16 matches found
CVE-2026-6575
Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...
EUVD-2026-30287
Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...
CVE-2026-6575
Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...
PostgreSQL 安全漏洞
PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Prior to PostgreSQL 18.4, there was a security vulnerability...
PT-2026-40925
Name of the Vulnerable Software and Affected Versions PostgreSQL versions 18.0 through 18.3 Description A buffer over-read occurs in the pg restore attribute stats function when it accepts array values of unmatched length. This causes query planning to read past the end of one array, allowing a...
x86: Indirect Target Selection
ISSUE DESCRIPTION Researchers at VU Amsterdam have released Training Solo, detailing several speculative attacks which bypass current protections. One issue, which Intel have named Indirect Target Selection, is a bug in the hardware support for prediction-domain isolation. The mitigation for this...
CVE-2020-10369
Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack...
CVE-2020-10369
Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack...
CVE-2020-10369
CVE-2020-10369 affects Cypress (and Broadcom) Wireless Combo chips. The connected Red Hat, CIRCL, NVD and related feeds describe a memory-content inference vulnerability via a Spectra attack when a January 2021 firmware update is not present. The vulnerability is tied to these wireless combo comp...
CVE-2020-10369
Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack...
Xen: x86: BTC/SRSO Fixes Not Fully Effective (XSA-446)
The fixes for XSA-422 Branch Type Confusion and XSA-434 Speculative Return Stack Overflow are not IRQ-safe as it was believed that the mitigations were always operated in contexts with IRQs disabled. However due to an unanticipated interaction with XSA-254 Meltdown, a race condition exists whereb...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen...
SUSE CVE-2020-10369
Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a "Spectra" attack...
kernel: Speculation on pointer arithmetic against bpf_context pointer
A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. A local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a spectre like flaw where they can infer all...
kernel: Speculation on pointer arithmetic against bpf_context pointer
A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. A local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a spectre like flaw where they can infer all...
Out-of-bound read while computing an oscillator rendering range in Web Audio — Mozilla
Security researcher Holger Fuhrmannek used the Address Sanitizer tool to discover an out-of-bound read while computing an oscillator rendering range in Web Audio. This could allow an attacker to infer the contents of four bytes of memory...