4737 matches found
CVE-2025-21072
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21072
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21072
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
CVE-2025-21072
CVE-2025-21072 is an out-of-bounds write vulnerability in the fingerprint trustlet metadata decoding on Samsung mobile devices, enabling a local privileged attacker to write memory outside allocated boundaries. Affected component: fingerprint trustlet. Root cause: improper handling during metadat...
CVE-2025-21072
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
EUVD-2025-200145
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...
📄 macOS Sonoma 14.5 Denial of Service
macOS Sonoma version 14.5 has a vulnerability in the AV1Syntax::ParseHeader function that can allow for a kernel crash. ============================================================================================================================================= | Title : macOS Sonoma 14.5 potenti...
PT-2025-48591
Name of the Vulnerable Software and Affected Versions Fingerprint trustlet versions prior to SMR Dec-2025 Release 1 Description An out-of-bounds write issue exists in the decoding of metadata within the fingerprint trustlet. This allows a local privileged attacker to write to memory outside of...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Mobile Devices that originates from an out-of-bounds write when decoding metadata, which could result in...
PT-2026-5434
Name of the Vulnerable Software and Affected Versions Salt affected versions not specified Description The Salt junos execution module has an issue with how it processes YAML data. Specifically, it uses an unsafe method to decode and load YAML. A carefully designed YAML payload processed by the...
Exploit for Use of Uninitialized Resource in Microsoft
Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...
Exploit for Use of Uninitialized Resource in Microsoft
Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...
bind security update
32:9.16.23-34.0.1.1 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes with upstream changes - Address various spoofing attacks CVE-2025-40778 32:9.16.23-34 - Fix failures in idn...
EUVD-2025-199017
pypdf's LZWDecode streams be manipulated to exhaust RAM...
Exploit for Use of Uninitialized Resource in Microsoft
Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...
CVE-2025-40210 Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND"
In the Linux kernel, the following vulnerability has been resolved: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" I've found that pynfs COMP6 now leaves the connection or lease in a strange state, which causes CLOSE9 to hang indefinitely. I've dug into it a little, but ...
TencentOS Server 3: container-tools (TSSA-2023:0111)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0111 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
GHSA-GGXQ-HP9W-J794 Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the middleware uses context.url.pathname without applying the...
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the middleware uses context.url.pathname without applying the...
PT-2025-47489
Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.8 Description Astro versions prior to 5.15.8 contain a path normalization discrepancy between how the framework routes requests and how middleware validates them. Astro uses decodeURI to determine the route, while...