CVE-2025-58423

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

CVE-2025-11207

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11207

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11207

CVE-2025-11207 affects Google Chrome/Chromium prior to 141.0.7390.54. A side-channel information leakage in Storage allows a remote attacker to perform arbitrary read/write via a crafted HTML page. CVSSv3.1 base score 6.5 (Network exploit, LOW complexity, No privileges, No user interaction, Confi...

CVE-2025-11207

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11207

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-11207

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-31133

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990471 advisory. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix GICRCTLR.RWP polling It turns out that our polling of RWP is totally wrong wh...

CVE-2025-55108 BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution

The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...

PT-2025-45096

Name of the Vulnerable Software and Affected Versions BMC Control-M/Agent affected versions not specified Description The Control-M/Agent is susceptible to unauthenticated remote code execution, arbitrary file read and write, and other unauthorized actions when mutual SSL/TLS authentication is no...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988716)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988716 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst null pointer dereference This patch fixes a tunneldst null point...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989111)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989111 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffermutex and mmaplock syzbot caught a potential...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989884)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989884 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtlaccesslock to be a rwsemaphore The dtlaccesslock needs to be a rwsempahor...

CVE-2025-47357

CVE-2025-47357 describes an information-disclosure vulnerability in Qualcomm chipsets where a user-level driver can perform QFPROM read or write operations on fuse regions. The root cause is consistently described as an access-control/authorization issue that allows local (user-level) operations ...

PT-2025-44926

Name of the Vulnerable Software and Affected Versions versions prior to November 4, 2025 Description An information disclosure issue exists when a user-level driver performs QFPROM read or write operations on Fuse regions. The issue involves missing authentication for a critical function in SMSS...

Qualcomm Chipsets 访问控制错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An access control error vulnerability exists in Qualcomm Chipsets that originates when a user-level driver performs a QFPROM read or write operation, which could result in information disclosure...

CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

SUSE CVE-2025-12428

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...