CVE-2025-12875

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...

CVE-2025-12875

CVE-2025-12875 affects mruby 3.4.0, specifically the ary_fill_exec path in mrbgems/mruby-array-ext/src/array.c. The root cause is a manipulation of argument start/length that can trigger an out-of-bounds write, with a local attack vector and public exploits available. A patch is recorded as commi...

EUVD-2025-38294

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been ma...

OESA-2025-2632 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cacheshow The function cshow was called with protection from RCU. This only ensures that cp will not be freed...

Lexmark Printers Improper Validation of Array Index (CVE-2023-26066)

A PostScript operator that improperly validates the stack has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503906;...

mruby 缓冲区错误漏洞

mruby is a lightweight implementation of the Ruby language open-sourced by makesoftwaresafe. A buffer error vulnerability exists in mruby version 3.4.0, which stems from incorrect manipulation of the start/length parameters of the function aryfillexec in the file...

PT-2025-45500

Name of the Vulnerable Software and Affected Versions mruby version 3.4.0 Description A flaw exists in mruby version 3.4.0 within the ary fill exec function located in the file mrbgems/mruby-array-ext/src/array.c. Manipulation of the start and length arguments can result in an out-of-bounds write...

PT-2025-45465

Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.3.2 Description A flaw exists in DedeBIZ that allows for remote SQL injection. This issue is related to the manipulation of the flags argument within the /admin/spec add.php file. The exploit for this issue has been...

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990613 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for dbmaxag and dbagpref Both dbmaxag and dbagpref are used as the ind...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990396)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990396 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990470)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990470 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990602)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990602 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtreet for...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990521 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geniseclktblget This loop is supposed to break if the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990541)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990541 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of th...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the jsarraybufferslice function. An attacker can access sensitive information or cause application instability by triggering a buffer over-read through crafted input. Remediation A fix was pushed into the...

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

CVE-2025-12745

CVE-2025-12745 affects QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. The vulnerability is in the function js_array_buffer_slice of quickjs.c and causes a buffer over-read. Exploitation is restricted to local execution; the exploit has been publicly disclosed. The CVE description and mul...

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...