DEBIAN-CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory. PoC const tmp =...

curl: Use After Free (that leads to arbitrary Write for some versions)

Summary: - Use-After-Free vulnerability that leads to arbitrary write/READ YES, I used IA along with mermaind editor online one to generate this graph that show these paths for allocation, free and use after free F4637660: bugsvg.png Affected version - curl 8.13.0 x8664-pc-linux-gnu libcurl/8.13....

K000152613: Secure Boot Bypass vulnerability CVE-2025-3052

Security Advisory Description An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM...

CVE-2025-7026 SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values e.g., '$DB$' or '2DB$', the function performs arbitrary...

CVE-2025-7026 SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values e.g., '$DB$' or '2DB$', the function performs arbitrary...

CVE-2025-7026

Gigabyte UEFI/Software SMI handler vulnerability (CVE-2025-7026) lets a local attacker control RBX as an unchecked pointer in CommandRcx0. If RBX contents match values like '$DB$' or '2DB$', arbitrary writes to SMRAM are possible, enabling System Management Mode (SMM) privilege escalation and per...

CVE-2025-7027 SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable SetupXtuBufferAddress, while the write content is read from a...

CVE-2025-7027

Gigabyte Gigabyte UEFI SMM vulnerabilities (CVE-2025-7027) allow a local attacker to control both read and write addresses in SMRAM via the SwSmiInputValue 0xB2 handling, using an unvalidated UEFI NVRAM pointer (SetupXtuBufferAddress) and an attacker-controlled RBX-based pointer to perform arbitr...

CVE-2025-7029

CVE-2025-7029 affects Gigabyte UEFI firmware via the Software SMI handler SwSmiInputValue 0xB2. The vulnerability lets an attacker locally control the RBX-derived pointers (OcHeader, OcData) used in power/thermal configuration, enabling arbitrary SMRAM writes and potential SMM privilege escalatio...

CVE-2025-7029 SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used to derive pointers OcHeader, OcData passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory...

webkit: pointer authentication bypass

A vulnerability was found in Webkit. This flaw allows an attacker with arbitrary read and write capability to bypass pointer authentication...

ALSA-2025:10189 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: python-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

CVE-2025-3052

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability...

CVE-2025-3052 An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability...

CVE-2025-3052 An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability...

CVE-2025-3052

CVE-2025-3052 is listed as an arbitrary write vulnerability affecting Microsoft-signed UEFI firmware, enabling code execution of untrusted software and potential modification of NVRAM-stored firmware settings. The CVE entry shown links CVE-2025-3052 to DT Research Inc. in the CVE List entry, and ...

CVE-2025-25179 GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages...

CVE-2025-25179

CVE-2025-25179 is a local vulnerability in the Imagination Technologies PowerVR-GPU driver. A non-privileged user may issue improper GPU system calls that subvert GPU hardware and write to arbitrary physical memory pages. Reported base metrics indicate local access, low privileges required, and h...