868 matches found
CVE-2025-20747
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966...
CVE-2025-20747
CVE-2025-20747 describes an out-of-bounds write in the gnss service caused by an incorrect bounds check. The issue could allow a local attacker with System privileges to escalate privileges, with no user interaction required. A patch is available (Patch ID: ALPS10010443; MSV-3966). Documented ref...
CVE-2025-20746
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967...
CVE-2025-20746
The CVE-2025-20746 entry concerns GNSS service software (as referenced across multiple sources) with an out-of-bounds write caused by an incorrect bounds check. This condition can enable local privilege escalation to System if already present, with no user interaction required. The vulnerability ...
CVE-2025-20739
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435340; Issue ID: MSV-403...
CVE-2025-20732
The CVE-2025-20732 entry describes a local privilege-escalation flaw in the wlan AP driver (Linksys Wireless Network Controller Driver) caused by an incorrect bounds check that enables an out-of-bounds write. Impact is local, with no user interaction required, and exploitation is not detailed in ...
CVE-2025-20729
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441512; Issue ID: MSV-415...
CVE-2025-20745
In apusys, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10095441; Issue ID: MSV-4294...
CVE-2025-20744
The CVE-2025-20744 entry concerns the pda component with a use-after-free in privileged context leading to local escalation of privilege. The advisory indicates that a malicious actor who already has System privileges can exploit this without user interaction; no exploit vectors or in-wild detail...
CVE-2025-20743
The CVE-2025-20743 entry concerns the clkdbg component, where a use-after-free condition can lead to local privilege escalation if an attacker already has System privileges. The vulnerability does not require user interaction and has a local attack vector with low complexity. The patch reference ...
CVE-2025-20730
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141...
Multiple Roboticsware products register Windows services with unquoted file paths
Overview Multiple Roboticsware products provided by Roboticsware PTE. LTD. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-64151 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develope...
PT-2025-44973
Name of the Vulnerable Software and Affected Versions Aruba wlan AP Driver affected versions not specified Description An out-of-bounds write issue exists in the wlan AP driver due to an incorrect bounds check. Successful exploitation could allow a malicious actor with System privileges to escala...
PT-2025-44986
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon GNSS affected versions not specified Description An out-of-bounds write issue exists in the gnss service due to an incorrect bounds check. Successful exploitation could allow a local attacker with System privileges to...
EUVD-2025-36535
Wazuh's File Integrity Monitoring FIM, when configured with automatic threat removal, contains a time-of-check/time-of-use TOCTOU race condition that can allow a local, low-privileged attacker to cause the Wazuh service running as NT AUTHORITY\SYSTEM to delete attacker-controlled files or paths...
CVE-2025-34294
This CVE entry is rejected/not used and does not represent an active vulnerability.
Multiple I-O DATA NAS management applications register Windows services with unquoted file paths
Overview Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. Multiple NAS management applications provided by I-O DATA DEVICE, INC. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2025-61865...
CVE-2025-20723
In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797...
CVE-2025-20722
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798...
EUVD-2025-34164
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00419946; Issue ID: MSV-358...