23 matches found
CVE-2025-40288 drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms and other scenarios with uninitialized VRAM managers triggered a NULL pointer dereference in ttmresourcemanagerusage. The root cause...
EUVD-2025-175340
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...
[SECURITY] Fedora 43 Update: rust-get-size2-0.7.1-1.fc43
Determine the size in bytes an object occupies inside RAM...
EUVD-2018-6545
Malware in sbrugna...
EUVD-2018-12599
Malware in sbrugna...
Citrix Virtual Apps and Desktops - Citrix.Monitor.exe memory leak
Citrix.Monitor.exe is gradually taking up ram memory on the Delivery Controller. Number of threads increases every day 200+. Memory usage is very high 1GB+. Process memory dump shows a lot of threads with ‘SendMessagesToPendo’ on the call stack...
[SECURITY] Fedora 41 Update: perl-App-cpanminus-1.7047-5.fc41
Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM...
Fedora: Security Advisory (FEDORA-2023-82cbe8eb50)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux 5.6 io_uring Cred Refcount Overflow Exploit
Linux versions 5.6 and above appear to suffer from a cred refcount overflow when handling approximately 39 gigabytes of memory usage via iouring. Linux =5.6: cred refcount overflow at 39 GiB memory usage via iouring see also my related prior bug reports about overflowing refcounts with lots of RA...
Fedora 39 : mlpack (2023-82cbe8eb50)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-82cbe8eb50 advisory. Attempt to reduce RAM usage on ppc64le. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1693-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1693-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart...
[SECURITY] Fedora 35 Update: perl-App-cpanminus-1.7045-1.fc35
Why? It's dependency free, requires zero configuration, and stands alone but it's maintainable and extensible with plug-ins and friendly to shell scripting. When running, it requires only 10 MB of RAM...
Juumla - Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla!
Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files. Installing / Getting started A quick guide of how to install and use Juumla. 1. Clone the repository - git clone https://github.com/oppsec/juumla.git 2. Install the libraries - pip3...
Vulnerability Spotlight: Multiple vulnerabilities in NZXT computer monitoring software
Carl Hurd of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. NZXT’s CAM computer monitoring software contains multiple vulnerabilities an attacker could use to carry out a range of malicious actions. CAM provides users information on their machines, such as fan speeds, temperature...
Researchers Warn of Critical Flaw Affecting Industrial Automation Systems
A critical vulnerability uncovered in Real-Time Automation's RTA 499ES EtherNet/IP ENIP stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "standard for factory floor I/...
Slack: Possibility to freeze/crash the host system of all Slack Desktop users easily
Hello, I report here what I suspect to be a critical issue for all your users using the Slack Desktop app. Please find below my research way and the corresponding POC result: First, I started by exploring the content of the file app.asar of the Slack Dresktop application. I was firstly attrackted...
IMPORTANT: Web blocking / RAM usage announcement
On January 27, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it. For...
Malicious Cryptocurrency Mining tool turns Computers into Zcash Mining Machines
Since its launch over a month ago, new virtual currency Zcash ZEC has become a significant way for cybercrooks to make money by infecting computers with software mining program. Launched in late October, Zcash ZEC is a new cryptocurrency currency that claims to be more anonymous than Bitcoin, as...
FreshFTP 5.52 - .qfl Crash (PoC)
FreshFTP 5.52 - .qfl Crash PoC Exploit Title: FreshFTP .QFL Local DOSWhile Parsing. Date: 9/15/2015 Exploit Author: UnN0n Software Vendor : http://www.freshwebmaster.com/ Software Link: http://www.freshwebmaster.com/download.html Version: 5.52 Tested on: Windows 7 x8632 BIT Steps to Produce the...
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1654-1)
This MozillaThunderbird update fixes several security and non security issues : Changes in MozillaThunderbird : - update to Thunderbird 31.3.0 bnc908009 - MFSA 2014-83/CVE-2014-1587 Miscellaneous memory safety hazards - MFSA 2014-85/CVE-2014-1590 bmo1087633 XMLHttpRequest crashes with some input...