CVE-2021-1889

CVE-2021-1889 refers to a buffer overflow condition due to a missing length check in the Trusted Application component of Qualcomm’s Snapdragon line (Auto, Compute, Connectivity, IoT, Wearables, etc.). The entry is tied to Qualcomm closed‑source components and is rated Critical in the 2021 Androi...

CVE-2021-1888

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2021-1888

CVE-2021-1888 describes a memory corruption issue caused by double freeing the same heap allocation in Qualcomm Snapdragon components (Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Voice & Music, Wearables) during key parsing/import. The root cause is a double free, l...

CVE-2021-1886

CVE-2021-1886 is a memory-corruption vulnerability in Qualcomm closed-source components (notably affecting Snapdragon Auto/Compute/Connectivity and other Snapdragon lines) caused by incorrect handling of pointers during trusted application key import. The issue enables local exploitation with a l...

CVE-2020-11307

Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables...

PT-2021-13689 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue arises from improper handling of responses from firmware, potentially leading to use after free. This affects various Qualcomm Snapdragon products, including Snapdrago...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

Open redirect

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

Eclipse TinyDTLS 加密问题漏洞

Eclipse TinyDTLS is a library for Datagram Transport Layer Security DTLS.Eclipse TinyDTLS is vulnerable to an encryption issue that could be exploited by an attacker to compute a key to decrypt DTLS communications...

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in...

Platform Update: Akamai Boosts Edge Application Power, Expanding Possibilities for Developers

Welcome to the Akamai Platform Update -- two days of new capabilities and innovations across our edge technology and security product portfolios. Today, we look at our edge technology products, which include edge computing, edge delivery CDN, and other complementary products and services that hel...

SUSE SLED15 / SLES15 Security Update : python-py (SUSE-SU-2021:1859-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:1859-1 advisory. - A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cau...

CVE-2021-3039

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...

CVE-2021-3039

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...

Design/Logic Flaw

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...

CVE-2021-3039 Prisma Cloud Compute: User role authorization secret for Console leaked through log file export

An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...

CVE-2021-3039

CVE-2021-3039 affects Palo Alto Networks Prisma Cloud Compute Console. The issue is an information exposure where a secret used to authorize the authenticated user’s role is logged to a debug log file, enabling an authenticated Operator or Auditor with log access to potentially elevate to Adminis...

Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions...

CVE-2020-24475

Improper initialization in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access...