Remote code execution

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

CVE-2021-34121

CVE-2021-34121 affects htmodoc 1.9.12, where an Out-of-Bounds condition in parse_tree() (toc.cxx) can leak memory layout information. The connected sources corroborate this flaw and note the issue could be leveraged in a chain to reach code execution. The available documents specify the vulnerabl...

CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

PT-2023-12244 · Htmodoc +3 · Htmodoc +3

Name of the Vulnerable Software and Affected Versions: htmodoc version 1.9.12 Description: An Out of Bounds flaw was discovered in the parse tree function in toc.cxx, which possibly leads to memory layout information leaking in the data. This might be used in a chain of issues to reach code...

CVE-2021-34121

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parsetree in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

CVE-2023-0779

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible...

CVE-2023-0779

Technical details for CVE-2023-0779 are not publicly available in the provided documents; monitor for updates.

CVE-2023-0779 net: shell: Improper input validation

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible...

PT-2023-16521 · Zephyrproject +1 · Zephyr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows for the input of an invalid pointer, which can cause the device to crash. With more knowledge of the device's memory layout, further exploitation is possible...

CVE-2023-23502

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout...

CVE-2023-23502

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout...

CVE-2023-23502

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout...

K10631282: Flip Feng Shui (FFS) vulnerability

Security Advisory Description Flip Feng Shui FFS a new exploitation vector that allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on the following underlying primitives: The ability to induce bit flips in controlled but not predetermined...

SUSE CVE-2020-11105

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::sharedptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::sharedptr variable goes out of scope and is freed, and a new std::sharedptr is allocated at the same...

Apple tvOS 安全漏洞

Apple tvOS is a set of smart TV operating systems from the American company Apple. A security vulnerability exists in Apple tvOS versions prior to 16.3, which stems from an information disclosure issue where an application may be able to determine the kernel memory layout...

`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...

GHSA-C439-CHV8-8G2J `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...

Storage layout collision issue between NounsDAOStorageV1 and NounsDAOStorageV1Adjusted

Lines of code Vulnerability details Impact Since two new variables are added in the contract NounsDAOStorageV1Adjusted at the end of the struct proposal, the memory layout between the NounsDAOStorageV1 and NounsDAOStorageV1Adjusted is colluding. This affects the variable type and values in the...

`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...