PT-2022-10002 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to improper key generation due to a lack of buffer validation when reading PRNG output. This affects various Qualcomm Snapdragon products, including...

CVE-2022-1108

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2022-1108

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2022-1108

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2022-1108

The CVE-2022-1108 entry concerns a vulnerability in the Lenovo ThinkPad BIOS stack related to the LenovoFlashDeviceInterface SMI handler in ThinkPad X1 Fold Gen 1. The root cause is improper/buffer validation in the SMI handler, enabling a local attacker with elevated privileges to execute arbitr...

CVE-2022-1108

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code...

多款Qualcomm芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in several Qualcomm products that...

CVE-2021-30333

Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2022-24354

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.591035553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. A buffer error vulnerability exists in the Cisco Small Business RV Series Routers that stems from insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.Insyde InsydeH2O suffers from a memory corruption vulnerability. InsydeH2O is vulnerable to memory corruptio...

CVE-2021-1100

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver nvidia.ko, in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x prior to 12.3, version 11.x prior to 11....

CVE-2020-11233

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2020-11233

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...

CVE-2021-3548

A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy inside the main function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution...

CVE-2020-29443

ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated...

Dell Inspiron Buffer Overflow Vulnerability

The Dell Inspiron 15 7579 2-in-1 Dell Inspiron is a laptop computer from Dell USA. A security vulnerability exists in the Dell Inspiron 15 7579 2-in-1 BIOS prior to version 1.31.0, which stems from the inclusion of an improper SMM communication buffer validation vulnerability. A locally...

Multi-vendor BIOS Security Vulnerabilities (June 2020) - Lenovo Support US

Lenovo Security Advisory: LEN-30042 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-0528, CVE-2020-0529, CVE-2020-8320, CVE-2020-8321, CVE-2020-8322, CVE-2020-8323, CVE-2020-8333, CVE-2020-833...

CVE-2019-14078

Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and...

Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)

Exploit Title: Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service PoC Date: 2019-12-11 Exploit Author: Nassim Asrir CVE: CVE-2019-6192 Tested On: Windows 1064bit | ThinkPad T470p Vendor : https://www.lenovo.com/us/en/ Ref :...