CVE-2024-47013

In pmucalraehandleseqint of flexpmucalrae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-47013

CVE-2024-47013 is described across multiple sources as a flaw in the PMU firmware path (pmucal_rae_handle_seq_int in flexpmu_cal_rae.c) where uninitialized data allows an arbitrary write, enabling local privilege escalation with no user interaction. Documents consistently note the issue affects P...

CVE-2024-41721

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution...

CVE-2024-41721 bhyve(8) out-of-bounds read access via XHCI emulation

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution...

LLama cpp python binding < 0.2.88 Arbitrary Write Vulnerability

The version of llama.cpp installed on the remote host is prior to 0.2.88. It is, therefore, affected by an arbitrary write vulnerability. This vulnerability was combined with another arbitrary address read vulnerability to achieve RCE, demonstrating the significant impact of the vulnerability. No...

CVE-2024-42416 Multiple issues in ctl(4) CAM Target Layer

The ctlreportsupportedopcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on...

CVE-2024-42416 Multiple issues in ctl(4) CAM Target Layer

The ctlreportsupportedopcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtioscsi can exploit the vulnerabilities to achieve code execution on...

Exploit for Race Condition in Linux Linux_Kernel

CVE-2022-2590, Dirty COW restricted to shmem linux kernel ver...

@jmondi/url-to-png contains a Path Traversal vulnerability

Summary When trying to add a BLOCKLIST feature when the maintainer noticed they didn't sanitize the ImageId in the code, which leads to path traversal vulnerability. Now, this is different from a traditional path traversal issue, because as of NOW you can store the image in any place arbitrarily,...

GHSA-VVMV-WRVP-9GJR @jmondi/url-to-png contains a Path Traversal vulnerability

Summary When trying to add a BLOCKLIST feature when the maintainer noticed they didn't sanitize the ImageId in the code, which leads to path traversal vulnerability. Now, this is different from a traditional path traversal issue, because as of NOW you can store the image in any place arbitrarily,...

CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up...

CVE-2024-6563 Buffer Overflow Arbitrary Write

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files...

Exploit for CVE-2024-2961

Testing CVE-2024-2961 V1 - Under Analysis This repository c...

CVE-2024-22187

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this...

CVE-2024-24959

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these...

CVE-2024-22187

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this...

CVE-2024-22187

A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this...

CVE-2020-26312

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

Dotmesh 安全漏洞

Dotmesh is a git-like CLI open-sourced by Dotscience for capturing, organizing and sharing application state. A security vulnerability exists in Dotmesh 0.8.1 and earlier versions, which stems from the insecure handling of symbolic links in the unpacking routine, and could allow an attacker to re...

AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability

Talos Vulnerability Report TALOS-2023-1848 AMD Radeon DirectX 11 Driver atidxx64.dll Shader Functionality arbitrary write vulnerability April 10, 2024 CVE Number CVE-2024-21972 SUMMARY An arbitrary write vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll...