CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

CVE-2026-0438

CVE-2026-0438 describes a vulnerability in System Management Mode (SMM) handling on AMD platforms where an SMM handler could call out to code in non-SMM/untrusted memory. An attacker with high privileges, physical access, and active user interaction, under high complexity and given preconditions,...

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

EUVD-2026-30496

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

PT-2026-41234

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

EUVD-2021-9693

Malicious code in bioql PyPI...

EUVD-2024-2664

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-45450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psaciphergenerateiv and psacipherencrypt allow policy bypass or oracle-based decryption when the output buffer i...

CVE-2020-8937

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to encuntrustedcreatewaitqueue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write...

CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

CVE-2024-43410 Russh has an OOM Denial of Service due to allocation of untrusted amount

Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length,...

Russh 安全漏洞

Russh is a Rust SSH client and server-side library from the individual developers at Eugene. A security vulnerability exists in Russh that stems from allocating an untrusted amount of memory...

SUSE CVE-2021-45450

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psaciphergenerateiv and psacipherencrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

PT-2021-24239 · Mbed Tls +1 · Mbed Tls +1

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 3.1.0 Description: The issue allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application, specifically through the psa aead generate nonce...

Google Asylo 安全漏洞

Google Asylo is a framework for the development of trusted applications from Google USA. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in asylo, which stems from the fact that an attacker...

Kernel: speculative bounds check bypass store

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an...