Lucene search
K

2521 matches found

Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.7 views

PT-2025-29948 · Openzeppelin · Openzeppelin Contracts

Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 5.2.0 through 5.3.9 Description: The lastIndexOfbytes,byte,uint256 function within the Bytes.sol library may access uninitialized memory under specific conditions. This occurs when the provided buffer length is...

6.9CVSS6.7AI score0.00334EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/07/15 12:31 a.m.3 views

zlib: Out-of-bound pointer arithmetic in inftrees.c

A vulnerability was discovered in the inftrees.c file of zlib. Pointer arithmetic operations violate the C standard by subtracting an offset from an array pointer before its allocated memory, leading to undefined behavior...

8.8CVSS7.3AI score0.04793EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/07/11 7:57 p.m.8 views

static-alloc vulnerability leads to uninitialized read after allocating MemBump

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various allocmethods would then read and write the start of that memory as a Cell which isundefined behavior. Instead, it should zero initialize the start of the allocated...

6.9AI score
Exploits0References4Affected Software1
RustSec
RustSec
added 2025/07/11 12:0 p.m.6 views

Uninitialized read after allocating MemBump

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...

6.9AI score
Exploits0Affected Software1
OSV
OSV
added 2025/07/11 12:0 p.m.2 views

RUSTSEC-2025-0042 Uninitialized read after allocating MemBump

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...

6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.2 views

PT-2025-30366 · Crates.Io · Static-Alloc

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various allocmethods would then read and write the start of that memory as a Cell which isundefined behavior. Instead, it should zero initialize the start of the allocated...

7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.3 views

PT-2025-30314 · Crates.Io · Static-Alloc

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...

7AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/07/10 11:23 p.m.0 views

SUSE CVE-2025-38277

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

6.6CVSS6.4AI score0.00156EPSS
Exploits0References22
NVD
NVD
added 2025/07/10 8:15 a.m.3 views

CVE-2025-38277

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

5.5CVSS0.00156EPSS
Exploits0References6
CVE
CVE
added 2025/07/10 7:41 a.m.77 views

CVE-2025-38277

CVE-2025-38277 affects the Linux kernel mtd: nand: ecc-mxic code. The bug occurs when ctx->steps is zero: the loop over ECC steps is skipped and ret is left uninitialized, later checked/returned, causing undefined behavior and potential user-space disruption or kernel crashes. The fix initiali...

5.5CVSS6.5AI score0.00156EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/10 7:41 a.m.4 views

CVE-2025-38277 mtd: nand: ecc-mxic: Fix use of uninitialized variable ret

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

5.5CVSS6.3AI score0.00156EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/07/08 12:18 a.m.4 views

zlib: Out-of-bound pointer arithmetic in inftrees.c

A vulnerability was discovered in the inftrees.c file of zlib. Pointer arithmetic operations violate the C standard by subtracting an offset from an array pointer before its allocated memory, leading to undefined behavior...

8.8CVSS7.3AI score0.04793EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.5 views

PT-2025-32998

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-27 ImageMagick versions prior to 7.1.2-1 Description: ImageMagick is a free and open-source software suite for editing and manipulating digital images. A function-type-mismatch exists in the splay tree...

8.8CVSS6.8AI score0.00933EPSS
Exploits4References78
RedhatCVE
RedhatCVE
added 2025/07/06 2:14 p.m.3 views

CVE-2025-38230

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...

7CVSS6.3AI score0.00157EPSS
Exploits0References4
OSV
OSV
added 2025/07/04 1:37 p.m.5 views

CVE-2025-38230 jfs: validate AG parameters in dbMount() to prevent crashes

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...

7.8CVSS7.3AI score0.00157EPSS
Exploits0References13
CVE
CVE
added 2025/07/04 1:37 p.m.82 views

CVE-2025-38230

CVE-2025-38230 concerns the Linux kernel’s JFS subsystem. The issue arises from not validating AG parameters in dbMount(), allowing corrupted metadata to reach dbAllocAG and cause crashes. A UBSAN shift-out-of-bounds occurs in fs/jfs/jfs_dmap.c:1400 during dbAllocAG, as demonstrated by the trace ...

7.8CVSS6.4AI score0.00157EPSS
Exploits0References10Affected Software1
Packet Storm News
Packet Storm News
added 2025/07/04 12:0 a.m.6 views

RVISmith: Fuzzing Compilers for RVV Intrinsics

Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a TOCTOU competition condition leading to undefined behavior...

4.7CVSS6.9AI score0.00101EPSS
Exploits0References4
OSV
OSV
added 2025/06/27 1:16 p.m.3 views

OESA-2025-1692 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one ...

6.5CVSS8.4AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2025/06/27 1:16 p.m.4 views

OESA-2025-1691 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one ...

6.5CVSS8.4AI score0.00372EPSS
Exploits0References2
Rows per page
Query Builder