156 matches found
UBUNTU-CVE-2025-38633
In the Linux kernel, the following vulnerability has been resolved: clk: spacemit: mark K1 pll1d8 as critical The pll1d8 clock is enabled by the boot loader, and is ultimately a parent for numerous clocks, including those used by APB and AXI buses. Guodong Xu discovered that this clock got disabl...
CVE-2025-9090
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
CVE-2025-9090
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
CVE-2025-9090 Tenda AC20 Telnet Service telnet websFormDefine command injection
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...
CVE-2025-9090
CVE-2025-9090 affects Tenda AC20 router (firmware 16.03.08.12). The flaw is in the Telnet Service: the websFormDefine function in /goform/telnet allows remote command injection. Public exploitation exists (exploit code and PoC references in multiple sources), enabling arbitrary command execution ...
OSV-2025-515 Use-of-uninitialized-value in JS_DefineProperty
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428754593 Crash type: Use-of-uninitialized-value Crash state: JSDefineProperty buildbacktrace JSCallInternal...
CVE-2025-6097
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. T...
CVE-2023-22377
Improper restriction of XML external entity reference XXE vulnerability exists in tsClinical Define.xml Generator all versions v1.0.0 to v1.4.0 and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which...
UBUNTU-CVE-2022-49749
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: use casting of u64 in clock multiplication to avoid overflow In functions i2cdwscllcnt and i2cdwsclhcnt may have overflow by depending on the values of the given parameters including the icclk. For example in our...
Malicious code in ie8-dom-define (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bafd820b50caefd5e1af4ca12fcd7861408751d2ebe06de855897f04480f13c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-194 Malicious code in ie8-dom-define (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bafd820b50caefd5e1af4ca12fcd7861408751d2ebe06de855897f04480f13c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the kunit/fortify components in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the kunit/fortify components in Linux kernel relates to a memory corruption in the DEFINEALLOCSIZETESTPAIR function. Exploiting this vulnerability can allow an attacker to access confidential information...
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type
The OVERWRITE clause of the DEFINE TABLE statement would fail to overwrite data for tables that were defined with TYPE RELATION. Since table definitions include the PERMISSIONS clause, this failure would result in permissions not being overwritten as a result, which may potentially lead users to...
MAL-2024-9900 Malicious code in utils-define-nonenumerable-read-only-property (npm)
--- -= Per source details. Do not edit below this line.=-...
PT-2024-40821 · Jflex · Jflex
Name of the Vulnerable Software and Affected Versions: jflex affected versions not specified Description: A security exception crash has been reported. The crash occurs in the jflex.core.NFA.insertNFA function, which is called by java.base/java.lang.ClassLoader.defineClass1 and...
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query
A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query
A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query
A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query
A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query
A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...