Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Properly clear the vmci transport packet when initializing it. In vmcitransportpacketinit, memset is used to clear the vmcitransportpacket before populating the fields, to avoid any uninitialized data remaining in the...

CVE-2026-22269

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...

CVE-2025-47365

Memory corruption while processing large input data from a remote source via a communication interface...

CVE-2025-47365

Memory corruption while processing large input data from a remote source via a communication interface...

CVE-2025-47365 Integer Overflow or Wraparound in Automotive Platform

Memory corruption while processing large input data from a remote source via a communication interface...

CVE-2025-47365

CVE-2025-47365 concerns a memory corruption issue in Qualcomm Chipsets/Automotive Platform caused by processing large input data received from a remote source over a communication interface. The root cause is described as an integer overflow or wraparound in the affected data handling. Impact is ...

CVE-2025-47365 Integer Overflow or Wraparound in Automotive Platform

Memory corruption while processing large input data from a remote source via a communication interface...

EUVD-2021-22169

Malware in sbrugna...

EUVD-2016-10178

Malware in sbrugna...

vsock/vmci: Clear the vmci transport packet properly when initializing it

...

CVE-2025-41237

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI Virtual Machine Communication Interface that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX...

DEBIAN-CVE-2025-38102

In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify During our test, it is found that a warning can be trigger in trygrabfolio as follow: ------------ cut here ------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147...

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...

HMS Industrial Networks Anybus-CompactCom 30

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Industrial Networks Equipment: Anybus-CompactCom 30 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...

The vulnerabilities of HCI (Host Controller Interface) and SCI interfaces, which operate according to the IEC 60870-5-104 standard, and are found in Hitachi Energy RTU500 programmable logic controllers, allow a perpetrator to trigger a service failure.

The vulnerabilities of HCI Host Controller Interface and SCI interfaces, which operate according to the IEC 60870-5-104 standard, in Hitachi Energy RTU500 programmable logic controllers, are related to insufficient verification of input data. Exploiting these vulnerabilities can allow an attacker...

CVE-2022-21765

In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673...

Siemens OpenV2G memory corruption vulnerability

The primary scope of the OpenV2G project is to provide an open source implementation of the latest draft of the ISO/IEC Vehicle-to-Grid Communication Interface V2G CI standard.A memory corruption vulnerability exists in Siemens OpenV2G due to a missing length check in the OpenV2G EXI parsing...

Vulnerability fixed in ABB OPC Server

A vulnerability has been fixed in ABB OPC Server for AC 800M. The vulnerability enables an authenticated remote malicious person to able to execute arbitrary code. ABB has released updates to fix the vulnerability. To exploit this vulnerability requires access to the network of the victim's netwo...

Gallagher Command Centre Server 信息泄露漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. a security vulnerability exists in the COM interface of Gallagher Command Center Server, which could be exploited by an attacker to retrieve sensitive informatio...