CVE-2025-8851

A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the...

CVE-2025-27128

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...

CVE-2025-24298

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...

CVE-2025-24298

CVE-2025-24298 relates to OpenHarmony, affecting v5.0.3 and earlier where a use-after-free in the trusted computing base (tcb) enables a local attacker to achieve arbitrary code execution. The vulnerability is locally exploitable due to tcb’s post-release reuse issue, with impact on confidentiali...

CVE-2025-24298 liteos_a has an UAF vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...

CVE-2025-24298 liteos_a has an UAF vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free...

CVE-2025-25278 liteos_a has a race condition vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition...

PT-2025-32511 · Openharmony · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.4 Description: OpenHarmony versions prior to 5.0.4 contain a use-after-free issue in the tcb component that allows a local attacker to execute arbitrary code. Recommendations: Update to OpenHarmony version...

PT-2025-32505 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.4 Description: The software contains a use-after-free flaw in the trusted computing base tcb component that could allow a local attacker to execute arbitrary code. Recommendations: Update to version 5.0.4 or...

Linux Distros Unpatched Vulnerability : CVE-2022-1652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the badflpintr function. By...

Linux Distros Unpatched Vulnerability : CVE-2025-4089

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to insufficient escaping of special characters in the copy as cURL feature, an attacker could trick a user into using this command, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2025-5265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to insufficient escaping of the ampersand character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading...

CVE-2025-7771

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke...

CVE-2025-53395

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx...

CVE-2025-33092

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system...

RLSA-2025:8308 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential local code execution ...

HP PageWide and OfficeJet Printers Local Code Execution (CVE-2020-28416)

HP has identified a security vulnerability with the I.R.I.S. OCR Optical Character Recognition software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. This plugin only works with Tenable.ot. Please visit...

NewStart CGSL MAIN 7.02 : sane-backends Vulnerability (NS-SA-2025-0135)

The remote NewStart CGSL host, running version MAIN 7.02, has sane-backends packages installed that are affected by a vulnerability: - An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the saneiconfigureattach function. NOTE: this is disputed because...

CVE-2025-33077

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system...

CVE-2025-7427

Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio...