128 matches found
CVE-2021-46746
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment TEE may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service...
CVE-2021-46746
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment TEE may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service...
CVE-2021-46746
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment TEE may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service...
CVE-2021-46746
CVE-2021-46746 : The AMD ASP/TEE stack protection gap allows a privileged attacker with access to AMD signing keys to corrupt the return address via a stack-based buffer overrun, potentially causing a denial of service. This aligns with AMD’s CVE entry (base score 5.2, local access, high attack c...
PT-2024-11052 · Amd · Asp Secure Os Trusted Execution Environment
Name of the Vulnerable Software and Affected Versions: ASP Secure OS Trusted Execution Environment TEE affected versions not specified Description: The issue is related to a lack of stack protection exploit mechanisms in the ASP Secure OS Trusted Execution Environment TEE. This may allow a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a hit to the stack protection page due to an unbounded recursion that could result from old loop detection...
The vulnerability of the microprogrammed software of the biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in buffer overflow attacks on the glass components, allowing intruders to execute arbitrary codes.
The vulnerability of microprogrammed software in biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME stems from buffer overflows in the stack due to the absence of protection mechanisms like Canary and PIE. Exploiting this vulnerability allows an attacker operating...
CVE-2023-3943
The CVE-2023-3943 entry describes a stack-based buffer overflow affecting ZkTeco-based OEM devices (e.g., ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME, and potentially others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 (and similar versions). The root cause is failure to implement pro...
NewStart CGSL MAIN 6.06 : dhcp Vulnerability (NS-SA-2023-0091)
The remote NewStart CGSL host, running version MAIN 6.06, has dhcp packages installed that are affected by a vulnerability: - In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series are...
The vulnerability of the stack protection function in the GNU Compiler Collection (GCC), various programming languages, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the stack protection function in the GNU Compiler Collection GCC for various programming languages is related to a violation of the data protection mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of t...
AlmaLinux 9 : kernel-rt (ALSA-2023:5091)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5091 advisory. - A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options...
CVE-2023-4039
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
CVE-2023-4039
A vulnerability was found in GCC. The GCC's stack protection feature, enabled with the flag -fstack-protector, aims to detect buffer overflows in C/C++ function local variables that might allow an attacker to overwrite saved registers on the stack. If an attacker can modify saved register values,...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...
PT-2023-5294
Name of the Vulnerable Software and Affected Versions GCC versions prior to the fixed version Description A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in an...
SUSE SLES15: cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / etc (SUSE-SU-2023:2831-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2831-1 advisory. The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following...
SUSE-SU-2023:2831-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in picknextrtentity, that could cause memory corruption bsc1208600. - CVE-2023-1249: Fixed a use-after-free flaw in t...
CVE-2023-21102
A vulnerability was found in the efirtasmwrapper of the efi-rt-wrapper.S in the Linux kernel, where there is a possible bypass of shadow stack protection due to a logic error in the code. This flaw could lead to local escalation of privilege without additional execution privileges needed...
CVE-2023-21102
In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...