EUVD-2025-197900

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...

CVE-2025-64488 SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...

EUVD-2016-5525

Malware in sbrugna...

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call...

CVE-2011-2561

The SIP process in Cisco Unified Communications Manager aka CUCM, formerly CallManager 7.x before 7.15bsu4 and 8.x before 8.01 does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point MTP, which allows remote...

SUSE CVE-2016-4538

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibl...

CVE-2014-3752

The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and earlier allows local users with administrator rights to execute arbitrary code with SYSTEM privileges via a crafted 0x83170180 call...

Microsoft Windows CLFS Driver Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log...

CVE-2016-4547

Samsung devices with Android KK4.4, L5.0/5.1, or M6.0 allow attackers to cause a denial of service system crash via a crafted system call to TvoutServiceC...

CVE-2014-9911

Stack-based buffer overflow in the uresgetByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode ICU before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ulocgetDisplayName call...

CVE-2014-9911

Stack-based buffer overflow in the uresgetByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode ICU before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted ulocgetDisplayName call...

php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call...

DEBIAN-CVE-2016-3713

The msrmtrrvalid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvmarchvcpu data structure, and consequently obtain sensitive information or cause a denial of service system crash, via a crafted ioctl call...

Updated libgd packages fix security vulnerabilities

Updated libgd packages fix security vulnerabilities: The gdImageScaleTwoPass function in gdinterpolation.c in libgd before 2.2.0 uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated by a...

CVE-2015-8877

The gdImageScaleTwoPass function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated ...

Design/Logic Flaw

The gdImageScaleTwoPass function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated ...

CVE-2016-4537

Removed by vendor...

CVE-2015-8877

The gdImageScaleTwoPass function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated ...

CVE-2015-8877

The gdImageScaleTwoPass function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated ...