MAL-2026-4530 Malicious code in cloudsmith-vsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b49ad4432747f754181e7a8428aff5fd2613f9d86283f05a04c2dd1f9ac2f2f package.json declares a preinstall hook "preinstall": "node index.js" that runs automatically on npm install. index.js reads installer-side system...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab "Bluetooth: hciqca: Fix driver shutdown on closed serdev" will cause below regression issue: BT can't be enabled after below steps: col...

DEBIAN-CVE-2025-39711

In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing meicldevdisable calls Both the ACE and CSI driver are missing a meicldevdisable call in their remove function. This causes the meicl client to stay part of the meidevice-filelist...

UBUNTU-CVE-2025-39711

In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing meicldevdisable calls Both the ACE and CSI driver are missing a meicldevdisable call in their remove function. This causes the meicl client to stay part of the meidevice-filelist...

Linux Distros Unpatched Vulnerability : CVE-2025-37816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen...

CVE-2025-34123

A stack-based buffer overflow affecting VideoCharge Studio 2.12.3.685 is triggered while parsing a specially crafted .VSC configuration file. The root cause is improper handling of user-supplied data in the XML Name attribute, causing an SEH overwrite. This can allow arbitrary code execution unde...

CVE-2025-34123 VideoCharge Studio 2.12.3.685 SEH Buffer Overflow via .VSC File

A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...

DEBIAN-CVE-2025-37816

In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...

UBUNTU-CVE-2025-37816

In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...

PT-2025-20345

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel. The issue is related to the use of the counted by function in the vsc-tp.c code, which is using the counted bylen attribute on vsc ...

SUSE CVE-2024-42137

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab "Bluetooth: hciqca: Fix driver shutdown on closed serdev" will cause below regression issue: BT can't be enabled after below steps: col...

MAL-2024-11748 Malicious code in vsc-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2ec1c70e372eda0ea5a9836df505e286be87f7259eb91e6b3d2fb81928dbcba Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-11747 Malicious code in vsc-accountpage-clients (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a944a63a10d8227a08f1e886092063f618336d89a3dfe4600908830fa199b77 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in vsc-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2ec1c70e372eda0ea5a9836df505e286be87f7259eb91e6b3d2fb81928dbcba Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

unstake() function: The unstake function permits the unstaking of multiple position NFTs from the same liquidity pool (LP) by the same lender. This opens the possibility for a lender to claim more Ajna token rewards than they are entitled to by staking and unstaking multiple NFTs associated with the same LP.

Lines of code Vulnerability details Impact The absence of a mechanism to prevent a lender from unstaking multiple NFTs for the same liquidity pool LP could potentially lead to the exploitation of the Ajna token reward system. A lender can mint, stake, and unstake multiple NFTs for the same LP fro...

SUSE CVE-2011-4111

Buffer overflow in the ccidcardvscardhandlemessage function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted VSCATR message...

Code injection

NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...

VideoCharge Studio Buffer Overflow (SEH)

This module exploits a stack based buffer overflow in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of VideoCharge Studio to open a maliciou...

VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)

No description provided by source. !/usr/bin/python Exploit Title: VideoCharge Studio SEH Buffer Overflow Date found: 27.10.2013 Exploit Author: metacom URL: http://www.videocharge.com/download.php Software Link: www.videocharge.com/download/VideoChargeStudioInstall.exe Version: 2.12.3.685 Tested...