2856 matches found
CVE-2025-43359
A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. A UDP server socket bound to a local interface may become bound to all interfaces...
CVE-2025-43359
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all...
CVE-2025-43359
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all...
CVE-2025-43359
A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A UDP server socket bound to a local interface may become bound to all...
CVE-2025-43359
CVE-2025-43359 describes a logic issue in state management where a UDP server socket bound to a local interface may become bound to all interfaces. This could lead to exposure of network services. The vulnerability affects Apple platforms and is fixed in: tvOS 26, watchOS 26, macOS Sonoma 14.8, i...
Apple多款产品 安全漏洞
Apple iOS is an operating system developed for mobile devices, Apple tvOS is a smart TV operating system, and Apple watchOS is a smart watch operating system. A security vulnerability exists in several Apple products that stems from a UDP server socket that may be incorrectly bound to all...
gosec
This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...
Exploring and Exploiting the Resource Isolation Attack Surface of WebAssembly Containers
Recently, the WebAssembly or Wasm technology has been rapidly evolving, with many runtimes actively under development, providing cross-platform secure sandboxes for Wasm modules to run as portable containers. Compared with Docker, which isolates applications at the operating system level, Wasm...
CVE-2025-6769
GitLab CE/EE (versions 15.1–18.1.5, 18.2–18.2.5, 18.3–18.3.1) are affected by CVE-2025-6769. In affected builds, an authenticated user could view administrator-only maintenance notes by accessing runner details through specific interfaces. The public descriptions indicate the issue enabled exposu...
Cross-Service Token: Finding Attacks in 5G Core Networks
5G marks a major departure from previous cellular architectures, by transitioning from a monolithic design of the core network to a Service-Based Architecture SBA where services are modularized as Network Functions NFs which communicate with each other via standard-defined HTTP-based APIs called...
Linux Distros Unpatched Vulnerability : CVE-2017-0412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a...
Linux Distros Unpatched Vulnerability : CVE-2016-6715
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7....
VulnCheck KEV: CVE-2025-25231
Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests read-only to restricted API endpoints...
Off Your Docker: Exposed APIs Are Targeted in New Malware Strain
...
Linux Distros Unpatched Vulnerability : CVE-2025-38728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in...
SUSE CVE-2025-38728
In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...
CVE-2025-48545
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48545
CVE-2025-48545 affects Android’s AccountManagerService.isSystemUid in AccountManagerService.java, enabling a confused deputy to let an app access privileged APIs. This constitutes local privilege escalation with no additional execution privileges and no user interaction required. Public details i...
CVE-2025-48545
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation with no additional execution privileges needed. User interaction is not needed for exploitation...
AZL-73845 CVE-2025-38728 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...