854 matches found
CVE-2020-3703
u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...
Awesome-Red-Teaming
This is a list of resources for Red Teaming, a list that will be updated regularly with the latest adversarial tactics and techniques based on the Mitre ATT&CK framework. The list covers various topics such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credenti...
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
...
UBUNTU-CVE-2020-25742
pcichangeirqlevel in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pcigetbus might not return a valid pointer...
DEBIAN-CVE-2020-25595
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...
ALPINE-CVE-2020-25595
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...
UBUNTU-CVE-2020-25595
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
...
PT-2020-5392 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.13 Description: The issue is related to the VFIO PCI driver in the Linux kernel, which mishandles attempts to access disabled memory space. This can be exploited to cause a denial of service. Recommendations:...
Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack
A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by...
Linux kernel denial of service vulnerability (CNVD-2020-28264)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the drivers/spi/spi-dw.c file in Linux kernel versions prior to 5.4.17. An attacker can exploit this vulnerability to cause a denial...
UBUNTU-CVE-2020-12769
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dwspiirq and dwspitransferone, aka CID-19b61392c5a8...
Introduction to Bluetooth Low Energy
Bluetooth Low Energy BLE is used by almost everyone in our everyday lives, from wireless headphones, to car stereos, computer keyboards and mice, and other everyday items. Even though this standard is popular there seems a general lack of understanding of how it works and what certain terms mean...
A week in security (February 17 – 23)
Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...
Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs
Fresh firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks, according to research from Eclypsium. TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP...
CVE-2019-19193
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers i...
Wacom Tablet Data Exfiltration Raises Security Concerns
The Wacom digital drawing tablet appears to be silently exfiltrating user data, according to an investigation by software engineer Robert Heaton – and the company responded on Friday, downplaying the report. However, security researchers say the tablets still pose a risk and a privacy problem...
Vulnerability of the spi_gpio_probe() function (drivers/spi/spi-gpio.c) in the Linux kernel, allowing a hacker to cause a service failure
The vulnerability of the spigpioprobe function drivers/spi/spi-gpio.c in the Linux kernel involves uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
DEBIAN-CVE-2019-19577
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number ...
UBUNTU-CVE-2019-18806
A memory leak in the qlalloclargebuffers function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service memory consumption by triggering pcidmamappingerror failures, aka CID-1acb8f2a7a9f...