Lucene search
K

854 matches found

Cvelist
Cvelist
added 2020/11/02 6:21 a.m.36 views

CVE-2020-3703

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...

7.1AI score0.00702EPSS
Exploits0References1
Gitee
Gitee
added 2020/10/21 12:36 p.m.4 views

Awesome-Red-Teaming

This is a list of resources for Red Teaming, a list that will be updated regularly with the latest adversarial tactics and techniques based on the Mitre ATT&CK framework. The list covers various topics such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credenti...

7AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2020/10/08 7:0 a.m.3 views

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

...

3.2CVSS7AI score0.00467EPSS
Exploits0
OSV
OSV
added 2020/10/06 3:15 p.m.2 views

UBUNTU-CVE-2020-25742

pcichangeirqlevel in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pcigetbus might not return a valid pointer...

3.2CVSS6.1AI score0.00467EPSS
Exploits0References4
OSV
OSV
added 2020/09/23 9:15 p.m.1 views

DEBIAN-CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...

7.8CVSS6.6AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2020/09/23 9:15 p.m.3 views

ALPINE-CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...

7.8CVSS7AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2020/09/23 9:15 p.m.2 views

UBUNTU-CVE-2020-25595

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...

7.8CVSS6.7AI score0.00373EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.6 views

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

...

5.3CVSS7AI score0.00404EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/05/14 12:0 a.m.12 views

PT-2020-5392 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.13 Description: The issue is related to the VFIO PCI driver in the Linux kernel, which mishandles attempts to access disabled memory space. This can be exploited to cause a denial of service. Recommendations:...

10CVSS7.3AI score0.98745EPSS
Exploits176References2184
ThreatPost
ThreatPost
added 2020/05/11 3:38 p.m.208 views

Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack

A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by...

0.1AI score
Exploits0References10
CNVD
CNVD
added 2020/05/11 12:0 a.m.2 views

Linux kernel denial of service vulnerability (CNVD-2020-28264)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the drivers/spi/spi-dw.c file in Linux kernel versions prior to 5.4.17. An attacker can exploit this vulnerability to cause a denial...

5.5CVSS6.1AI score0.00652EPSS
Exploits1References1
OSV
OSV
added 2020/05/09 9:15 p.m.3 views

UBUNTU-CVE-2020-12769

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...

5.5CVSS6.7AI score0.00652EPSS
Exploits1References7
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/03/12 6:38 a.m.123 views

Introduction to Bluetooth Low Energy

Bluetooth Low Energy BLE is used by almost everyone in our everyday lives, from wireless headphones, to car stereos, computer keyboards and mice, and other everyday items. Even though this standard is popular there seems a general lack of understanding of how it works and what certain terms mean...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/02/24 4:32 p.m.38 views

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/02/18 11:0 a.m.199 views

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

Fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP...

9.9AI score0.26869EPSS
Exploits0References5
OSV
OSV
added 2020/02/10 9:51 p.m.6 views

CVE-2019-19193

The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers i...

6.5CVSS5.8AI score0.00703EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2020/02/07 10:25 p.m.96 views

Wacom Tablet Data Exfiltration Raises Security Concerns

The Wacom digital drawing tablet appears to be silently exfiltrating user data, according to an investigation by software engineer Robert Heaton – and the company responded on Friday, downplaying the report. However, security researchers say the tablets still pose a risk and a privacy problem...

7.1AI score
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2019/12/22 12:0 a.m.6 views

Vulnerability of the spi_gpio_probe() function (drivers/spi/spi-gpio.c) in the Linux kernel, allowing a hacker to cause a service failure

The vulnerability of the spigpioprobe function drivers/spi/spi-gpio.c in the Linux kernel involves uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.8CVSS7.3AI score0.02848EPSS
Exploits0References11Affected Software2
OSV
OSV
added 2019/12/11 6:16 p.m.2 views

DEBIAN-CVE-2019-19577

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number ...

7.2CVSS9.5AI score0.00503EPSS
Exploits0References1
OSV
OSV
added 2019/11/07 4:15 p.m.1 views

UBUNTU-CVE-2019-18806

A memory leak in the qlalloclargebuffers function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service memory consumption by triggering pcidmamappingerror failures, aka CID-1acb8f2a7a9f...

5.5CVSS6.7AI score0.00348EPSS
Exploits0References5
Rows per page
Query Builder