8 matches found
EUVD-2025-29395
Malicious code in bioql PyPI...
GHSA-9GHP-W2HM-VFPF wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`
The unsound function dumpcodeloadrecord uses fromrawparts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dumpcodeloadrecord is actually 'unsafe' since it requires the caller to guarantee that the ad...
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`
The unsound function dumpcodeloadrecord uses fromrawparts to directly convert the pointer addr and len into a slice without any validation and that memory block would be dumped. Thus, the 'safe' function dumpcodeloadrecord is actually 'unsafe' since it requires the caller to guarantee that the ad...
kernel: vp_vdpa: fix id_table array not null terminated error
In the Linux kernel, the following vulnerability has been resolved: vpvdpa: fix idtable array not null terminated error Allocate one extra virtiodeviceid as null terminator, otherwise vdpamgmtdevgetclasses may iterate multiple times and visit undefined memory...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the idtable array in the vpvdpa component not being terminated with a null terminator, causing the...
minissdpd Free Memory Contents Vulnerability
minissdpd is a set of daemons for managing SSDP on Posix systems. A security vulnerability exists in minissdpd version 1.2.20130907-3, which stems from the program failing to properly handle code. An attacker could exploit the vulnerability to free undefined memory contents...
Code injection
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service undefined memory access and system crash or possibly read system memory via multiple crafted packets,...
Remote code execution
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."...