297 matches found
CVE-2025-2027
The CVE-2025-2027 entry describes a double-free vulnerability in the ASUS System Analysis service triggered by specially crafted local RPC requests, potentially causing a service crash and, in rare cases, memory manipulation. Affected component is the local RPC handling within the ASUS System Ana...
ASUS System Control Interface 安全漏洞
ASUS System Control Interface is a computer system control interface from Asus China. A security vulnerability exists in ASUS System Control Interface that originates from a double release triggered when sending a specially crafted local RPC request, which could lead to a service crash and memory...
kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
A vulnerability was found in the Linux kernel's USB Audio driver. This flaw allows an attacker with physical access to the system to use a malicious USB device to gain additional access. This is possible by manipulating system memory, potentially escalating privileges, or executing arbitrary code...
CVE-2024-12650
An attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application but it does not affected other applications...
CVE-2024-12650
CVE-2024-12650 affects WAGO libwagosnmp. A low-privilege attacker can manipulate the requested memory size, causing the application to access an invalid memory area and potentially crash the affected application only; other applications are not affected. The provided documents do not specify expl...
The vulnerability of the Linux operating system’s kernel tracing component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s kernel tracing component is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
Google Chrome Security Update (stable-channel-update-for-desktop-2025-01) - Mac OS X
Google Chrome is prone to a type confusion vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...
Google Chrome Security Update (stable-channel-update-for-desktop-2025-01) - Linux
Google Chrome is prone to a type confusion vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...
Google Chrome Security Update (stable-channel-update-for-desktop-2025-01) - Windows
Google Chrome is prone to a type confusion vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...
CVE-2024-52990
Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite 'Buffer Underflow' vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to manipulate memory in such a way that they could execu...
VulnCheck KEV: CVE-2024-53197
Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code...
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
cve-2024-21762-poc CVE-2024-21762 is a critical vulnerability...
CVE-2024-50396 QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QT...
Fortinet Fortigate Debug commands allow memory manipulation (FG-IR-21-091)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-091 advisory. - A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute...
Consensus Attack
github.com/ethereum/go-ethereum is vulnerable to a Consensus Attack. The vulnerability is due to Geth's pre-compiled dataCopy contract performing a shallow copy on invocation, which allows an attacker to manipulate Ethereum Virtual Machine EVM memory and cause a consensus mismatch between nodes...
ChatGPT macOS Flaw Could've Enabled Long-Term Spyware via Memory Function
A now-patched security vulnerability in OpenAI's ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence AI tool's memory. The technique, dubbed SpAIware, could be abused to facilitate "continuous data exfiltration of...
Use After Free in MicroPython
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...
CVE-2024-8947 MicroPython objarray.c use after free
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...
Linux Kernel 5.6.13 Use-After-Free Exploit
Proof of concept exploit that uses a use-after-free vulnerability due to a race condition in MIDI devices in Linux Kernel version 5.6.13. // gcc -o exploit exploit.c -masm=intel -static -s -lpthread define GNUSOURCE include include include include include include include include include include...
CVE-2024-37022
Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code...