Lucene search
K

324 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-45203 GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

0.00116EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-45203

The CVE-2026-45203 entry concerns a TOCTOU issue in GPU DDK software used inside a Host VM. CVE records attribute a vulnerability in the rgxfw_hwperf_ufo() path where the command size is re-read after initial validation, enabling improper commands to reach GPU firmware and potentially trigger a m...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 3:26 p.m.5 views

GHSA-84HP-MQVJ-3P8H mcp-memory-service: Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete

Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete Summary All HTTP routes under /api/documents/ in mcp-memory-service are served without any authentication dependency, even when the server is configured with an API key MCPAPIKEY or OAuth. An...

9.8CVSS6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 9:0 a.m.8 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53719

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Insufficient input sanitization in Apple platforms allows an app to reach sensitive kernel code paths. This improper input validation...

7.8CVSS6.5AI score0.00142EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2026/06/12 9:43 p.m.8 views

CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

5.3AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 3:16 p.m.17 views

CVE-2025-10237

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions...

8.4CVSS0.00077EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 9:23 a.m.52 views

CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

0.0053EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/06/09 12:0 a.m.8 views

FreeBSD -- Arm CPU errata may bypass page table permission changes

Problem Description: Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store has be...

9.1CVSS5.4AI score0.0053EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5941

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

7.8CVSS7.1AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 a.m.15 views

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.12 views

CVE-2025-59606

Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 11:14 a.m.15 views

EUVD-2026-33627

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

4.3CVSS5.9AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.17 views

EUVD-2026-32369

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

5.9AI score0.00157EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from excessive memory writes by the Dawn component, which could allow remote attackers to execute excessive memory writes...

4.3CVSS6.2AI score0.00191EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: The existing SPTE is dropped/zapped even when creating an MMIO SPTE. When installing an emulated MMIO SPTE, do so after dropping/zapping the existing SPTE if it’s shadow-present. While the commit a54aa15c6bda3 was...

8.1CVSS5.8AI score0.00184EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in PostgresSQL 11

A flaw was discovered in PostgreSQL versions prior to 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22. When modifying certain SQL array values, missing bounds checks allow authenticated database users to write arbitrary bytes into a wide range of server memory. The greatest threa...

8.8CVSS7.4AI score0.0199EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Xen

A issue was discovered in Xen versions 4.9 through 4.14.x. On the ARM architecture, a guest can control whether memory accesses bypass the cache. This means that Xen needs to ensure that all writes such as those during scrubbing have reached the memory before handing over the page to the guest...

5.5CVSS5.6AI score0.00327EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, NSS

An attacker could create a PKCS 12 certificate bundle in a way that allows arbitrary memory writes through the mishandled Safe Bag attributes of PKCS 12. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS6.8AI score0.00817EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 p.m.12 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

6.8CVSS6.1AI score0.00296EPSS
Exploits1References1
Rows per page
Query Builder