UBUNTU-CVE-2025-38098

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't treat wb connector as physical in createvalidatestreamforsink Don't try to operate on a drmwbconnector as an amdgpudmconnector. While dereferencing aconnector-base will "work" it's wrong and might lead to...

Malicious code in poseidon-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90aead430e86dd9f204e1a8db7e6adb050c5eeae8a938c3d570991ebac4c8ac4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5608 Malicious code in poseidon-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90aead430e86dd9f204e1a8db7e6adb050c5eeae8a938c3d570991ebac4c8ac4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in validate-rb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7975ebc737a4c604d0d25ee00a187fde74d2442953ec305c57c738ebd4cdedcd The OpenSSF Package Analysis project identified 'validate-rb' @ 1.0.0...

MAL-2025-5294 Malicious code in validate-rb (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7975ebc737a4c604d0d25ee00a187fde74d2442953ec305c57c738ebd4cdedcd The OpenSSF Package Analysis project identified 'validate-rb' @ 1.0.0...

Reliability Analysis of Smart Contract Execution Architectures: a Comparative Simulation Study

The industrial market continuously needs reliable solutions to secure autonomous systems. Especially as these systems become more complex and interconnected, reliable security solutions are becoming increasingly important. One promising solution to tackle this challenge is using smart contracts...

GHSA-GJV3-89HH-9XQ2 RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment

Impact Prior to 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library function will return true for a crafted commitment with a digest value of zero. This violates the semantics of validateCommitment, as this does not commitment to a block that is in the current chain. Because the digest...

kernel: netfilter: nf_tables: prefer nft_chain_validate

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

The vulnerability of the bch2_sb_clean_validate_late() function in the fs/bcachefs/sb-clean.c module of the bcachefs file system support in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bch2sbcleanvalidatelate function in the fs/bcachefs/sb-clean.c module of the bcachefs file system support module in the Linux operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the bearer_name_validate() function in the net/tipc/bearer.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bearernamevalidate function in the net/tipc/bearer.c module of the Linux kernel lies in the copying of buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to compromise the...

UBUNTU-CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not treat wbconnector as a physical device in createvalidatestreamforsink. Do not attempt to operate on drmwbconnector as an amdgpudmconnector. While dereferencing connector-base may “work”, it is incorrect an...

Keeping an Eye on LLM Unlearning: the Hidden Risk and Remedy

Although Large Language Models LLMs have demonstrated impressive capabilities across a wide range of tasks, growing concerns have emerged over the misuse of sensitive, copyrighted, or harmful data during training. To address these concerns, unlearning techniques have been developed to remove the...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the HL1MDLLoader::validateheader function, which doesn't check the file size before trying to access the buffer/header. An attacker can read data outside the intended buffer boundaries by manipulating the input...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the ValidateSurfaceHeader function. An attacker can read data outside the intended buffer boundaries by manipulating the pcSurface2 argument. This is only exploitable if the attacker has local access to the...

DEBIAN-CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

PYSEC-2025-172

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

Assimp 缓冲区错误漏洞

Assimp is an Assimp open source library. It is used to import and export various 3D model formats. A buffer error vulnerability exists in Assimp version 5.4.3, which stems from an out-of-bounds read problem in function HL1MDLLoader::validateheader in file...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-39814

In ppmpvalidatewsm of drmfw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...