CVE-2019-8801

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution...

CVE-2019-17449

Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges...

CVE-2019-15417

The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...

CVE-2019-12367

The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12368

The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2010-3375

qtparted has insecure library loading which may allow arbitrary code execution...

CVE-2019-14684

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687...

CVE-2010-0652

Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document...

CVE-2019-13208

WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1.9.29.0...

CVE-2012-6463

Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs...

CVE-2013-0973

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream...

CVE-2005-2512

Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak...

CVE-2009-3792

Directory traversal vulnerability in Adobe Flash Media Server FMS before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors...

SUSE CVE-2025-37898

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export data but no code,...

CVE-2025-37898

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export data but no code,...

UBUNTU-CVE-2025-37963

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only...

UBUNTU-CVE-2025-37898

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export data but no code,...

CVE-2025-37964 x86/mm: Eliminate window where TLB flushes may be inadvertently skipped

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Eliminate window where TLB flushes may be inadvertently skipped tl;dr: There is a window in the mm switching code where the new CR3 is set and the CPU should be getting TLB flushes for the new mm. But shouldflushtlb has a...

CVE-2025-37898 powerpc64/ftrace: fix module loading without patchable function entries

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export data but no code,...

CVE-2025-37898

CVE-2025-37898 affects the Linux kernel’s powerpc64/ftrace module loading path. The issue arises from get_stubs_size assuming at least one patchable function entry; modules exporting data but no code could yield a zero sh_size. During module_memory_alloc(), the size is page-aligned and becomes ze...