249 matches found
CVE-2021-1086
CVE-2021-1086 affects NVIDIA vGPU software/driver — the Virtual GPU Manager (vGPU plugin). The vulnerability allows guests to control unauthorized resources, potentially compromising integrity and confidentiality. Affected versions are vGPU 12.x (before 12.2), 11.x (before 11.4), and 8.x (before ...
OESA-2021-1132 wireshark security update
Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging...
The vulnerability of the dockerd daemon, a deployment and application management automation tool in Docker-enabled environments, relates to a resource consumption control mechanism error. This vulnerability allows attackers to trigger service failures.
The vulnerability of the dockerd daemon, a tool for automating the deployment and management of applications in Docker containerized environments, is related to improper handling of the image manifest file. Exploiting this vulnerability allows an attacker to cause service interruptions...
Qualcomm 芯片 安全漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products that...
CVE-2020-5743
This entry documents CVE-2020-5743 affecting TCExam 14.2.2. The vulnerability is described as improper access control (improper control of resource identifiers) that lets a remote, authenticated attacker access test metadata they should not be able to view. The connected records consistently iden...
The vulnerability of Google Chrome, related to improper control of access to critical resources, allows a violator to gain unauthorized access.
The vulnerability of Google Chrome relates to improper control of access to a critical resource. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information through a specially created HTML page...
CVE-2019-14032
Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017,...
Memory corruption
Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017,...
CVE-2019-14032
Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017,...
CVE-2019-14032
CVE-2019-14032 describes a memory use-after-free issue in the audio stack affecting Qualcomm Snapdragon platforms (various APQ, MDM, and SM/SD series) due to lack of resource control. The impact is described in public records as memory corruption with potential high-severity effects for affected ...
Wireshark LTE RRC Parser Memory Leak Vulnerability
Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.LTE RRC is one of the LTE RRC protocol parsers. A security vulnerability exists in the LTE RRC...
UBUNTU-CVE-2020-9431
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations...
The vulnerability of the HTTP/2 web server protocol of the Apache Traffic Server, a Node.js-based software platform, stems from a lack of resource consumption control mechanisms. This allows attackers to trigger service interruptions.
The vulnerability of the HTTP/2 web server protocol of the Apache Traffic Server, a Node.js-based software platform, is related to errors in the resource consumption control mechanism. Exploiting this vulnerability can allow an attacker to cause service interruptions through a specially crafted...
CVE-2018-8850
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result ...
Design/Logic Flaw
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result ...
Redha redhat-certification denial of service vulnerability
Redhat redhat-certification is a certification service from Red Hat, an American company. A denial of service vulnerability exists in the way documents are loaded in Redha redhat-certification, which stems from the program's failure to control resource consumption and can be exploited by a remote...
Wireshark Null Pointer Dereference Vulnerability
Wireshark is a network packet analyzer. Wireshark is a network packet analyzer that captures network packets and displays the most detailed network packet information possible.Wireshark uses WinPCAP as an interface to exchange data packets directly with the network card. A null pointer dereferenc...
DEBIAN-CVE-2018-11359
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference...
ALPINE-CVE-2018-11359
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference...
Mail.ru: XSS on account.mail.ru/login
Уязвимость на станице https://account.mail.ru/login и подготовка файлов для атаки --------------------- В процессе исследования заметил, что на странице https://account.mail.ru/login не валидируется значение параметра v. Значение выводится на странице как есть и используется в пути до скрипта...