Aggregator

A vulnerability classified as critical has been found in Google Android. Affected is the function kbd_keycode of the file keyboard.c. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2020-0431. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Oracle MySQL Server up to 8.0.25. It has been declared as critical. This vulnerability affects unknown code of the component Optimizer. The manipulation leads to denial of service. This vulnerability was named CVE-2021-2427. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.25/5.16.11. This affects the function num_channels of the component tsc2046. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-48927. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.103/6.1.20/6.2.7. Affected is the function do_req_filebacked of the component loop. The manipulation leads to use after free. This vulnerability is traded as CVE-2023-53111. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.11. This issue affects the function qib_user_sdma_queue_pkts of the component qib. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2021-47104. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Диета с бромидом едва не стоила мужчине жизни.

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. This vulnerability was named CVE-2025-8796. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Intel Ethernet 700 Series Controller up to 2.8.42. It has been rated as problematic. Affected by this issue is some unknown functionality of the component i40e Driver. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2019-0149. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.0.7. Affected is the function remove of the component pmem. The manipulation leads to memory leak. This vulnerability is traded as CVE-2022-49896. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GNU screen. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component File Existence Test Handler. The manipulation leads to information exposure through error message. This vulnerability is known as CVE-2025-46804. Local access is required to approach this attack. There is no exploit available.

手机已经成为日常生活的一部分，储存了大量敏感信息，但我们如何确保手机安全可靠？Google 的 Android 系统提供了开源版本 AOSP，而 Android 本身并未以安全为重心设计的，但基于开源系统，社区发行版如 GrapheneOS 对 Android 进行了加固。GrapheneOS 始于 CopperheadOS 项目，它的两位创始人因分歧而分道扬镳，其中之一的 Daniel Micay 创建了独立的项目 GrapheneOS。它旨在加强安全，并没有优先考虑支持更多设备，它支持的设备类型非常有限，仅限于 Google Pixel 6 到 Pixel 9，新的 Pixel 设备使用了新的 ARMv9 CPU 核心，支持如硬件内存标记（memory tagging）等安全功能。GrapheneOS 默认使用硬件内存标记保护操作系统和用户安装的兼容应用免遭攻击。它没有预装原版 Android 提供的大量开箱即用的应用，没有 Google Play store，而是提供了自己的浏览器、相机应用、PDF 阅读器以及总共只有 13 款应用的应用商店。浏览器是 Chromium 分支 Vanadium，启用了严格的网站隔离，它并不推荐 Firefox，认为它容易受到攻击，用户可选择安装的一个浏览器是 IronFox——Firefox 加固版。

A vulnerability was found in Linux Kernel up to 5.4.1. It has been declared as critical. This vulnerability affects the function __ext4_expand_extra_isize/ext4_xattr_set_entry of the file fs/ext4/inode.c. The manipulation leads to use after free. This vulnerability was named CVE-2019-19767. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in LuaJIT up to 2.1. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-25177. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 6.1.21/6.2.8. It has been declared as critical. This vulnerability affects unknown code of the component thunderbolt. The manipulation leads to memory leak. This vulnerability was named CVE-2023-53050. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 91.9. It has been classified as problematic. This affects an unknown part of the component allowCredential Entry Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2022-31742. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.3. This issue affects the function binder_release_work. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-56554. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 100. Affected by this vulnerability is an unknown functionality of the component allowCredential Entry Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2022-31742. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in KDE ark and classified as critical. Affected by this vulnerability is an unknown functionality of the file kerfuffle/jobs.cpp of the component Extraction Handler. The manipulation with the input ../ leads to path traversal. This vulnerability is known as CVE-2020-16116. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.13.3/6.14-rc2. It has been rated as critical. This issue affects the function cancel_delayed_work_sync. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21797. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 101. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2022-34484. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.