Lucene search
K

123 matches found

RedhatCVE
RedhatCVE
added 2025/10/30 9:0 a.m.3 views

CVE-2025-10924

A remote code execution RCE vulnerability exists in GIMP’s FF file parsing functionality. The flaw stems from improper validation of user-supplied data, leading to an integer overflow before buffer allocation. When a user opens a malicious FF image file, the overflow can cause incorrect memory...

7.8CVSS7.7AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/29 9:30 p.m.1 views

EUVD-2025-36714

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.2AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2025/10/29 8:15 p.m.3 views

UBUNTU-CVE-2025-10924

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS6.2AI score0.00371EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/29 7:29 p.m.8 views

CVE-2025-10924 GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS0.00371EPSS
Exploits0References2
CVE
CVE
added 2025/10/29 7:29 p.m.27 views

CVE-2025-10924

CVE-2025-10924 affects GIMP FF file parsing and is an integer overflow vulnerability that can lead to remote code execution when a user opens a malicious FF file. Multiple vendor advisories (openSUSE/SUSE, MiracleLinux, Alibaba Cloud Linux, etc.) reference this CVE among a set of GIMP file-parsin...

7.8CVSS7.7AI score0.00371EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/28 12:15 p.m.2 views

UBUNTU-CVE-2025-40035

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

5.7AI score0.00211EPSS
Exploits0References38
Cvelist
Cvelist
added 2025/10/28 11:48 a.m.4 views

CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

0.00211EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/17 12:0 a.m.4 views

PT-2025-49096

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the KVM arm64 component related to memory sharing with FF-A. Insufficient validation of offsets can lead to out-of-bounds access within the hypervisor...

4.6CVSS6.2AI score0.00162EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-9142

Malware in sbrugna...

4.9CVSS6.8AI score0.00738EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-5228

Malware in sbrugna...

9.3CVSS8AI score0.01677EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-59828

Malicious code in bioql PyPI...

6.3AI score0.00136EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.0 views

Malicious code in ff-db (npm)

The package ff-db was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in @zalastax/nolb-ff (npm)

The package @zalastax/nolb-ff was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-20425 Malicious code in ff-db (npm)

The package ff-db was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-11439 Malicious code in @zalastax/nolb-ff (npm)

The package @zalastax/nolb-ff was found to contain malicious code...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-19524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka...

4.9CVSS6.6AI score0.00738EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/25 11:23 p.m.3 views

SUSE CVE-2025-38374

In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous...

5.5CVSS6.5AI score0.00145EPSS
Exploits0References9
CVE
CVE
added 2025/07/25 12:53 p.m.41 views

CVE-2025-38374

CVE-2025-38374 – Linux kernel (OP-TEE FF-A): The issue arises because OP-TEE’s notif_callback() for FF-A notifications was executed in an atomic context, leading to a sleep and a kernel warning. The fix is to move notification processing to a non-atomic context by using a work queue. Affected des...

5.5CVSS6.3AI score0.00145EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that FF-A notification callbacks called in an atomic context may cause sleep...

5.5CVSS7.8AI score0.00145EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/23 1:34 a.m.4 views

Malicious code in dof-ff (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d1182a5fa877ae1d59bba4f4eef2ccb27c53c2549f97c27aa6da6ef9ee4701c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References4
Rows per page
Query Builder