50 matches found
CVE-2026-49416
The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...
EUVD-2026-39960
The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...
PT-2026-53065
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The CONS HISTORY ioctl handler fails to properly validate the requested history size. Providing a large value leads to an integer overflow during the buffer size...
FreeBSD : FreeBSD -- Integer overflow in vt(4) CONS_HISTORY ioctl (71036b90-6476-11f1-958d-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 71036b90-6476-11f1-958d-bc241121aa0a advisory. The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value...
EUVD-2026-29087
Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...
SUSE CVE-2026-43075
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...
Exploit for Out-of-bounds Read in Microsoft
!CVEhttps://img.shields.io/badge/CVE-2025--60709-FF0000?styl...
Exploit for Out-of-bounds Read in Microsoft
!CVEhttps://img.shields.io/badge/CVE-2025--60709-FF0000?styl...
Exploit for Out-of-bounds Write in Apple Ipados
CVE-2025-24257 IOGPUFamily bitmapmask underflow — kernel h...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the warning from kernelwriteiter 2110.972290 ------------ Cut here ------------ 2110.972301 WARNING: CPU: 3 PID: 735 at fs/readwrite.c:599 kernelwriteiter+0x21b/0x280 This patch does not allow writing to directories...
MiracleLinux 7 : kernel-3.10.0-1160.99.1.el7 (AXSA:2023-6384:24)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6384:24 advisory. kernel: clsflower: out-of-bounds write in flsetgeneveopt CVE-2023-35788 hw: amd: Cross-Process Information Leak CVE-2023-20593 Tenable has extracted...
EUVD-2018-15451
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987209)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987209 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpmchip The following sequence of operations results in a...
EUVD-2025-7604
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-39828
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol. syzbot reported the splat below. 0 When atmtcpvopen or atmtcpvclose is called via connect or close,...
CVE-2025-39828 atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol. syzbot reported the splat below. 0 When atmtcpvopen or atmtcpvclose is called via connect or close, atmtcpsendcontrol is called to send an in-kernel special message. The...
IOHIDeous
IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here. Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13.2 anymore, and I don't feel like investigating that. Maybe patched, maybe just the consequence of a random change, I...
ksmbd: fix the warning from __kernel_write_iter
...
CVE-2022-20155
In ipucorejqsmsgtransportkernelwritesync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-32844
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app with arbitrary kernel read and write capability may be able to bypass Pointer Authentication...