103 matches found
CVE-2019-15877
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory...
CVE-2019-15877
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory...
CVE-2019-15877
In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory...
FreeBSD : FreeBSD -- Insufficient ixl(4) ioctl(2) privilege checking (b2b83761-6a09-11ea-92ab-00163e433440)
The driver-specific ioctl2 command handlers in ixl4 failed to check whether the caller has sufficient privileges to perform the corresponding operation. Impact : The ixl4 handler permits unprivileged users to trigger updates to the device's non-volatile memory NVM. C Tenable Network Security, Inc...
FreeBSD-SA-20:06.if_ixl_ioctl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:06.ifixlioctl Security Advisory The FreeBSD Project Topic: Insufficient ixl4 ioctl2 privilege checking Category: core Module: ixl4 Announced: 2020-03-19...
CVE-2017-8335
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting name for wireless network. These values are stored by the device in NVRAM Non-volatile RAM. It seems that the POST parameters passed in thi...
QEMU NVM Express Controller Heap Buffer Overflow Vulnerability
QEMU is a suite of analog processor software developed by French programmer Fabrice Bellard.NVM Express Controller is one of the NVMe Non-Volatile Memory Host Controller Interface Specification controller components. The NVM Express Controller emulation in QEMU suffers from a heap buffer overflow...
New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs
Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers...
CVE-2017-9701
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory...
Design/Logic Flaw
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory...
CVE-2017-9701
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory...
Samsung, Huawei and other phone Bootloader was traced to the presence of many high-risk bug-vulnerability warning-the black bar safety net
California University research team to create the main stream mobile platform in the bootloader exists in the code test and the DOS of the security gap. Workshop staff with a BootStomp to create 6 new found cracks, 5 of which division is the manufacturer to confirm. There is also a su XI reported...
Intel Ethernet Controller's X710/XL710 Denial of Service Vulnerability
Intel Ethernet Controller X710 and others are Ethernet controllers from Intel Corporation USA. A denial of service vulnerability exists in the Non-Volatile Memory in the Intel Ethernet Controller X710 and XL710 prior to version 5.05. A remote attacker could exploit this vulnerability to cause the...
CVE-2016-8106
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions...
CVE-2016-8106
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions...
CVE-2016-8106
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions...
CVE-2016-8106
CVE-2016-8106 is discussed in IBM documentation as affecting the IBM QRadar Network Security XGS appliance family, specifically noting a vulnerability in the 40-GbE network interface modules for the XGS 7100. The IBM entry (Security Bulletin: A vulnerability has been discovered in 40-GbE network ...
Lexmark Printer Sensitive Information Disclosure Vulnerability
Lexmark printer is a printer product. An information disclosure vulnerability exists in the Lexmark printer, where failure to properly handle Erase Printer Memory and Erase Hard Disk operations could allow a local attacker to obtain sensitive information by directly reading non-volatile memory...
CVE-2016-3145
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on...
Hardcoded credentials
Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on...