11 matches found
CVE-2025-58151
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
CVE-2025-58151
CVE-2025-58151 affects varstored, a Xen/Xapi component that handles UEFI variables and maps guest memory to OVMF. The vulnerability arises from TOCTOU due to insufficient compiler barriers in the shared buffer, with exploitation depending on compiler-generated code, and the attacker potentially c...
PT-2026-52945
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the hvc iucv tty driver. The issue occurs when the hvc iucv devices counter equals 8, which is the maximum value defined by MAX HVC IUCV LINES. Due to an...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an oversight in the SCO backup settings table index in the btusb driver. This oversight may lead to...
Samsung S24 MP3 Decoder Out-Of-Bounds Read
There is an out-of-bounds read in the MP3 decoder in the Samsung S24. The function smp123djointstereov1 indexes into several tables for decoding, and does not check that the index is valid, allowing the tables to be read out of bounds. It may be possible to use this bug to bypass ASLR, as loading...
PT-2024-38947 · Sweetcms · Sweetcms
Name of the Vulnerable Software and Affected Versions: master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f Description: A critical issue affects the unknown code of the file /table/index, leading to sql injection. The attack can be initiated remotely. This issue is declared as...
Sweet-CMS SQL注入漏洞
Sweet-CMS is a high performance backend management system built on a powerful technology stack of Gin, GORM, Redis, Casbin, Viper, etc. by master-nan individual developer. Sweet-CMS 5f441e022b8876f07cde709c77b5be6d2f262e3f and prior versions suffer from a SQL injection vulnerability that originat...
elfutils 'ebl_dynamic_tag_name' function buffer overflow vulnerability
elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A buffer overflow vulnerability exists in the 'ebldynamictagname' function of the libebl/ebldynamictagname.c file in elfutils version 0.170, which stems from the program's lack of support for...
elfintils 'check_symtab_shndx' function denial of service vulnerability
elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the 'checksymtabshndx' function of the elflint.c file in elfutils version 0.168. A remote attacker can exploit this vulnerability to cause a denial of...
security flaw
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...
CVE-2005-3627
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...