kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Fix use-after-free issue in ethskbpkttype KMSAN reported a use-after-free issue in ethskbpkttype1. The cause of the issue was that ethskbpkttype accessed skb's data that didn't contain an Ethernet header. This occur...

PDF-XChange Editor 缓冲区错误漏洞

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

CVE-2025-49848

An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data...

CVE-2025-0285

Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits...

Ashlar Vellum Cobalt 安全漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execute code in the...

The vulnerability of the `restore_fpregs_from_user()` function in the `arch/x86/kernel/fpu/signal.c` file of the Linux operating system’s FPU driver allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the restorefpregsfromuser function in the arch/x86/kernel/fpu/signal.c file of the Linux operating system’s FPU driver is related to insufficient control over the validity of user data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Fix use-after-free issue in ethskbpkttype KMSAN reported a use-after-free issue in ethskbpkttype1. The cause of the issue was that ethskbpkttype accessed skb's data that didn't contain an Ethernet header. This occur...

CVE-2021-32936

An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK All versions prior to 2022.4 resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a...

Parallels Desktop Integer Overflow Elevation of Privilege Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. An integer overflow elevation of privilege vulnerability exists in the prlhypervisor module in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability stems from a lack of proper validation of user-supplied...

CVE-2018-14810

WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator...

CVE-2018-14280

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...