CVE-2025-12725

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2025-12725

CVE-2025-12725: Out-of-bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137. Connected sources show Chromium-based updates mitigating this via Chromium/Chrome package upgrades (e.g., Chromium 142.0.7444.162 and later) across Fedora and Debian; fixed versions vary by distro. A...

CVE-2025-12725

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

libtiff: Libtiff Write-What-Where

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...

SUSE CVE-2025-12725

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jasper (SUSE-SU-2025:3947-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3947-1 advisory. - Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory...

SUSE-SU-2025:3947-1 Security update for jasper

This update for jasper fixes the following issues: - Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high bsc1247901. - CVE-2025-8836: Added some missing range checking on several coding parameters in the...

CVE-2025-21071

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989856)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989856 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------ cut here...

CVE-2025-20735

CVE-2025-20735 concerns the MediaTek WLAN AP driver. A flaw in the bounds check enables an out-of-bounds write, which could lead to local privilege escalation with User privileges. No user interaction is required. A patch is identified: WCNCR00435349 (Issue MSV-4051).

Siemens SIMATIC Devices Out-of-bounds Write (CVE-2021-4090)

An out-of-bounds OOB memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmvalbmlen-1 in nfsd4decodebitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system...

Delta Electronics ASDA-Soft

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed vfsstreamsxattr uninitialized memory write bsc1251279. CVE-2025-10230: Fixed command Injection in WINS Server Hook Script bsc1251280. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

SUSE-SU-2025:3677-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-9640: Fixed vfsstreamsxattr uninitialized memory write bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS Server Hook Script bsc1251280...

CVE-2025-9640 Samba: vfs_streams_xattr uninitialized memory write possible

A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability...

CVE-2025-55080

In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write...

CVE-2025-55080

The vulnerability CVE-2025-55080 affects Eclipse ThreadX prior to version 6.4.3. Root cause: memory protection enabled, syscall parameter verification is insufficient, enabling an attacker to obtain an arbitrary memory read/write. Affected component: ThreadX RTOS (pre-6.4.3). Impact: arbitrary me...

PT-2025-42235

In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write...

EUVD-2025-34221

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

PT-2025-46654

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Transport Layer Security TLS asynchronous decryption. Specifically, if the tls strp msg hold function fails to allocate a clone of the input...