vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox boundary violations. During...

CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58144

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

DEBIAN-CVE-2025-58145

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

CVE-2025-58145

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

ALPINE-CVE-2025-58145

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

CVE-2025-58144

CVE-2025-58144 affects the Xen hypervisor; a vulnerability in mapping pages from other domains can cause a NULL pointer dereference, potentially on a release build. The record also notes a related issue (CVE-2025-58145) about the P2M lock and domain boundary integrity, but the provided documents ...

CVE-2025-58144

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

SUSE CVE-2025-58145

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL...

The vulnerability of the Adobe Framemaker desktop publishing system arises from the possibility of an operation going beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the Adobe Framemaker desktop publishing system lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the ModeSupportAndSystemConfiguration() function in the driver drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c of the Linux operating system allows a attacker to compromise the integrity and accessibility of the protected information.

The vulnerability of the ModeSupportAndSystemConfiguration function in the drivers/gpu/drm/amd/display/dc/dml/displaymodevba.c kernel of the Linux operating system is related to the occurrence of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an...

The vulnerability of the FTP server PMan FTP Server arises from the possibility of operations occurring outside the buffer in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries during the processing of the mdir parameter. Exploitation of this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

Securing Agentic AI: a Comprehensive Threat Model and Mitigation Framework for Generative AI Agents

As generative AI GenAI agents become more common in enterprise settings, they introduce security challenges that differ significantly from those posed by traditional systems. These agents are not just LLMs; they reason, remember, and act, often with minimal human oversight. This paper introduces ...

The vulnerability of the Adobe XMP-Toolkit-SDK software, related to the execution of operations beyond the buffer boundaries in memory, allows attackers to circumvent the ASLR protection mechanism and gain unauthorized access to protected information.

The vulnerability of the Adobe XMP-Toolkit-SDK lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected information...

The vulnerability of Adobe After Effects’ video and dynamic image editing software arises from operations that go beyond buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to the execution of operations beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created file...

The vulnerability of the cs_dsp_dbg() function (located in the drivers/firmware/cirrus/cs_dsp.c file of the Linux kernel) allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the csdspdbg function located in the drivers/firmware/cirrus/csdsp.c file of the Linux kernel is related to the occurrence of operations outside the buffer boundaries in memory when processing the wmfw header. Exploitation of this vulnerability could allow an attacker to...

The vulnerability in the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory, allowing an attacker to circumvent the ASLR protection mechanism.

The vulnerability of the Adobe Media Encoder application relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass the ASLR protection mechanism by using a specially created malicious file...

The vulnerability of the kmem_cachedestroy function in the lib/listdebug.c library of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the kmemcachedestroy function in the lib/listdebug.c library of the Linux operating system’s kernel is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the RedisGraph graph database, related to the execution of operations outside the buffer boundaries in memory, allows a attacker to execute arbitrary code.

The vulnerability of the RedisGraph graph database is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the loop_rw_iter function (fs/io_uring.c) in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the looprwiter function fs/iouring.c in the operating system’s kernel is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...