CVE-2026-42882

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

CVE-2026-23361

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dwpcieepraisemsixirq to raise an MSI-X interrupt to the host using a writel, which generates a PCI posted write transaction. There's no completio...

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Ruby on Rails: ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection

A vulnerability was discovered in the ActiveStorage Disk Service component of Ruby on Rails. The vulnerability allowed an attacker to achieve arbitrary file write, read, and delete on the server's filesystem by injecting a malicious blob key. The vulnerability was due to insufficient validation o...

EUVD-2021-19474

Malware in sbrugna...

kernel: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE -lqueued blkcgrstatflush can be run anytime, especially when blkcgroupbiostart is being executed. If WRITE of -lqueued is re-ordered with READ of 'bisc-lnode.next' in the loop...

SUSE CVE-2024-38384

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE -lqueued blkcgrstatflush can be run anytime, especially when blkcgroupbiostart is being executed. If WRITE of -lqueued is re-ordered with READ of 'bisc-lnode.next' in the loop...

DEBIAN-CVE-2024-38384

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE -lqueued blkcgrstatflush can be run anytime, especially when blkcgroupbiostart is being executed. If WRITE of -lqueued is re-ordered with READ of 'bisc-lnode.next' in the loop...

UBUNTU-CVE-2024-26606

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In epoll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDERWRITEREAD without a read buffer...

CVE-2023-24590

CVE-2023-24590 describes a format-string vulnerability in Gallagher Controller 6000’s optional diagnostic web interface. The issue allows write/read access to memory and can crash the device, potentially causing a Denial of Service. Affected are Gallagher Controller 6000 versions 8.60 prior to vC...

CVE-2020-12903

Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service...

CVE-2021-32654

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public...

CVE-2020-11195

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are...

CVE-2017-18552

An issue was discovered in net/rds/afrds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rdsrecvtracklatency...

KLA11398 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Multiple vulnerabilities were found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Out-of-bounds Write/Read vulnerability can be exploited remotely to...

LG G4 - Touchscreen Driver write_log Kernel Read/Write

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=990 The following function and variations on the same code is used to write to files from kernel code in various touchscreen drivers. This copy is from RefCodeCustomerImplementation.c - I'm unsure which copy is actually being used ...

Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Local Privilege Escalation

/ Just a lame binder local root exploit stub. Somewhat messy but whatever. The bug was reported in CVE-2013-6282. Tested on Android 4.2.2 and 4.4. Kernels 3.0.57, 3.4.5 and few more. All up to 3.4.5 unpatched should be vulnerable. You need to customize the addresses so that they match the target...