CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to...

CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to...

Mitsubishi Electric GOT and Tension Controller (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT and Tension Controller Vulnerability: Buffer Access with Incorrect Length Value 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-131-02...

Low: Red Hat Security Advisory: virt:8.3 and virt-devel:8.3 security and bug fix update

An update for the virt:8.3 and virt-devel:8.3 modules is now available for Advanced Virtualization for RHEL 8.3.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 8 : virt:8.3 and virt-devel:8.3 (RHSA-2021:1125)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1125 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to the execution of operations beyond the buffer in memory, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating...

CentOS 8 : container-tools:1.0 (CESA-2020:1360)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1360 advisory. - QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu CVE-2020-7039 Note that Nessus has not tested for this issue but has instead relied onl...

CVE-2020-9140

There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs...

CVE-2020-9140

There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs...

Arbitrary Code Execution

qemu is vulnerable to arbitrary code execution. The vulnerability exists through an out-of-bounds heap buffer access flaw caused by the way the iSCSI Block driver handles a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routi...

CVE-2020-16101

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

Design/Logic Flaw

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

CVE-2020-16101

CVE-2020-16101 affects the Command Centre service. An unauthenticated remote DCOM websocket connection can crash the service due to an out-of-bounds buffer access. Affected versions: v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), and all versions o...

CVE-2020-16101

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

java security update

CentOS Errata and Security Advisory CESA-2020:2969 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

RHEL 7 : slirp4netns (RHSA-2020:0889)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0889 advisory. The slirp4netns package contains user-mode networking for unprivileged network namespaces. It is required to enable networking for rootless...

Google Chrome PDFium Javascript Regexp Memory Corruption Vulnerability

Summary An exploitable memory corruption vulnerability exists in the way PDFium inside Google Chrome version 80.0.3987.158 executes Javascript regular expressions. The vulnerability could potentially be abused to achieve arbitrary code execution in the browser context. In order to trigger this...

CVE-2020-5971

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalatio...