45 matches found
CLSA-2025-1754649018 Fix CVE(s): CVE-2025-1176
SECURITY UPDATE: heap-based Buffer Overflow in ELF ld Component - debian/patches/CVE-2025-1176.patch: prevent illegal memory access when indexing into the symhashes array of the elf bfd cookie structure - CVE-2025-1176...
CVE-2025-14972
Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...
CVE-2025-14972
CVE-2025-14972 affects the SYMCRYPTO engine on SixG301xxx devices, where DPA countermeasures are not sufficiently random, leading to eventual repetition. The vulnerability could impact KSU keys using SYMCRYPTO. The CVSS in the provided data indicates physical attack vector with high complexity an...
CLSA-2025-1760023587 Fix CVE(s): CVE-2025-1176
SECURITY UPDATE: heap-based buffer overflow in function bfdelfgcmarkrsec - debian/patches/CVE-2025-1176.patch: prevent illegal memory access when indexing into the symhashes array of the elf bfd cookie structure - CVE-2025-1176...
CVE-2025-6034
There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open...
CVE-2025-6034 Out of Bounds Read in DefaultFontOptions() in NI Circuit Design Suite
There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions when using SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...
CVE-2025-36855
A vulnerability CVE-2025-21176 https://www.cve.org/CVERecord exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or...
Malicious code in sym-responsive (npm)
The package sym-responsive was found to contain malicious code...
MAL-2025-34322 Malicious code in sym-responsive (npm)
The package sym-responsive was found to contain malicious code...
Heap buffer overflow in virtio_crypto_sym_op_helper()
...
CVE-2024-5102
A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting - repair feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the...
CVE-2024-5102
The CVE-2024-5102 entry concerns Avast Antivirus prior to version 24.2. The issue resides in the Repair feature (Settings → Troubleshooting → Repair), which attempts to delete a file in the current user’s AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can craft a pseudo-symlink a...
qemu security update
15:4.2.1-28.el7 - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller CVE-2023-0330 Thomas Huth Orabug: 35724112 CVE-2023-0330 - kvm: Atomic memslot updates David Hildenbrand Orabug...
qemu security update
15:4.2.1-28.el7 - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller CVE-2023-0330 Thomas Huth Orabug: 35724112 CVE-2023-0330 - kvm: Atomic memslot updates David Hildenbrand Orabug...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.22, 7.0.11 ...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.22...