34 matches found
CVE-2025-52347
An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on attacker-controlled counts and lengths in the SPDY/3 frame parser. An attacker can exhaust process memory and cause an out-of-memory crash by sending ...
CVE-2026-35469
spdystream is a Go library for SPDY multiplexing. In versions ≤ 0.5.0, the SPDY/3 frame parser allocates memory for SETTINGS counts, header counts, and header field sizes without proper bounds checking, enabling large on-the-wire values to exhaust memory via crafted control frames. A remote peer ...
CVE-2026-35469
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count ...
SpdyStream 安全漏洞
SpdyStream is a SPDY-based multiplexing stream processing library developed by Moby. Versions of SpdyStream prior to 0.5.0 contain security vulnerabilities. These vulnerabilities stem from the SPDY/3 frame parser not verifying the count and length of the frame before allocating memory. This allow...
EUVD-2025-208607
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and...
ASUS Business System Control Interface 安全漏洞
ASUS Business System Control Interface is a system control interface developed by ASUS, a Chinese company. There is a security vulnerability in the ASUS Business System Control Interface. This vulnerability stems from excessive reading of data, which could allow unauthorized local users to access...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003042)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003042 advisory. sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a deni...
AzeoTech DAQFactory Stack Buffer Overflow Vulnerability
AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, Inc. and commonly used in industrial automation. AzeoTech DAQFactory suffers from a stack buffer overflow vulnerability that originates from a stack buffer overflow when parsing a specially crafted .ctl file,...
AzeoTech DAQFactory Use After Release Vulnerability
AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, Inc. and commonly used in industrial automation. AzeoTech DAQFactory suffers from a release-after-use vulnerability that originates from a release-after-reuse vulnerability in the parsing of a specially craft...
CVE-2025-66584
In AzeoTech DAQFactory release 20.7 Build 2555, a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process...
CVE-2025-66584
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-66585
In AzeoTech DAQFactory release 20.7 Build 2555, a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process...
CVE-2025-66585
In AzeoTech DAQFactory release 20.7 Build 2555, a use after free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process...
CVE-2025-66585
CVE-2025-66585 affects AzeoTech DAQFactory release 20.7 (Build 2555). A Use-After-Free vulnerability during parsing of specially crafted .ctl files can cause memory corruption and may allow code execution in the current process. Vendor/ICS advisories confirm local attack Vector with high impact t...
EUVD-2025-202857
In AzeoTech DAQFactory release 20.7 Build 2555, a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process...
EUVD-2025-202859
In AzeoTech DAQFactory release 20.7 Build 2555, an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process...
PT-2025-50736
Name of the Vulnerable Software and Affected Versions AzeoTech DAQFactory version 20.7 Build 2555 Description A Use After Free issue exists in AzeoTech DAQFactory release 20.7 Build 2555. Exploitation of this issue, through the parsing of specially crafted .ctl files, can lead to memory corruptio...
PT-2025-50735
Name of the Vulnerable Software and Affected Versions AzeoTech DAQFactory version 20.7 Build 2555 Description A stack-based buffer overflow exists in AzeoTech DAQFactory release 20.7 Build 2555. This issue can be triggered by processing specially crafted .ctl files, leading to memory corruption...
PT-2025-3110 · Asus · Asus System Analysis Io
Name of the Vulnerable Software and Affected Versions: ASUS System Analysis IO version 1.0.0 Description: The issue is related to improper access control in the AsusSAIO.sys driver, which may allow the misuse of software functionality when crafted IOCTL requests are supplied. This can lead to...