PT-2025-4284 · Oracle · Peoplesoft Enterprise Cc Common Application Objects

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise CC Common Application Objects version 9.2 Description: This issue allows an attacker with reduced privileges and network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attac...

PT-2025-19367 · Git +1 · Assimp

Name of the Vulnerable Software and Affected Versions: Assimp affected versions not specified Description: The software is susceptible to a heap-buffer-overflow READ issue. This occurs during the WriteObjects function within the Assimp::FBXExporter class, which is called by ExportBinary and...

CVE-2025-0060

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged...

PT-2025-3267

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.3.8 through 1.8.2 Description The issue concerns an authorization bypass in OpenFGA under specific conditions, including calling Check API or ListObjects with a model that uses conditions, and OpenFGA being configured with...

The vulnerability of the software platform for monitoring and managing IT infrastructure—Operations Bridge Manager (OBM)—is related to incorrect restrictions on XML links to external objects. This allows a malicious actor to gain unauthorized access to confidential information.

The vulnerability of the software platform for monitoring and managing IT infrastructure, Operations Bridge Manager OBM, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized...

PT-2025-4607 · Splunk · Splunk App For Soar

Name of the Vulnerable Software and Affected Versions: Splunk App for SOAR versions 1.0.67 and lower Description: The issue is related to improper access control. In the affected versions of the Splunk App for SOAR, the documentation recommended adding the admin all objects capability to the splu...

Exploit for Out-of-bounds Read in Microsoft

CVE-2024-49113-Checker Script to test whether your environment...

PT-2025-37978

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc2-g6f713187ac98 Description The Linux kernel contains a flaw within the hfcpci module related to timer management. Specifically, unloading the module with CONFIG DEBUG OBJECTS TIMERS enabled can lead to ...

CVE-2024-56678 powerpc/mm/fault: Fix kfence page fault reporting

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copyfromkernelnofault can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copyfromkernelnofault can cause page...

CVE-2024-56644

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6negativeadvice when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must ...

CVE-2024-56644

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6negativeadvice when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must ...

CVE-2024-56626 ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbdvfsstreamwrite An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs...

CVE-2024-56626

CVE-2024-56626 is a Linux kernel issue in the ksmbd_vfs_stream_write path. An offset supplied by the client can be negative when the ksmbd.conf setting 'vfs objects = streams_xattr' is used, enabling an out-of-bounds write to the allocated buffer. The vulnerability description notes the condition...

CVE-2024-56627 ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbdvfsstreamread An offset from client could be a negative value, It could lead to an out-of-bounds read from the streambuf. Note that this issue is coming when setting 'vfs objects = streamsxat...

Threat landscape for industrial automation systems in Q3 2024

Statistics across all threats In the third quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp to 22% when compared to the previous quarter. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024 Compared...

CVE-2024-51540

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete...

Dell ECS 输入验证错误漏洞

Dell ECS Elastic Cloud Storage is an enterprise-class cloud-scale object storage platform from Dell Technologies. A buffer overflow vulnerability exists in Dell ECS. The vulnerability is due to an arithmetic overflow in the ECS's retention period processing. An attacker could exploit the...

The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) lies in the use of pointers after memory release, allowing an attacker to execute arbitrary code.

The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to the use of pointers after memory release during the processing of Doc objects in AcroForms. Exploiting this...

DEBIAN-CVE-2024-53163

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat420xx - fix off by one in uofgetname This is called from uofgetname420xx where "numobjs" is the ARRAYSIZE of fwobjs. The needs to be = to prevent an out of bounds access...

Deserialization Of Untrusted Data

Drupal Core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization of untrusted data, allows an attacker to inject malicious objects, which can be exploited through the gadget chain to achieve remote code execution...