297 matches found
EUVD-2025-17586
Malicious code in bioql PyPI...
ROS-20250910-05
Vulnerability of the library for working with DICOM DCMTK format is related to dereferencing of the NULL pointer in the /libsrc/dcrleccd.cc component using a created DICOM file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability ...
Buffer Overflow
libtiff.so is vulnerable to Buffer Overflow. The vulnerability is due to unsafe memory manipulation in the setrow function within tools/thumbnail.c, leading to a local buffer overflow...
CVE-2025-53022
TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...
CVE-2025-53022
TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...
CVE-2025-53022
Summary of CVE-2025-53022 (TrustedFirmware-M TLV vulnerability) TrustedFirmware-M (for Arm M profile) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation in the Firmware Upgrade (FWU) module when processing TLV structures for dependent components. If the TLV length exceeds the allocated s...
CVE-2025-53022
TrustedFirmware-M aka Trusted Firmware for M profile Arm CPUs before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade FWU module does not validate the length field of the Type-Length-Value TLV structure for dependen...
The vulnerability of the setparentcontrolinfo() function in Tenda AC6 router software allows a hacker to trigger a service failure.
The vulnerability of the setparentcontrolinfo function in Tenda AC6 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
CVE-2025-21006
Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory...
CVE-2025-21006
CVE-2025-21006 describes an out-of-bounds write in the MPEG-4 macroblock handling of the libsavsvc.so library, affecting some Samsung/Android components prior to Android 15. The underlying issue is a memory corruption risk due to improper handling of macro blocks in the MPEG4 codec, allowing a lo...
CVE-2021-23887
Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting...
CVE-2021-26096
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...
CVE-2020-27485
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...
CVE-2025-2925
A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MMrealloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to th...
CVE-2025-2027
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for...
AZL-59343 CVE-2025-2925 affecting package hdf5 for versions less than 1.14.6-1
A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MMrealloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to th...
CVE-2025-2925
A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MMrealloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to th...
CVE-2025-2027
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for...
CVE-2025-2027
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for...
CVE-2025-2027
A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for...