166 matches found
RUSTSEC-2021-0007 `Frame::copy_from_raw_parts` can lead to segfault without `unsafe`
fn Frame::copyfromrawparts is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may...
CVE-2020-8942
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedread whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the...
CVE-2020-8940
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedrecvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size...
Memory corruption
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedrecvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size...
CVE-2020-8943 Unchecked buffer overrun in enc_untrusted_recvfrom
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedrecvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the...
CVE-2020-8942 Unchecked buffer overrun in enc_untrusted_read
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedread whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the...
CVE-2020-8941 Unchecked buffer overrun in enc_untrusted_inet_pton
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedinetpton using an attacker controlled klinuxaddrbuffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended...
CVE-2020-8940
CVE-2020-8940 describes an arbitrary memory read in Asylo up to version 0.6.0, where an attacker can cause a read via enc_untrusted_recvmsg using a attacker-controlled result parameter. The parameter size is unchecked, enabling reads beyond the intended buffer, potentially accessing memory locati...
JITSploitation II: Getting Read/Write
Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...
Arbitrary Memory Read
The Linux kernel is vulnerable to arbitrary memory read. A flaw in the IPv6 socket option handling allows a local user to read arbitrary kernel memory...
CVE-2019-20553
An issue was discovered on Samsung mobile devices with P9.0 SM6150, SM8150, SM8150FUSION, exynos7885, exynos9610, and exynos9820 chipsets software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 October 2019...
CVE-2019-2318
Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017,...
CVE-2019-2318
Non Secure Kernel can cause Trustzone to do an arbitrary memory read which will result into DOS in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017,...
Multiple Qualcomm Products Resource Management Error Vulnerability (CNVD-2020-16061)
The Qualcomm MDM9205 and others are a central processing unit CPU product of Qualcomm Incorporated. A resource management error vulnerability exists in QTEE in multiple Qualcomm products. The vulnerability arises from improper management of system resources e.g., memory, disk space, files, etc. b...
NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2019-0095)
The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: - Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerabili...
Vulnerability of the `init_agent2TA_context` function in the `TEEOS.img` file (offset 0x13949C) of the TEE OS Trusted Core component in the microprogramming system of the Huawei Mate 9 Pro mobile phone. This vulnerability allows an attacker to trigger a service failure or to read the virtual memory of the TEE OS at arbitrary addresses.
The vulnerability of the initagent2TAcontext function in the TEEOS.img file with a offset of 0x13949C in the SMC handler of the TEE OS Trusted Core in the microprogramming of the Huawei Mate 9 Pro mobile phone is related to the lack of validation for the remap value passed in the request...
shopify-scripts: NULL pointer dereference in `mrb_check_frozen`
PoC === The following demonstrates a crash: 3735928559.removeinstancevariable '@a' Debug info ========== Valgrind suggests the crash happens due to an invalid read in mrbcheckfrozen: ==4882== Memcheck, a memory error detector ==4882== Copyright C 2002-2017, and GNU GPL'd, by Julian Seward et al...
The vulnerability of the BigSQL installer, a database management system for PostgreSQL, allows a hacker to read arbitrary portions of the server process’ memory.
The vulnerability of the BigSQL installer, a database management system for PostgreSQL, is related to the lack of protection for operational data. Exploiting this vulnerability allows an attacker, operating remotely, to read arbitrary portions of the server’s memory using a specially created INSE...
CVE-2019-5016
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory...
CVE-2019-5016
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory...