CVE-2020-8935

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecallrestore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library...

CVE-2020-8935

CVE-2020-8935 describes an arbitrary memory overwrite in Asylo up to version 0.6.0 . An attacker can abuse the Ecall_restore path to reallocate untrusted code and overwrite sections of enclave memory. Practical impact: compromise of enclave memory integrity and confidentiality, with high-severity...

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, also known as the Dirty Cow vulnerability. The exploit targets Linux systems and uses the Dirty Cow vulnerability to gain root access. The vulnerability allows an attacker to write to a read-only page in memory, which can be used to execute arbitrary code...

CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...

Authorization

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...

CVE-2020-28211

CVE-2020-28211 affects Schneider Electric EcoStruxure Control Expert (PLC Simulator) with an Incorrect Authorization weakness (CWE-863) that could allow authentication bypass by overwriting memory via a debugger. Affected software is EcoStruxure Control Expert (Unity Pro) across all versions; the...

Schneider Electric EcoStruxure Control Expert 权限许可和访问控制问题漏洞

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. An incorrect authorization vulnerability exists in PLC Simulator in Schneider Electric EcoStruxure Control...

Arbitrary Memory Overwrite

putty is vulnerable to arbitrary memory overwrite. A remote attacker is able to exploit the vulnerability to write arbitrary data into memory during the RSA key exchange before host key verification...

CVE-2020-25278

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225,...

CVE-2020-25278

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225,...

Code injection

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225,...

CVE-2020-25278

Summary of CVE-2020-25278 (Samsung) : The vulnerability affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue stems from the Quram image codec library, which can be exploited by crafted JPEG data to overwrite memory and execute arbitrary code during decoding. Impact is des...

CVE-2020-25278

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225,...

Buffer overflow

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent. Functions parsing the OIDs in SNMP requests lack sufficient allocated target-buffer capacity verification when writing parsed OID values. The function snmpoiddecodeoid may overwrite memory areas beyond the provided...

CVE-2020-14936

CVE-2020-14936 concerns Contiki-NG 4.4–4.5, where the SNMP agent contains a buffer overflow in snmp_oid_decode_oid() triggered during SNMP request processing. The function does not sufficiently validate target-buffer capacity when writing parsed OID values, risking overwriting memory beyond the i...

CVE-2020-8904

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecallrestore function fails to validate the range of the outputlen pointer, an attacker can manipulate the tmpoutputlen value and write to an arbitrary location in the trusted...

CVE-2020-8904

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecallrestore function fails to validate the range of the outputlen pointer, an attacker can manipulate the tmpoutputlen value and write to an arbitrary location in the trusted...

Design/Logic Flaw

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecallrestore function fails to validate the range of the outputlen pointer, an attacker can manipulate the tmpoutputlen value and write to an arbitrary location in the trusted...

CVE-2020-8904

The CVE-2020-8904 entry concerns Asylo prior to 0.6.0, where the ecall_restore function does not validate the range of the output_len pointer, allowing an attacker to manipulate tmp_output_len and overwrite arbitrary trusted (enclave) memory. Affected product: Asylo (pre-0.6.0). Impact described:...

CVE-2020-8904 Arbitrary trusted memory overwrite vulnerability in Asylo

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecallrestore function fails to validate the range of the outputlen pointer, an attacker can manipulate the tmpoutputlen value and write to an arbitrary location in the trusted...