SUSE-SU-2022:4293-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2022-39318: Fixed division by zero in urbdrc bsc1205563. - CVE-2022-39319: Fixed missing input buffer length check in urbdrc bsc1205564...

The vulnerability of the Video microprogramming system component in Qualcomm’s embedded chips allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Video microprogramming software component in Qualcomm’s embedded chips relates to the lack of checks for buffer length and reading beyond the memory boundary when processing AVI files. Exploiting this vulnerability can allow an intruder to gain unauthorized access to...

The vulnerability of the implementation of content protection functions in Qualcomm’s embedded software allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the content protection implementation in Qualcomm’s embedded software lies in the lack of checks for buffer length and reading beyond the memory boundary. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...

The vulnerability of the DNS BIND server lies in the lack of buffer length checking and out-of-memory reading, which allows attackers to access protected information or cause service failures.

The vulnerability of the DNS BIND server lies in the lack of buffer length checking and the inability to read beyond the memory limit. Exploiting this vulnerability can allow a malicious actor to access protected information or cause service failures...

SAMSUNG mTower 缓冲区错误漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower versions prior to 0.3.0, which stems from a vulnerable buffer access with an incorrect length value in its TEEMACUpdate function that allows a trusted application ...

PT-2022-25521 · Samsung · Samsung Mtower

Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: A Buffer Access with Incorrect Length Value issue in the TEE MACUpdate function allows a trusted application to trigger a Denial of Service DoS by invoking the function TEE MACUpdate with...

PT-2022-4881 · Qualcomm · Qualcomm Snapdragon Mobile +7

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions affected versions not specified Qualcomm Snapdragon Compute versions affected versions not specified Qualcomm Snapdragon Connectivity versions affected versions not specified Qualcomm Snapdragon Consumer IOT...

Qualcomm 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way to miniaturize circuitry including primarily semiconductor devices, but also passive components, etc. and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in multiple Qualcomm...

GHSA-5JFW-35XP-5M42 Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown

Impact LoginPacket uses BinaryStream-getLInt to read the lengths of JSON payloads it wants to decode. Unfortunately, BinaryStream-getLInt returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size which would be interpreted as a...

Qualcomm 芯片 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products...

CVE-2021-40027

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2021-40027

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality...

Design/Logic Flaw

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2021-40027

CVE-2021-40027 describes a buffer-length calculation vulnerability in Huawei HarmonyOS Bone Voice TA, with potential data-confidentiality impact. The NVD reports CVSS2 (5.0, MEDIUM, network/low complexity) and CVSS3.1 (7.5, HIGH, network/low, confidentiality impact high). Connected docs reiterate...

CVE-2021-40027

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality...

PT-2022-11149 · Unknown · Bone Voice Id Ta

Name of the Vulnerable Software and Affected Versions: bone voice ID TA affected versions not specified Description: The issue is related to a calculation error in buffer length, which may impact data confidentiality. Recommendations: At the moment, there is no information about a newer version...

yubihsm-shell 缓冲区错误漏洞

yubihsm-shell is a component for individual developers to interact with YubiHSM 2. The component is mostly found in applications that interact with YubiHSM 2 and is geared towards user and program level interaction. A buffer error vulnerability exists in yubihsm-shell where the product does not...

UVI-2021-1002340 scsi: core: Fix scsi_mode_sense() buffer length handling

scsi: core: Fix scsimodesense buffer length handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

GSD-2021-1002340 scsi: core: Fix scsi_mode_sense() buffer length handling

scsi: core: Fix scsimodesense buffer length handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

EulerOS Virtualization 2.9.1 : libssh (EulerOS-SA-2021-2753)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime...