Lucene search
+L

42 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.6 views

CVE-2019-14130

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

7.8CVSS7.7AI score0.00199EPSS
Exploits0References1
Kitploit
Kitploit
added 2024/09/23 11:30 a.m.147 views

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit

BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious...

7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.5 views

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from Core memory corruption when rolling back a version of an update with TA and OTA functionality enabled...

7.8CVSS6.9AI score0.00109EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.4 views

AMD Secure Processor Buffer Error Vulnerability

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. The AMD Secure Processor suffers from a buffer error vulnerability that stems from the fact that insufficient boundary checking in the AMD Secure Processor could lead to an attacker accessing memory outsi...

5.5CVSS6.8AI score0.00211EPSS
Exploits0References4
OSV
OSV
added 2021/11/15 4:15 p.m.5 views

CVE-2020-12929

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...

7.8CVSS7.6AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2021/11/15 4:15 p.m.23 views

CVE-2020-12929

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...

7.8CVSS0.00257EPSS
Exploits0References1
Prion
Prion
added 2021/11/15 4:15 p.m.14 views

Design/Logic Flaw

Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution...

4.6CVSS7.8AI score0.00257EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/09/09 8:15 a.m.25 views

CVE-2021-1909

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music,...

7.8CVSS0.00158EPSS
Exploits0References1
Prion
Prion
added 2021/09/09 8:15 a.m.22 views

Buffer overflow

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music,...

7.2CVSS7.8AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/06 12:0 a.m.5 views

Qualcomm 芯片 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a buffer error vulnerability that...

7.8CVSS7.7AI score0.00158EPSS
Exploits0References6
CNVD
CNVD
added 2021/08/05 12:0 a.m.23 views

Google Asylo memory read vulnerability

Google Asylo is a framework for developing trusted applications from Google, a US-based company. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation.Google Asylo in version 0.6.1 has a memory read vulnerability vulnerability...

5.5CVSS1.5AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.14 views

NVIDIA Jetson 缓冲区错误漏洞

Nvidia NVIDIA Jetson is an embedded system development module from Nvidia Corporation. NVIDIA Jetson has a security vulnerability that stems from Trusty includes a vulnerability in all Trusted Applications TAs where a stack cookie is not randomized, which could result in a stack-based buffer...

7.7CVSS7.7AI score0.00246EPSS
Exploits0References2
Prion
Prion
added 2021/06/09 5:15 a.m.25 views

Code injection

Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

7.2CVSS7.5AI score0.0016EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/07/16 12:0 a.m.11 views

PT-2019-11544

Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE OP-TEE versions prior to v3.4.0 Description: The issue is related to boundary checks in the optee os component. This could lead to corruption of any memory that the TA can access. Recommendations: For versions prior to v3.4.0,...

9.8CVSS7.8AI score0.0154EPSS
Exploits0References4
OSV
OSV
added 2019/07/15 6:15 p.m.5 views

CVE-2019-1010294

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...

7.5CVSS5.5AI score0.01408EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/07/15 12:0 a.m.8 views

PT-2019-11546

Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE versions prior to 3.4.0 Description: The issue is related to a rounding error in the optee os component, potentially leading to the leakage of code and/or data from previous Trusted Applications. Recommendations: For versions...

7.5CVSS7.3AI score0.01408EPSS
Exploits0References4
CVE
CVE
added 2018/09/20 1:0 p.m.59 views

CVE-2017-18280

CVE-2017-18280 : In Snapdragon platforms (Automobile, Mobile, Wear) across listed SoCs, a trusted application that has opened an SPI/I2C interface to a device could allow another trusted application to read data via the SPI/I2C read function. The initial disclosures list the affected families (e....

7.8CVSS6.7AI score0.00246EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/08/06 12:0 a.m.47 views

FreeBSD : elasticsearch -- remote code execution via transport protocol (fb3668df-32d7-11e5-a4a5-002590263bf5)

Elastic reports : Vulnerability Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution. Remediation Summary: Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protoco...

9.8CVSS8.7AI score0.14576EPSS
Exploits2References4
Atlassian
Atlassian
added 2013/11/21 4:35 a.m.16 views

Privilege escalation

We have identified and fixed a vulnerability in Stash which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to your Stash web interface. The Stash server is only vulnerable if it has been...

3AI score
Exploits0
Atlassian
Atlassian
added 2011/08/18 1:40 a.m.33 views

JIRA FishEye plugin not working - Error handling trusted applications authentication attempt: BAD_SIGNATURE

This bug effects you if: you are running JIRA 4.4+ and FishEye 2.6.0-2.6.3 you have Trusted Applications authenticating the link between your JIRA and FishEye servers If you attempt to configure or use the JIRA FishEye plugin, you may see errors in the UI and log messages like this in JIRA:...

Exploits0Affected Software1
Rows per page
Query Builder