884 matches found
WordPress Assembly theme <= 1.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Assembly versions = 1.1...
Linux Distros Unpatched Vulnerability : CVE-2022-44368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NASM v2.16 was discovered to contain a null pointer deference in the NASM component CVE-2022-44368 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2018-19842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - getToken in libr/asm/p/asmx86nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service stack-based buffer over-read via crafted x86 assembly...
Linux Distros Unpatched Vulnerability : CVE-2018-19209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netwide Assembler NASM 2.14rc15 has a NULL pointer dereference in the function findlabel in asm/labels.c that will lead to a DoS attack. CVE-2018-19209 Note tha...
Linux Distros Unpatched Vulnerability : CVE-2018-20459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 through 3.1.3, the armassassemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service application crash by...
Linux Distros Unpatched Vulnerability : CVE-2018-20457
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 through 3.1.3, the assemble function inside libr/asm/p/asmarmcs.c allows attackers to cause a denial-of-service application crash via an rnumcalc...
MAL-2025-9786 Malicious code in @zalastax/nolb-_asm (npm)
The package @zalastax/nolb-asm was found to contain malicious code...
CVE-2025-8845
A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemblefile of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be...
Linux Distros Unpatched Vulnerability : CVE-2019-6488
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register f...
Linux Distros Unpatched Vulnerability : CVE-2023-49555
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expandsmacro function in the modules/preprocs/nasm/nasm-pp.c...
Go Assembly Mutation Testing
While maintaining and developing the Go cryptography standard library, we often spend significantly more time on testing than on implementation. That’s good and an important part of how we achieve our excellent security track record. Ideally, this would be especially true for the least safe parts...
firefox: thunderbird: Large branch table could lead to truncated instruction
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: On arm64, a WASM brtable instruction with a large number of entries could lead to the label being too far from the instruction, causing truncation and incorrect computation of th...
UBUNTU-CVE-2025-7396
In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519...
FARFETCH'D: a Side-Channel Analysis Framework for Privacy Applications on Confidential Virtual Machines
Confidential virtual machines CVMs based on trusted execution environments TEEs enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such attacks to developers. However, mitigations are either not gener...
crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec
A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...
Deconstructing Obfuscation: a Four-Dimensional Framework for Evaluating Large Language Models Assembly Code Deobfuscation Capabilities
Large language models LLMs have shown promise in software engineering, yet their effectiveness for binary analysis remains unexplored. We present the first comprehensive evaluation of commercial LLMs for assembly code deobfuscation. Testing seven state-of-the-art models against four obfuscation...
CVE-2023-37613
A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...
CVE-2021-39997
There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access...
CVE-2017-13666
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than...
CVE-2017-7716
The readu32leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted Web Assembly file...