Qualcomm 芯片 安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc. and from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in multiple Qualcomm...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4752-1 advisory. Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure- connections pairing authentication in the...

Information Disclosure

cloud-init is vulnerable to Information Disclosure. When a user specified configuration which would generate random passwords for users, cloud-init causes those passwords to be written to the serial console by emitting them on stderr. In the default configuration, any stdout or stderr emitted by...

kernel: malicious USB devices can lead to multiple out-of-bounds write

An out-of-bounds write flaw was found in the Linux kernel’s HID drivers. An attacker, able to plug in a malicious USB device, can crash the system or read and write to memory with an incorrect address...

Security update for openssl-1_0_0 (moderate)

openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2021:0430-1 Rating: moderate References: 1182331 1182333 Cross-References: CVE-2021-23840 CVE-2021-23841 CVSS scores: CVE-2021-23840 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23840 SUSE: 6...

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

Samsung knox_custom service security feature issue vulnerability

Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...

CVE-2021-25344

Missing permission check in knoxcustom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission...

CVE-2021-25344

Missing permission check in knoxcustom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission...

Design/Logic Flaw

Missing permission check in knoxcustom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission...

CVE-2021-25344

Missing permission check in knoxcustom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission...

knox_custom service 安全特征问题漏洞

Samsung knoxcustom service is a mobile application from Samsung South Korea. A simplicity mode is provided. A security signature issue vulnerability exists in knoxcustom service prior to SMR Mar-2021 Release 1, which stems from a missing privilege check and can be exploited by an attacker to obta...

AZL-6462 CVE-2020-25647 affecting package grub2 for versions less than 2.06~rc1-7

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution...

ALPINE-CVE-2020-25647

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution...

DEBIAN-CVE-2020-25647

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution...

CLSA-2021-1614885634 Fix of CVE:CVE-2021-23841

Fix Null pointer deref in X509issuerandserialhash CVE-2021-23841...

grub2 缓冲区错误漏洞

grub2 is a Linux system boot program from the GNU community. A buffer overflow vulnerability exists in grub2 versions prior to 2.06 in the grubusbdeviceinitialize function, which handles USB device initialization. No details of the vulnerability are provided at this time...

grub2: Out-of-bounds write in grub_usb_device_initialize()

A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the...

grub2: Out-of-bounds write in grub_usb_device_initialize()

A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the...

Ubuntu: Security Advisory (USN-4752-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...