Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003525)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003525 advisory. An issue was discovered in the nsgetpath function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free...

📄 Android 7 / 8 / 8.1 Pointer Disclosure

A flaw in Android's Binder IPC allowed applications to craft Parcels where binder-object metadata overlapped with string data. When unmarshalling, the kernel inserted genuine kernel pointers into attacker-controlled buffers. These could then be echoed back through services like clipboard, resulti...

PT-2024-37127

Name of the Vulnerable Software and Affected Versions: Samsung Universal Print Driver for Windows versions prior to 2018 Description: The issue allows for escalation of privilege, enabling the creation of a reverse shell in the tool. This affects products released or manufactured before 2018...

Contiki-NG Security Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from an infinite loop error during processing of ClientHello handshake message...

internshipsystem 路径遍历漏洞

internshipsystem is a student internship system for schools by wlwl individual developers. A security vulnerability exists in internshipsystem version 2018-05-22 and prior versions, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

ViaBTC Exchange Server Digital Error Vulnerability

ViaBTC Exchange Server is a backend engine dedicated to cryptocurrency trading. An integer overflow vulnerability exists in the utils/utrpc.c file in versions of ViaBTC Exchange Server prior to 2018-08-21. An attacker could exploit this vulnerability to cause memory corruption...

Z-NOMP Security Vulnerabilities

Z-NOMP is a suite of node open bitcoin mining software. A security vulnerability exists in versions of Z-NOMP prior to 2018-04-05...

VulnCheck KEV: CVE-2018-5383

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...

OSIsoft PI Web API Information Disclosure Vulnerability

PI is a real-time data history application from OSIsoft, and the PI Web API is the RESTful interface to the PI system. An information disclosure vulnerability exists in OSIsoft PI Web API 2018 and earlier versions, which stems from log files containing sensitive information. An attacker can explo...

glot-wwww Arbitrary Code Execution Vulnerability

glot-www is an open source pastebin with runnable snippets and an API. A security vulnerability exists in the default configuration in glot-www 2018-05-19 and earlier versions. A remote attacker can exploit the vulnerability to execute arbitrary code...

CVE-2018-15659

An issue was discovered in 42Gears SureMDM before 2018-11-27, related to the access policy for Silverlight applications. Cross-origin access is possible...

CVE-2018-0688

Open redirect vulnerability in SEIKO EPSON printers and scanners DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to 2017 Jun...

Google gVisor Denial of Service Vulnerability

Google gVisor is a user-space kernel written in the Go language for use in Linux systems. A denial of service vulnerability exists in versions of Google gVisor prior to 2018-08-22, which can be exploited by an attacker to cause a denial of service...

Sales & Company Management System Privilege Permission and Access Control Vulnerability

Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A privilege permission and access control vulnerability exists in SCMS 2018-06-06 and prior versions, which can be...

Google Monorail Cross-Site Search Vulnerability (CNVD-2018-23927)

Google Monorail is an issue tracker from Google USA. A security vulnerability exists in versions of Google Monorail prior to 2018-04-04. An attacker can exploit the vulnerability to obtain sensitive information about bug reports...

PAYFORT payfort-php-SDK cross-site scripting vulnerability (CNVD-2019-08574)

PayFort is an online payment gateway. payfort-php-SDK is the PayFort payment gateway SDK. A cross-site scripting vulnerability exists in Amazon PAYFORT payfort-php-SDK on 2018-04-26 and earlier versions, which can be exploited by an attacker via the route.php paymentMethod parameter to conduct a...

ViaBTC Exchange Server Integer Overflow Vulnerability (CNVD-2018-20070)

ViaBTC Exchange Server is a dedicated backend engine for cryptocurrency trading. An integer overflow vulnerability exists in the network/nwbuf.c file in versions of ViaBTC Exchange Server prior to 2018-08-21. An attacker could exploit this vulnerability to cause memory corruption...

PT-2018-12912 · Github · Libfsclfs

Name of the Vulnerable Software and Affected Versions: libfsclfs versions prior to 2018-07-25 Description: The issue allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. This is due to a problem in the libfsclfs block read function in libfsclfs block.c. The vend...

Invalid Memory Address Dereference Vulnerability in libming 'decompileSingleArgBuiltInFunctionCall' Function

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A security vulnerability exists in the 'decompileSingleArgBuiltInFunctionCall' function in version 0.4.8 of libming prior to 2018-03-12, which...

ALPINE-CVE-2018-14355

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name...