Siemens SIMATIC Devices Improper Handling of Structural Elements (CVE-2024-35877)

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VMPAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE or, in fact, all PTEs can be replaced during write faults to point at anon folios. Reliably recovering the correc...

curl: Use of Deprecated strcpy() with User-Controlled Environment Variable in Memory Debug Initialization

Discovery Method Step 1: Initial Security Scan Find all files using dangerous string functions find src/ -name ".c" -exec grep -l "strcpy|strcat|sprintf|gets" ; OUTPUT: src/toolprogress.c src/toolmain.c Step 2: Locate Vulnerable Code in Main.c Find exact strcpy usage in toolmain.c grep -n...

UBUNTU-CVE-2025-38008

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using staticbranchenc/dec and uses that static branch in hot paths to determine if it needs ...

CVE-2025-25467

Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file...

CVE-2025-25467

CVE-2025-25467 affects libx264 (git master). The vulnerability is insufficient tracking and releasing of allocated used memory, enabling arbitrary code execution via a crafted AAC file. CVSSv3.1: 9.8 (CRITICAL), vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Reported across multiple feeds; exact vu...

SUSE CVE-2012-5511

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service crash via a large bitmap image...

SUSE CVE-2014-7154

Race condition in HVMOPtrackdirtyvram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors...

USN-5756-2 linux-gke vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

USN-5756-1 linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

USN-5728-2 linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

USN-5728-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

SUSE-SU-2022:1506-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host bsc1197423. - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which...

JerryScript Git 安全漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript Git version 14ff5bf, which stems from not adequately tracking and freeing allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after a RegExp...

UBUNTU-CVE-2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dirty hypercalls. A suitably timed call to XENDMOPtrackdirtyvram can enable log dirty whil...