Lucene search
K

480 matches found

CNNVD
CNNVD
added 2021/11/18 12:0 a.m.3 views

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek Mediatek. A security vulnerability exists in MediaTek chips that stems from a possible read out-of-bounds due to a heap buffer overflow in the asf extractor. This could result in the disclosure of local...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/18 12:0 a.m.6 views

MediaTek 芯片 缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek Mediatek. A security vulnerability exists in MediaTek chips that stems from a possible read out-of-bounds due to a heap buffer overflow in the asf extractor. This could result in the disclosure of local...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/18 12:0 a.m.4 views

MediaTek 芯片输入验证错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek Mediatek. A security vulnerability exists in MediaTek chips that stems from a possible read out-of-bounds due to a heap buffer overflow in the asf extractor. This could result in the disclosure of local...

5.5CVSS6.2AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2021/10/25 2:15 p.m.1 views

UBUNTU-CVE-2021-0938

In memzeroexplicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5.9AI score0.0015EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/25 12:0 a.m.5 views

MediaTek flv extractor 缓冲区错误漏洞

MediaTek flv extractor is a chipset from Mediatek, a Chinese company. MediaTek flv extractor suffers from a buffer error vulnerability that stems from a lack of bounds checking, which could result in an out-of-bounds read. This could lead to the disclosure of local information without additional...

5.5CVSS6.1AI score0.00112EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.5 views

Mediatek 芯片 安全漏洞

Mediatek chips are smartphone chipsets from China's MediaTek Mediatek. A security vulnerability exists in the Mediatek chip, which originates in the memory management driver and could lead to information disclosure due to a loss of boundary checks. This could result in the disclosure of local...

5.5CVSS6AI score0.00112EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/08/19 7:17 a.m.3 views

jersey: Local information disclosure via system temporary directory

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are...

6.2CVSS7.1AI score0.00905EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2021/08/17 6:28 p.m.1 views

CVE-2021-0584

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

5.8AI score0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.6 views

HPE OneView Global Dashboard和HPE OneView 安全漏洞

HPE OneView Global Dashboard OVGD and HPE OneView are both products of Hewlett Packard Enterprise hpe. hpe OneView Global Dashboard is a suite of dashboard solutions. hpe OneView is software that facilitates automated device management for IT departments. A security vulnerability exists in HPE...

5.5CVSS5.7AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2021/06/22 12:15 p.m.2 views

CVE-2021-0541

In phNxpNciHalextprocessnfcinitrsp of phNxpNciHalext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product:...

4.4CVSS5.9AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2021/06/22 11:15 a.m.1 views

CVE-2021-0563

In ih264efmtconv422ito420sp of ih264efmtconv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS6.5AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2021/06/22 11:15 a.m.4 views

CVE-2021-0572

In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

5.5CVSS6.2AI score0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/03/23 12:0 a.m.4 views

PT-2021-7996 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory leak in the dc link construct function, which can be exploited by a remote attacker to cause a denial of service. The vulnerability is due to the...

5.5CVSS6.7AI score0.00205EPSS
Exploits0References15
OSV
OSV
added 2021/03/22 11:28 p.m.3 views

GHSA-HVV8-336G-RX3M A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a...

5.3CVSS6.9AI score0.4999EPSS
Exploits1References17
OSV
OSV
added 2021/03/15 11:6 p.m.5 views

USN-4875-1 opensmtpd vulnerabilities

It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...

10CVSS7.2AI score0.98946EPSS
Exploits41References4
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.3 views

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel that stems from an integer overflow in the FingerTipS touchscreen driver that may be out of range. This could result in the disclosu...

4.4CVSS5.4AI score0.00124EPSS
Exploits0References3
OSV
OSV
added 2021/02/08 8:15 p.m.2 views

DEBIAN-CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

5.5CVSS6AI score0.01777EPSS
Exploits1References1
NCSC
NCSC
added 2021/02/03 12:0 a.m.7 views

Serious vulnerabilities fixed in SolarWinds Orion

Vulnerabilities have been fixed in SolarWinds Orion. The vulnerability with reference CVE-2021-25274 allows an unauthenticated remote malicious person to execute arbitrary code with SYSTEM privileges. The vulnerability with attribute CVE-2021-25275 allows a local malicious person to access...

10CVSS7AI score0.36426EPSS
Exploits2
OSV
OSV
added 2021/01/11 10:15 p.m.3 views

CVE-2021-0309

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9,...

5.5CVSS5.9AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2021/01/06 10:27 p.m.2 views

USN-4678-1 linux, linux-hwe-5.8, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi vulnerabilities

It was discovered that the AMD Running Average Power Limit RAPL driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. CVE-2020-12912 Jann Horn discovered that the iouring subsystem in the Linux kernel d...

7.8CVSS6.6AI score0.00462EPSS
Exploits1References3
Rows per page
Query Builder