GSD-2021-1000012 KVM: VMX: Don't use vcpu->run->internal.ndata as an array index

KVM: VMX: Don't use vcpu-run-internal.ndata as an array index This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

Heap OOB in `QuantizeAndDequantizeV3`

Impact An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV3 input=2.5,2.5, inputmin=0,0, inputmax=1,1, numbits=30, signedinput=False, rangegiven=False, narrowrange=False, axis=3...

CGAL libcgal multiple code execution vulnerabilities in Nef polygon-parsing code

Summary Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigg...

CVE-2020-11223

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

CVE-2020-11223

Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

Qualcomm Multimedia Security Vulnerability

Qualcomm Multimedia is a camera driver component from Qualcomm, Inc. A security vulnerability exists in Qualcomm Multimedia that stems from a failure to check the validity of an array index before copying to the array, resulting in an out-of-bounds in the camera driver...

Design/Logic Flaw

Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Multiple Qualcomm Products Input Validation Error Vulnerability

A Qualcomm chip is a chip from Qualcomm Incorporated USA. It is a way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. An input validation error vulnerability exists in multiple Qualcomm...

Buffer Overflow

Erlang is vulnerable to buffer overflow. An attacker may use a malformed extpattern to indirectly specify an offset that is used as an array index...

CVE-2020-19668

Unverified indexs into the array lead to out of bound access in the gifoutcode function in fromgif.c in libsixel 1.8.6...

CVE-2020-19668

Unverified indexs into the array lead to out of bound access in the gifoutcode function in fromgif.c in libsixel 1.8.6...

CVE-2020-27483

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...

CVE-2020-27485

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...

Design/Logic Flaw

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...

Out-of-bounds

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...

CVE-2020-27483

Garmin Forerunner 235 before 8.20 is affected by an Array index error in the ConnectIQ TVM. The attacker must upload a malicious ConnectIQ application to the ConnectIQ store; the interpreter trusts an offset for the stack value duplication instruction (DUP) that is unchecked, allowing memory befo...

CVE-2020-27483

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...

CVE-2020-27485

Garmin Forerunner 235 (pre-8.20) vulnerability in ConnectIQ TVM: an array index error lets a malicious ConnectIQ app store payload read/write memory outside the TVM context, enabling a use-after-free and constrained read/write primitive across the MAX32630 address space. The issue requires the at...

CVE-2020-27485

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...

freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend alsa, oss, pulse, .... The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot...