408 matches found
CVE-2023-47267
The CVE-2023-47267 issue affects TheGreenBow Windows VPN clients: Enterprise Certified VPN Client 6.52, Standard VPN Client 6.87, and Enterprise VPN Client 6.87. Root cause is privilege escalation via crafted changes to memory-mapped files. Impact is elevated privileges, with network-vector-like ...
CVE-2023-47267
An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file...
TheGreenBow Windows Certified VPN Client Security Vulnerability
TheGreenBow Windows Certified VPN Client is a client VPN from TheGreenBow. TheGreenBow Windows Certified VPN Client suffers from a security vulnerability that stems from an attacker's ability to cause elevation of privilege via a carefully crafted memory-mapped file...
PT-2023-30401
Name of the Vulnerable Software and Affected Versions TheGreenBow Windows Enterprise Certified VPN Client version 6.52 TheGreenBow Windows Standard VPN Client version 6.87 TheGreenBow Windows Enterprise VPN Client version 6.87 Description An issue discovered in TheGreenBow VPN clients allows...
CVE-2021-46758
Insufficient validation of SPI flash addresses in the ASP AMD Secure Processor bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity...
kernel: wifi: mt76: connac: do not check WED status for non-mmio devices
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: do not check WED status for non-mmio devices WED is supported just for mmio devices, so do not check it for usb or sdio devices. This patch fixes the crash reported below: 21.946627 wlp0s3u1i3: authenticate wi...
kernel: Linux kernel KVM: Memory leak via coalesced MMIO unregistration failure
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. This vulnerability occurs when the unregistration of a coalesced Memory-Mapped I/O MMIO device fails, leading to a memory leak. A local attacker could exploit this flaw to consume system memory, potentially causing...
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
As many as 34 unique vulnerable Windows Driver Model WDM and Windows Driver Frameworks WDF drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. "By exploiting the drivers, an attacker without privilege...
AZL-31815 CVE-2023-46813 affecting package kernel for versions less than 5.15.137.1-1
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory and th...
UBUNTU-CVE-2020-18770
An issue was discovered in function zzipdiskentrytofileheader in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service...
kernel: i2c: piix4: Fix a memory leak in the EFCH MMIO support
In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix a memory leak in the EFCH MMIO support The recently added support for EFCH MMIO regions introduced a memory leak in that code path. The leak is caused by the fact that releaseresource merely removes the resource...
Intel CPU vulnerabilities fixed. But should you update?
Microsoft has released out of band updates for information disclosure vulnerabilities in Intel CPUs. The normal gut reaction would be to install out of band updates as soon as possible. Microsoft wouldnt be releasing the updates ahead of the regular cycle without good reason, would it? Well, mayb...
Ubuntu: Security Advisory (USN-5913-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2006-1528
Linux kernel before 2.6.13 allows local users to cause a denial of service crash via a dio transfer from the sg driver to memory mapped mmap IO space...
SUSE CVE-2008-4210
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable...
SUSE CVE-2010-0419
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing SMP, does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service guest OS crash or gain privileges on the guest OS by leveraging...
SUSE CVE-2012-3432
The handlemmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service guest OS crash via unspecified...
SUSE CVE-2013-2212
The vmxsetucmode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service CPU consumption and possibly hypervisor or guest kernel panic via a crafted GFN range...
SUSE CVE-2013-4355
Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a 1 port or 2 memory mapped I/O write or 3 other unspecified operations related to addresses without associated memory...
SUSE CVE-2014-7842
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service guest OS crash via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to...