Astra Linux - уязвимость в qemu

A bug in QEMU could cause a guest I/O operation that is normally directed to an arbitrary disk offset to be directed instead to offset 0. This could potentially overwrite the VM’s boot code. For example, this could be exploited by L2 guests who have a virtual disk vdiskL2 stored on the virtual di...

CODESYS Control runtime system 安全漏洞

CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a security vulnerability in CODESYS Control runtime system. This vulnerability arises from the...

UBUNTU-CVE-2025-24857

Improper access control for volatile memory containing boot code in Universal Boot Loader U-Boot before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code...

CVE-2025-24857

Improper access control for volatile memory containing boot code in Universal Boot Loader U-Boot before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code...

CVE-2025-24857

Improper access control for volatile memory containing boot code in Universal Boot Loader U-Boot before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code...

CVE-2025-63296

CVE-2025-63296 affects the KERUI K259 5MP Wi‑Fi / Tuya Smart Security Camera (firmware v33.53.87). The issue is a code execution vulnerability in the bootstrap/update path: during startup, /usr/sbin/anyka_service.sh scans mounted TF/SD cards; if /mnt/update.nor.sh is found, it copies it to /tmp/n...

EUVD-2020-4025

Malware in sbrugna...

EUVD-2004-1590

Malware in sbrugna...

EUVD-2025-25798

Malicious code in bioql PyPI...

EUVD-2025-31020

Malicious code in bioql PyPI...

CVE-2025-20314

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper...

CVE-2025-20313

Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path...

PT-2025-39312

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw in Cisco IOS XE Software may allow an attacker with level-15 privileges or physical access to a device to execute persistent code during boot and compromise the system’s...

PT-2025-34111 · Undefined · Undefined

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

CVE-2025-4043 Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot...

CVE-2025-4043

CVE-2025-4043 affects Milesight UG65-868M-EA gateways (pre-60.0.0.46 firmware). An admin user can gain unauthorized write access to /etc/rc.local, which is executed at system boot, enabling persistence. Public documents describe risk as admin-command injection by a privileged user (CISA ICS advis...

GNU GRUB 缓冲区错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. A buffer overflow vulnerability exists in GRUB. The vulnerability stems from the fs/hfs module containing an integer overflow issue that results in heap-based out-of-bounds writes. An attacker can exploit this vulnerability to execut...

Medium: qemu

Issue Overview: A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L...

CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

DEBIAN-CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...