NewStart CGSL MAIN 7.02 : procps-ng Vulnerability (NS-SA-2025-0191)

The remote NewStart CGSL host, running version MAIN 7.02, has procps-ng packages installed that are affected by a vulnerability: - Under some circumstances, this weakness allows a user who has access to run the ps utility on a machine, the ability to write almost unlimited amounts of unfiltered...

CVE-2025-50061

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 20.12.0-20.12.21, 21.12.0-21.12.21, 22.12.0-22.12.19, 23.12.0-23.12.13 and 24.12.0-24.12.4. Easily exploitable...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the mysqldump component. An attacker can gain unauthorized access to read and modify certain data by leveraging network access and requiring interaction from another user. Remediation A fix was pushed into the...

AMD Versal Adaptive SoC 安全漏洞

AMD Versal Adaptive SoC is a chip from Ultra Micro Semiconductor AMD. A security vulnerability exists in AMD Versal Adaptive SoC that stems from an SSS misconfiguration that could result in data being incorrectly written and read...

CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

CVE-2022-49547 btrfs: fix deadlock between concurrent dio writes when low on free data space

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between concurrent dio writes when low on free data space When reserving data space for a direct IO write we can end up deadlocking if we have multiple tasks attempting a write to the same file range, there ar...

CVE-2024-52939

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory...

The vulnerability of the Connector/Python environment component in Oracle Application Express software allows a attacker to read and modify data, or cause a service failure.

The vulnerability of the Connector/Python component in Oracle Application Express application development software relates to unlimited resource allocation or throttling. Exploiting this vulnerability can allow a malicious actor to gain read and write access to data, or cause service failures...

CVE-2024-13614

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows Standard, Plus, Premium, Kaspersky Free, Kaspersky Anti-Virus, Kaspersky...

CVE-2024-13614

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows Standard, Plus, Premium, Kaspersky Free, Kaspersky Anti-Virus, Kaspersky...

CVE-2024-13614

Kaspersky vulnerabilities (CVE-2024-13614) affect multiple Kaspersky products, including Kaspersky Anti-Virus SDK for Windows and related endpoint/consumer suites. Root cause: an integer overflow that could let an authenticated attacker write data to a limited area outside the allocated kernel me...

CVE-2025-21553

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net t...

DEBIAN-CVE-2025-21502

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Orac...

CVE-2024-52938

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory...

CVE-2024-8595

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-8590

A maliciously crafted 3DM file when parsed in atfapi.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-8589

A maliciously crafted SLDPRT file when parsed in odxswdll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

AZL-50354 CVE-2024-21247 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2024-8900

The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events...

CVE-2024-8900

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox 129...