5610 matches found
CVE-2022-49951
CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...
CVE-2022-49951 firmware_loader: Fix use-after-free during unregister
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...
CVE-2022-49951
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix use-after-free during unregister In the following code within firmwareuploadunregister, the call to deviceunregister could result in the devrelease function freeing the fwuploadpriv structure before it is...
CVE-2022-49949
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from firmwareloader not freeing memory during upload, which could lead to a memory leak...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a post-release reuse issue with firmwareloader on logout...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unreleased node references in spufsinitisolatedloader, which could lead to a reference count leak...
SUSE CVE-2025-6119
A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...
SUSE CVE-2025-6120
A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...
CVE-2025-6120
A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...
DEBIAN-CVE-2025-6120
A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free via the ReadNodeChannels function in BVHLoader.cpp. An attacker can execute arbitrary code or cause a denial of service by manipulating the pNode argument after it has been freed. Remediation There is no fixed version for...
CVE-2025-6119
A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...
Malicious code in zora-config-loader (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...
MAL-2025-5069 Malicious code in zora-config-loader (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90bb43834ca3c2d8ed358c803284c55ac5cbc2a41e43dca36415cde5e63907fa Any computer that has this package installed or running should be considered...
Malicious code in @biovia/amd-loader (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @loybung/provider-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dc5e2aaa75780249ef49329cc88e74468511da4956872cadb22549951afb87e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing aka vishing campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracki...
Versal™ Adaptive SoC – Improper Configuration of the Secure Stream Switch during Post-Boot Cryptographic Operations
AMD ID: AMD-SB-8011 Potential Impact: N/A Severity: N/A Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that allows a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECD...