CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

USN-7700-1: GCC vulnerability

It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...

USN-7700-1 gcc-10, gcc-11, gcc-12 vulnerability

It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...

PT-2025-33886 · Unknown · Neurobin Shc

Name of the Vulnerable Software and Affected Versions: neurobin shc versions through 4.0.3 Description: A security flaw has been discovered in the Environment Variable Handler component of neurobin shc. The make function within the src/shc.c file is affected, resulting in operating system command...

Linux Distros Unpatched Vulnerability : CVE-2024-47540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the...

CVE-2025-55214

CVE-2025-55214 (Copier) : A directory traversal vulnerability affects Copier libraries and CLI from version 7.1.0 up to, but not including, 9.9.1. When using a safe template, an attacker could cause files to be written outside the destination path by exploiting the template rendering of a generat...

CVE-2025-55214 Copier safe template has filesystem write access outside destination path

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

Linux Distros Unpatched Vulnerability : CVE-2023-40590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after...

CVE-2025-5047

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5047

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5047

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5047

Autodesk AutoCAD is affected by CVE-2025-5047 due to a vulnerability in parsing DGN files, arising from an uninitialized variable in memory access. The issue can allow crash, data leakage, or arbitrary code execution in the context of the current process. Public sources note this can be exploited...

CVE-2025-5047 DGN File Parsing Uninitialized Variable Vulnerability

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5047 DGN File Parsing Uninitialized Variable Vulnerability

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

OSV-2025-633 UNKNOWN WRITE in _lou_handlePassVariableAction

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438413376 Crash type: UNKNOWN WRITE Crash state: louhandlePassVariableAction passDoAction translateString...

Linux Distros Unpatched Vulnerability : CVE-2019-20908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivarssdt ACPI variable could be use...

PT-2025-33487 · Autodesk · Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can trigger an uninitialized variable issue. A malicious actor can leverage this to cause a crash, read...

Huawei EnzoH-W5611T OS Command Injection Vulnerability

Founded in 1987 and headquartered in Shenzhen, Guangdong Province, China, Huawei is a leading global provider of ICT information and communications technology infrastructure and smart terminals, with operations in more than 170 countries and regions and serving more than 3 billion people worldwid...

Malicious code in variable-name (npm)

The package variable-name was found to contain malicious code...

@mattdesl/quick-stub (>=1.0.0 <=3.0.1), brick (=0.0.0) +15 more potentially affected by unknown CVE via variable-name (>=0.0.1 <=0.0.2)

variable-name NPM version =0.0.1, =1.0.0, =0.0.0, =0.0.0, =0.0.0, =0.1.0, =0.0.0, =1.0.0, =0.0.0, =1.2.0, =7.0.0, =1.0.0, =0.0.0, =1.1.1, =1.0.0, =1.9.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-38145...