MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from a lack of boundary checking, which could lead to out-of-bounds reads. An attacker could exploit this vulnerability to disclose local information. The...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from a lack of boundary checking, which could lead to out-of-bounds reads. An attacker could exploit this vulnerability to disclose local information. The...

DEBIAN-CVE-2023-0195

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver...

CVE-2023-21011

In multiple locations of p2piface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2023-21009

In multiple locations of p2piface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

CVE-2023-20973

In btmcreateconncancelcomplete of btmsec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

PT-2023-17774 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the btm ble clear resolving list complete function of btm ble privacy.cc due to a missing bounds check. This could lead to local information...

PT-2023-17744 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-13 Description: The issue is related to a possible out of bounds write in the C2SurfaceSyncObj.cpp import due to a missing bounds check. This could lead to local information disclosure, requiring...

PT-2023-17779 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the btm ble rand enc complete function of btm ble.cc due to a missing bounds check. This could lead to local information disclosure, requiring...

PT-2023-17756 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to Android-13 Description: The issue is related to a possible out of bounds read in the p2p iface.cpp file due to a missing bounds check. This could lead to local information disclosure, with System execution privileges...

PT-2023-17741 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a possible out of bounds write due to a missing bounds check in the A2DP BuildCodecHeaderSbc function of a2dp sbc.cc. This could lead to local information...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC Chipsets telephony module that stems from a lack of privilege checking. This could lead to the disclosure of local information without the need for additional execute privileges...

CVE-2023-20648

In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612...

CVE-2023-20932

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

SUSE CVE-2004-0814

Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow 1 local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or 2 remote attackers to cause a denial of service panic by...

SUSE CVE-2005-0400

The ext2makeempty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block...

SUSE CVE-2010-3073

SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...

SUSE CVE-2016-6224

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a 1 NVMe or 2 MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an...

SUSE CVE-2017-7495

fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new...

SUSE CVE-2017-10237

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...