PT-2025-38120

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions prior to SOLIDWORKS Desktop 2025 Description A use of uninitialized variable issue exists in the JT file reading procedure within SOLIDWORKS eDrawings. This could allow an attacker to execute arbitrary code by...

DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error

We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error figures 9.1 and 9.2. This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug. golang...

SUSE CVE-2025-39817

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190 asanloadN+0x1c/0x28 memcmp+0x98/0xd0...

CVE-2025-36244 IBM AIX privilege escalation

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables...

CVE-2025-39817

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190 asanloadN+0x1c/0x28 memcmp+0x98/0xd0...

PT-2025-37994

Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.2 through 7.3 IBM VIOS versions 3.1 through 4.1 Description: IBM AIX and VIOS, when configured to use Kerberos network authentication, may allow a local user to gain root privileges by writing to files on the system due to...

CVE-2022-50270

This CVE (CVE-2022-50270) affects the Linux kernel f2fs component. The root cause was a faulty iocb assignment in the f2fs_direct_IO_enter trace event: the code only copied the pointer of iocb and then accessed its field during trace printing, which could lead to a kernel paging fault. The fixes ...

Apple macOS 安全漏洞

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

CVE-2024-45432

OpenSynergy BlueSDK aka Blue SDK through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpected behavior or obtain sensitive informatio...

CVE-2024-45432

OpenSynergy BlueSDK aka Blue SDK through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpected behavior or obtain sensitive informatio...

OpenSynergy BlueSDK 安全漏洞

OpenSynergy BlueSDK is a Bluetooth stack from the German company OpenSynergy. A security vulnerability exists in OpenSynergy BlueSDK 6.x and earlier versions, which stems from the use of the wrong variable as a function parameter in the BlueSDK Bluetooth stack, and could lead to unexpected behavi...

Erlang/OTP (Erlang OTP) Httpd CGI Scripts Environment Variable Pollution Vulnerability (Sep 2025, httpoxy) - Linux

Erlang/OTP Erlang OTP is prone to a Httpd CGI scripts environment variable pollution vulnerability in the inets component dubbed SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Erlang/OTP (Erlang OTP) Httpd CGI Scripts Environment Variable Pollution Vulnerability (Sep 2025, httpoxy) - Windows

Erlang/OTP Erlang OTP is prone to a Httpd CGI scripts environment variable pollution vulnerability in the inets component dubbed SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Linux Distros Unpatched Vulnerability : CVE-2017-17535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow...

Linux Distros Unpatched Vulnerability : CVE-2016-3922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain...

Linux Distros Unpatched Vulnerability : CVE-2024-28852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the...

Linux Distros Unpatched Vulnerability : CVE-2017-17534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote...

Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core (Versions 0.1–1.3.14, 1.4.0–1.5.12) through Malicious Configuration or Environment Variable Injection affects watsonx.data

Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

TinyEnv 安全漏洞

TinyEnv is an environment variable loader for Dat Duy Personal Developer. A security vulnerability exists in TinyEnv versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, which stems from a checking deficiency in the .env file that could lead to unsafe default configurations...

CVE-2023-31326

Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment TEE driver, potentially leading to loss of confidentiality...