2515 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fixed a potential out-of-bounds issue related to read/write operations via C45 clause 45 of the mdiobus interface. When using publicly available tools like ‘mdio-tools’ to read/write data from/to network interfaces v...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
SUSE-SU-2025:01883-1 Security update for libjxl
This update for libjxl fixes the following issues: - CVE-2024-11403: Fix out of bounds memory read/write in libjxl bsc1233768...
Keyoti SearchUnit 安全漏洞
Keyoti SearchUnit is a web search engine from Keyoti Canada. A security vulnerability exists in Keyoti SearchUnit versions prior to 9.0.0, which stems from a server-side request forgery issue that could result in configuration and log files being read or written...
firefox: thunderbird: Out-of-bounds access when optimizing linear sums
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
firefox: thunderbird: Out-of-bounds access when optimizing linear sums
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes...
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
Summary It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC js // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KE...
CVE-2025-20994
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files...
CVE-2025-20995
Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files...
electron{34,35,36} -- Out of bounds read and write in V8
Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2025-5419...
kernel: vsock: Keep the binding until socket destruction
A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...
kernel: vsock: Keep the binding until socket destruction
A flaw was found in the Linux kernel's virtual socket protocol network driver, where an improperly timed socket unbinding could result in a use-after-free issue. This flaw allows an attacker who can create and destroy arbitrary connections on virtual connections to read or modify system memory,...
VulnCheck KEV: CVE-2025-5419
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
The vulnerability of the LockTcmSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the LockTcmSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...
The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a security intruder to read and write arbitrary files and execute arbitrary code.
The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...
The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...
The vulnerability of the UnlockSmtpSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the UnlockSmtpSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...
The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...
The vulnerability of the ImportCertificate method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the ImportCertificate method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...