CVE-2025-6119

A vulnerability has been identified in the Open Asset Import Library Assimp, specifically within the Assimp::BVHLoader::ReadNodeChannels functionality in the assimp/code/AssetLib/BVH/BVHLoader.cpp file. This flaw can lead to a use-after-free condition. Under certain specific conditions,...

PT-2025-30772 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.14.0-rc7 for upstream debug 2025 03 18 15 01 Description: A flaw exists in the Linux kernel's RDMA/mlx5 component related to unsafe xarray access during implicit ODP handling. Specifically, the xa store and xa...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in the Android operating system. Samsung has fixed vulnerabilities relevant to Samsung Mobile in Samsung Mobile. The vulnerabilities are in how the GPU Kernel Drivers handle system calls from non-privileged users. This can lead to unauthorized access to memory,...

CVE-2020-11137

Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

CVE-2019-6634

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any...

CVE-2008-7201

Lantronix MSS485-T allows remote attackers to cause a denial of service unstable performance and service loss via certain vulnerability scans, as demonstrated using 1 Nessus and 2 nmap...

DEBIAN-CVE-2025-37977

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are non-cacheable and the iocc shareability bits should be disabled. Without this UFS can end up in an...

Destabilizing Power Grid and Energy Market by Cyberattacks on Smart Inverters

Cyberattacks on smart inverters and distributed PV are becoming an imminent threat, because of the recent well-documented vulnerabilities and attack incidents. Particularly, the long lifespan of inverter devices, users' oblivion of cybersecurity compliance, and the lack of cyber regulatory...

DEBIAN-CVE-2025-32022

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

finit 缓冲区错误漏洞

finit is a quick initialization tool for Linux by Joachim Wiberg, a personal developer. A buffer error vulnerability exists in finit 4.2 and later, which stems from the presence of heap buffer overrides in the urandom plugin, which may lead to random instability and undefined behavior...

PT-2025-19847 · Qualcomm · Snapdragon +22

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs during concurrent access to a buffer. This corruption is caused by the modification of the reference count, leading to unstable system...

PT-2025-19879 · Qualcomm · 215 Mobile Firmware +93

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs when reading the FW response from the shared queue. This corruption happens due to a problem in handling the response, leading to potential...

PT-2025-19858 · Qualcomm · Snapdragon +6

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs when handling multiple IOCTL calls from userspace to operate DMA operations. This can lead to unstable system behavior. No information is...

PT-2025-19857 · Qualcomm · Snapdragon +28

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption during sound model registration for voice activation, specifically with the audio kernel driver. This corruption occurs when registering the sound model...

PT-2025-19854 · Qualcomm · Snapdragon +10

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves memory corruption that occurs when invoking IOCTL calls from userspace to the camera kernel driver in order to dump request information. This is caused by an error in the...

kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...

Internet Bug Bounty: Denial of Service by memory exhaustion in net/imap

A vulnerability was discovered in the net-imap library that allowed denial of service by memory exhaustion. The vulnerability was caused by the library automatically reading and allocating memory for the size of "literal" strings sent by the server, without any limit on the size. This could be...

Exploit for Out-of-bounds Write in Nasa Cryptolib

PoC for CVE-2025-30216: CryptoLib Heap Overflow Vulnerability...

CVE-2025-30216 CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in t...

Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...