malicious Package

Overview jsonauto is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

Malicious Package

Overview tailwindcss-animation-helper is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of...

Malicious Package

Overview jsonify-settings is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

Malicious Package

Overview session-expire is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package...

Malicious Package

Overview chai-pack is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

Malicious Package

Overview cwanner is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

Malicious Package

Overview pgforce is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

Malicious Package

Overview node-tailwind is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. On...