Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination...

Apple iPadOS 资源管理错误漏洞

iOS is a mobile operating system developed by Apple. iPadOS is a family of mobile operating systems developed by Apple based on iOS. Apple iPadOS and iPadOS versions prior to 14.6 have a post-release reuse vulnerability that stems from a post-release use when handling email messages in the Mail...

VulnCheck KEV: CVE-2021-28664

Arm Mali Graphics Processing Unit GPU kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes...

Mcafee Data Loss Prevention Endpoint 安全漏洞

Mcafee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from Mcafee. The solution prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transfer, shared endpoint data flow control, and data encryptio...

Cisco IOS XE Local Elevation of Privilege Vulnerability

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A local elevation of privilege vulnerability exists in one of the diagnostic test CLI commands for Cisco IOS XE. The vulnerability stems from the fact that the affected software...

CVE-2021-1390

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This...

Cisco IOS XE Software Local Privilege Escalation Vulnerability

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A local elevation of privilege vulnerability exists in one of the diagnostic test CLI commands for Cisco IOS XE. The vulnerability stems from the fact that the affected software...

The vulnerability of the g_bytes_new function in the gbytes.c component of the Glib library allows a hacker to modify the contents of dynamic memory.

The vulnerability of the gbytesnew function in the gbytes.c component of the Glib library arises from a numerical overflow due to an implicit conversion of the gsize type variable to the guint type. Exploiting this vulnerability could allow an attacker to modify dynamic memory contents by using a...

USN-4680-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service syste...

CVE-2020-27674

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique...

CVE-2020-9105

Taurus-AN00B versions earlier than 10.1.0.156C00E155R7P2 have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploi...

Input validation

Taurus-AN00B versions earlier than 10.1.0.156C00E155R7P2 have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploi...

CVE-2020-9105

CVE-2020-9105 affects Huawei Taurus-AN00B devices with firmware older than 10.1.0.156 (C00E155R7P2). The root cause is insufficient input validation, allowing a local attacker to perform a sequence of operations that can access and modify device memory, potentially causing service abnormality. Co...

CVE-2020-9105

Taurus-AN00B versions earlier than 10.1.0.156C00E155R7P2 have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploi...

UBUNTU-CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

[SECURITY] Fedora 32 Update: podofo-0.9.6-11.fc32

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

CVE-2020-7457

In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV62292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory...

Race condition

In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV62292PKTOPTIONS socket option set handler contained a race condition allowing a malicious application to modify memory...

CVE-2020-7457

CVE-2020-7457 concerns a missing synchronization in the FreeBSD IPV6_2292PKTOPTIONS set handler (setsockopt), causing a race against freed memory in the ip6_pktopts path. Impact described as potential memory corruption and privilege escalation. Affected lines include FreeBSD stable/12 and stable/...