EUVD-2026-15391

In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dmamapsg tracepoint arrays to prevent buffer overflow The dmamapsg tracepoint can trigger a perf buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu creating large DRM buffers,...

CVE-2026-23390

CVE-2026-23390 : In the Linux kernel, the tracing/dma subsystem fixes a potential perf buffer overflow in the dma_map_sg tracepoint when handling large scatter-gather lists (e.g., large DRM buffers). The patch caps the three dynamic arrays at 128 entries using min() to prevent excessive allocatio...

IBM Tivoli Monitoring 安全漏洞

IBM Tivoli Monitoring is a suite of enterprise-class monitoring solutions designed to help organizations manage complex IT environments and ensure system availability and performance. A remote code attack vulnerability exists in IBM Tivoli Monitoring. The vulnerability is due to improper validati...

SUSE CVE-2022-49551

In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760register+0x180/0x70c Read of size 20 at addr f1db2e64 by task swapper/0/1...

UBUNTU-CVE-2022-49551

In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760register+0x180/0x70c Read of size 20 at addr f1db2e64 by task swapper/0/1...

Out-of-bounds Write

Overview vyper is a Pythonic Smart Contract Language for the EVM. Affected versions of this package are vulnerable to Out-of-bounds Write through the evaluation of AugAssign statements in conjunction with dynamic array operations. An attacker can cause an out-of-bounds write by manipulating the...

PYSEC-2025-31

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...

Vyper 安全漏洞

Vyper is a Pythonic smart contract language for EVM open sourced by vyperlang. A security vulnerability exists in Vyper that stems from improper boundary checking for dynamic array operations...

abi.encode() function does not support dynamic arrays in Solidity version 0.8.16 or earlier.

Lines of code Vulnerability details Description The bug is in the burnAndCallAxelar function. The function uses the abi.encode function to encode the payload to send to the AxelarGateway contract. However, the abi.encode function was changed in Solidity version 0.8.17 to remove the support for...

Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...