CVE-2026-43311

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: pmc: Fix unsafe generichandleirq call Currently, when resuming from system suspend on Tegra platforms, the following warning is observed: WARNING: CPU: 0 PID: 14459 at kernel/irq/irqdesc.c:666 Call trace:...

CVE-2024-35962

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that doreplace handlers use copyfromsockptr which I fixed, followed by unsafe copyfromsockptroffset calls. In all functions, we can perform the @optlen...

GHSA-PMCV-MGCF-RVXG Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

CVE-2022-1018 ICSA-22-088-01 Rockwell Automation ISaGRAF

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of...

RUSTSEC-2021-0121 Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

CVE-2021-33898

Invoice Ninja before 4.4.0 has an unsafe unserialize() call in app/Ninja/Repositories/AccountRepository.php which can let an attacker deserialize arbitrary PHP classes. In certain contexts this may lead to remote code execution. The attack input is tied to http://www.geoplugin.net (plain HTTP), a...

CVE-2021-33898

In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes. In certain contexts, this can result in remote code execution. The attacker's input must be hosted at...

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it...

Missing Null Check

Eclipse OpenJ9 is vulnerable to missing null check vulnerability. This occurs in a part of the component JIT Compiler because the OpenJ9 JIT compiler incorrectly omits a null check on the receiver object of an Unsafe call when accelerating it...

JDK: missing null check when accelerating Unsafe calls

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it...

Eclipse OpenJ9 Input Validation Error Vulnerability

clipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. An input validation error vulnerability exists in Eclipse OpenJ9 version 0.11.0, which arises from a networked system or product that does not properly validate input...

Design/Logic Flaw

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it...

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it...

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it...

Code injection in rope

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

GHSA-R38R-QP28-2M63 Code injection in rope

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

CVE-2014-3539

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

Code injection

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

CVE-2014-3539

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...