3039 matches found
SUSE CVE-2019-15296
An issue was discovered in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The faadresetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld-buffersize - words4, cast to uint32. If ld-buffersize - words4 is negative, a...
CVE-2025-34071
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...
CVE-2025-34071
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...
CVE-2025-34071 GFI Kerio Control Unsigned System Image Upload Root Code Execution
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...
CVE-2025-34071 GFI Kerio Control Unsigned System Image Upload Root Code Execution
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...
CVE-2025-34071
CVE-2025-34071 affects GFI Kerio Control 9.4.5 where the firmware upgrade feature can be abused to achieve remote code execution. The root cause is an upgrade mechanism that accepts unsigned .img files and does not validate authenticity or integrity, allowing modified upgrades (including scripts ...
PT-2025-27629 · Gfi · Gfi Kerio Control
Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5 Description: A remote code execution issue allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .i...
CVE-2024-36347
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged...
CVE-2022-49964
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it...
UBUNTU-CVE-2022-50036
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fi...
CVE-2022-50036
CVE-2022-50036 affects the Linux kernel component drm/sun4i: dsi. The underflow occurred when computing packet sizes due to subtracting packet overhead with unsigned arithmetic; with a short sync pulse the subtraction could wrap to a large unsigned value. The remediation is a fix that uses signed...
CVE-2022-49964 arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unsigned subtraction and could lead to an underflow...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from arm64 cacheinfo incorrectly assigning signed error values to unsigned fwlevels, which could lead to memory...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/rose: integer overflows can occur when using rosesetsockopt with potentially excessively large arguments, along with additional values being applied to them. To mitigate this issue, perform the following actions as a minimum...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: 9p/net: fixed improper handling of bogus negative read/write responses. In p9clientwrite and p9clientreadonce, if the server incorrectly responds with a success message but a negative write/read count, then we would consider...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed an overflow issue in the bounds check of the dacloffset field. The dacloffset field was originally defined as an int type and was used in an unchecked addition operation. This could lead to an overflow condition,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevention of division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, a division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevention of division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, a division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: printk: Fixed signed integer overflow when defining LOGBUFLENMAX. Shifting 1 31 on a 32-bit integer causes signed integer overflow, leading to undefined behavior. To prevent this, 1 was cast to u32 before the shift operation is...