A Deep Dive into the GetProcessHandleFromHwnd API

Posted by James Forshaw In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I...

org.sakaiproject.kernel:sakai-kernel-component (>=1.3.0 <=10.7) potentially affected by CVE-2025-62710 via org.sakaiproject.kernel:sakai-kernel-impl (>=10.3 <=1.3.3)

org.sakaiproject.kernel:sakai-kernel-impl MAVEN version =10.3, =1.3.0, =10.7 Source cves: CVE-2025-62710 Source advisory: SNYK:JAVA-ORGSAKAIPROJECTKERNEL-13669871...

CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

org.sakaiproject.kernel:sakai-kernel-component (>=1.3.0 <=10.7) potentially affected by CVE-2025-62710 via org.sakaiproject.kernel:sakai-kernel-impl (>=10.3 <=1.3.3)

org.sakaiproject.kernel:sakai-kernel-impl MAVEN version =10.3, =1.3.0, =10.7 Source cves: CVE-2025-62710 Source advisory: OSV:GHSA-GR7H-XW4F-WH86...

SUSE CVE-2025-38566

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...

PYSEC-2022-61

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

PYSEC-2022-61

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

Heap overflow

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

Design/Logic Flaw

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

Information Disclosure

kernel is vulnerable to information disclosure. A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel...

NVIDIA Driver - Escape 0x100010b Missing Bounds Check

NVIDIA Driver - Escape 0x100010b Missing Bounds Check Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=927 The DxgkDdiEscape handler for escape code 0x100010b looks like: char escape100010bNvMiniportDeviceContext miniportcontext, HANDLE handle, unsigned int idx PVOID Object; if...

NVIDIA Driver - Escape 0x100010b Missing Bounds Check

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=927 The DxgkDdiEscape handler for escape code 0x100010b looks like: char escape100010bNvMiniportDeviceContext miniportcontext, HANDLE handle, unsigned int idx PVOID Object; if !handle dodebugthingo; Object = PVOID...

Code injection

A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux RHEL 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service system crash via non-member VLAN packets...

New Linux Flaw Enables Null Pointer Exploits

A researcher has published exploit code for a new vulnerability he discovered in the Linux kernel. The vulnerability is an especially interesting one in that the researcher who discovered it, Brad Spengler, has demonstrated that he can use the weakness to defeat many of the add-on security...