UBUNTU-CVE-2022-50828

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

CVE-2022-50828 clk: zynqmp: Fix stack-out-of-bounds in strncpy`

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

CVE-2022-50828 clk: zynqmp: Fix stack-out-of-bounds in strncpy`

In the Linux kernel, the following vulnerability has been resolved: clk: zynqmp: Fix stack-out-of-bounds in strncpy "BUG: KASAN: stack-out-of-bounds in strncpy+0x30/0x68" Linux-ATF interface is using 16 bytes of SMC payload. In case clock name is longer than 15 bytes, string terminated NULL...

Malicious code in fca-ali-atf (npm)

The package fca-ali-atf was found to contain malicious code...

MAL-2025-20284 Malicious code in fca-ali-atf (npm)

The package fca-ali-atf was found to contain malicious code...

CVE-2022-20066

In atf hwfde, there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID: ALPS06171729...

CVE-2022-49646

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and...

DEBIAN-CVE-2022-49646

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and...

CVE-2022-49646

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and...

PT-2024-7529 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: The issue is related to a Use-After-Free vulnerability in the atf api.dll library of Autodesk AutoCAD, which can be triggered by parsing a maliciously crafted 3DM file. This can...

PT-2024-7528 · Autodesk · Autodesk Autocad

Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: The issue is related to a Use-After-Free vulnerability in the atf api.dll library of Autodesk AutoCAD, which can be triggered by parsing a maliciously crafted 3DM file. This can...

CVE-2024-23155

A maliciously crafted MODEL file, when parsed in atfasminterface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process...

CVE-2024-20021

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249...

CVE-2024-20021

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249...

CVE-2024-20021

The CVE-2024-20021 issue affects the ARM Trusted Firmware (ATF) SPM component and stems from a logic error that allows remapping of physical memory to virtual memory. This could enable local privilege escalation with System execution privileges (S-mode) required, and exploitable without user inte...

CVE-2024-20021

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249...

CVE-2024-23132

A maliciously crafted STP file in atfdwgconsumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

Malicious code in team-atf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc4bc178a5c3fa44d9ed6dfa7c429692ad3bb5b15556ee5cfcf089935bc92d54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8182 Malicious code in team-atf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc4bc178a5c3fa44d9ed6dfa7c429692ad3bb5b15556ee5cfcf089935bc92d54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in team-atf-3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3dbd02e3dfb7a6582ce683aed8cb3cf5be7a1a449fe0ac5ce208d87034938dbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...