17 matches found
EUVD-2018-9795
Malware in sbrugna...
EUVD-2023-35488
Malicious code in bioql PyPI...
CVE-2025-38466
In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...
CVE-2024-36347
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged...
CVE-2025-37822
CVE-2025-37822 resolves a Linux kernel issue in the RISC‑V uprobes path. The root cause was a missing fence.i after constructing the XOL (execute out-of-line) buffer used to single-step replaced instructions, which could lead to execution of stale/broken instructions. The vulnerability was observ...
CVE-2025-37822 riscv: uprobes: Add missing fence.i after building the XOL buffer
In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL execute out-of-line buffer is used to single-step the replaced instructions for uprobes. The RISC-V port was missing a proper fence.i i$ flushing after...
PT-2023-5477 · Schweitzer Engineering Laboratories · Acselerator Quickset
Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software versions through 7.1.3.0 Description: The issue is related to an Inclusion of Functionality from Untrusted Control Sphere vulnerability, which could allow an attacker ...
executing instruction outside code can lead to failing transfer
Handle Omik Vulnerability details Impact in the , is handling transfer and transferfrom, and checking the return value of the transfer and transferfrom, but the checking is happening outside the code, therefore if the transfer successfull it will still return false Proof of Concept 1. deploy this...
CVE-2019-14236
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated by observing CPU registers and the effect of code/instruction execution...
CVE-2019-14237
The CVE concerns NXP Kinetis KV1x, KV3x, and K8x devices where Flash Access Controls (FAC) execute-only protection can be defeated by observing CPU registers and the effects of code execution. The impact is the circumvention of execute-only protection as described; no specific remediation or patc...
CVE-2019-14236
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices, Proprietary Code Read Out Protection PCROP a software IP protection method can be defeated by observing CPU registers and the effect of code/instruction execution...
From ACDSee vulnerability see Trojan intrusion of new ideas-vulnerability warning-the black bar safety net
For ACDSee name, surely you are no stranger. However, recent ACDSee the use of the IDX. apl and IDEACDStd. apl, IDPSP. ap and AMLHA. apl plug-ins in the processing of XBM/XPM/PSP/LHA file buffer overflow vulnerability if a user opens with a long string of XBM/XPM/PSP/LHA file, then it is possible...
Microsoft Internet Explorer cloneNode()和nodeValue()远程内存破坏漏洞
Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理"cloneNode"和"nodeValue"函数存在内存破坏问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 由于不正确使用"cloneNode"和"nodeValue" JavaScript函数,在重复的调用其中某个函数过程中使用特定构建的元素,可导致内存破坏,可能以应用程序进程权限执行任意指令。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 -...
0verkill 0.16 - Game Client Multiple Local Buffer Overflow Vulnerabilities
0verkill 0.16 - Game Client Multiple Local Buffer Overflow Vulnerabilities // source: https://www.securityfocus.com/bid/9550/info // The 0verkill game client has been reported prone to multiple instances of exploitable buffer overrun vulnerabilities. The functions that have been reported to be...
IRCnet IRCD 2.10 - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/8817/info IRCnet IRCD has been reported prone to a buffer overflow vulnerability that may be exploited by local users. This issue may be exploited to crash the affected server. Although unconfirmed, due to the nature of this vulnerability it has been...
Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (2)
Zlib 1.1.4 - Compression Library gzprintf Buffer Overrun 2 // source: https://www.securityfocus.com/bid/6913/info A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf' by an internal Zlib function, an attacker can cause memory to become...
zkfingerd 0.9.1 - say() Format String
zkfingerd 0.9.1 - say Format String // source: https://www.securityfocus.com/bid/6404/info zkfingerd is prone to a format string vulnerability. The affected function does not perform sufficient checks when displaying user-supplied input. It is possible to corrupt memory by passing format strings...