4460 matches found
PT-2026-8035
Name of the Vulnerable Software and Affected Versions TON Blockchain versions prior to 2025.06 Description A flaw exists in the TON Virtual Machine TVM within the TON Blockchain. The issue resides in the execution logic of the INMSGPARAM instruction, where the program does not validate if a point...
CVE-2025-70954
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine TVM within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a...
TON 安全漏洞
TON is a blockchain software developed under open source. Versions of TON prior to v2025.04 contained security vulnerabilities. These vulnerabilities stemmed from state pollution in the RUNVM instruction logic, which could lead to corruption of the parent virtual machine’s state...
TON 安全漏洞
TON is a blockchain software developed under open source. Versions of TON prior to v2025.06 contained security vulnerabilities. These vulnerabilities stemmed from empty pointer dereferences in the TON Virtual Machine, which could allow attackers to cause verification nodes to crash through...
CVE-2025-70956
Summary of CVE-2025-70956 (TON TVM) : A State Pollution vulnerability exists in TON’s Virtual Machine (TVM) prior to v2025.04, in RUNVM’s VmState::run_child_vm. The code moves critical resources (libraries and logs) from the parent to a new child VM in a non-atomic fashion. If an Out-of-Gas (OOG)...
CVE-2024-21961
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability...
CVE-2024-21961
CVE-2024-21961: Severity 6.0 (MEDIUM) CVSS v4 shows network vector with attacker in a guest VM who can trigger a denial-of-service on the host via improper restriction of operations within PCIe Link memory buffers. Connected sources (Red Hat, NVD, AMD bulletins) confirm the flaw exists in PCIe Li...
CVE-2024-21961
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability...
CVE-2024-21961
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability...
Verifiable Provenance of Software Artifacts with Zero-Knowledge Compilation
Verifying that a compiled binary originates from its claimed source code is a fundamental security requirement, called source code provenance. Achieving verifiable source code provenance in practice remains challenging. The most popular technique, called reproducible builds, requires difficult...
PT-2026-7945
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability...
CVE-2025-48508
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service...
CVE-2025-48508
CVE-2025-48508 concerns an issue in the GPU GFX Hardware IP block where improper hardware reset flow logic could let a privileged attacker in a guest VM take control of the reset operation, potentially crashing the host or GPU and causing denial of service. The vulnerability is described with a l...
CVE-2025-48508
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service...
nodejs: Nodejs uninitialized memory exposure
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...
ALSA-2026:2378 Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps...
CVE-2026-25533
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...
CVE-2026-1979
CVE-2026-1979 affects mruby up to version 3.4.0. The issue arises in the function mrb_vm_exec within the file src/vm.c of the component described as the JMPNOT-to-JMPIF Optimization . Exploitation can lead to a use-after-free condition and requires local access to the target environment. The vuln...
CVE-2026-24843
melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...
Enclave 安全漏洞
Enclave is a sandbox software developed by AgentFront. Versions of Enclave prior to 2.10.1 contained security vulnerabilities. These vulnerabilities stemmed from the ability for AST cleanup to bypass access by dynamic properties, incorrect object strengthening did not cover special behaviors of t...