CVE-2023-53397 modpost: fix off by one in is_executable_section()

In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in isexecutablesection The comparison should be = to prevent an out of bounds array access...

CVE-2023-53397 modpost: fix off by one in is_executable_section()

In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in isexecutablesection The comparison should be = to prevent an out of bounds array access...

CVE-2023-53397 modpost: fix off by one in is_executable_section()

In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in isexecutablesection The comparison should be = to prevent an out of bounds array access...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a difference-in-difference error in the isexecutablesection function, which could lead to out-of-bounds access t...

MAL-2025-191745 Malicious code in gtts-lts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7cfb789704a149f7b741d0c68fcb8a32a1e189444ca36f97e435e59d04e073b8 During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted ---...

Malicious code in gtts-lts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7cfb789704a149f7b741d0c68fcb8a32a1e189444ca36f97e435e59d04e073b8 During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted ---...

ASLRay

This repository contains a Linux ELF x32/x64 ASLR DEP/NX bypass exploit with stack-spraying. The exploit targets the test binary, which is a simple program that takes a string argument and prints it. The exploit works by spraying the stack with a large amount of data, which increases the chances ...

ctf-tasks

This is a CTF Capture The Flag challenge repository from the CONFidence CTF 2014 event. The repository contains several files and directories related to two tasks: "Crypto Machine" and "Memory". Crypto Machine The "Crypto Machine" task is a reverse engineering challenge that involves exploiting a...

Linux Distros Unpatched Vulnerability : CVE-2025-39787

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not...

CVE-2025-10213

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-40979

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp' directory, which could lead to...

[SECURITY] Fedora 42 Update: civetweb-1.16-9.fc42

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

UBUNTU-CVE-2025-39787

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the...

GHSA-P2XP-XX3R-MFFC PyInstaller has local privilege escalation vulnerability

Impact Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...

CVE-2025-57392

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...

CVE-2025-40979

DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code by placing an arbitrary file in the 'C:\Users\AppData\Local\Temp' directory, which could lead to...

CVE-2025-10215

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\Public\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to...

CVE-2025-10213

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-10213 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice in the 'C:\Users\AppData\Local\Microsoft\WindowsApps' directory, which could lead to arbitrary...

CVE-2025-10213

CVE-2025-10213 is a DLL search path hijacking vulnerability affecting UPDF.exe on Windows (version 1.8.5.0). An attacker with local access can cause arbitrary code execution and persistence by placing a crafted dxtn.dll in the path C:\Users\AppData\Local\Microsoft\WindowsApps, exploiting the Wind...