72 matches found
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption when processing control commands...
EUVD-2016-2486
Malware in sbrugna...
EUVD-2021-27986
Malicious code in bioql PyPI...
EUVD-2024-37112
Malicious code in bioql PyPI...
CVE-2025-58763
Tautulli (Python-based Plex monitoring) has a command-injection vulnerability affecting v2.15.3 and earlier. The flaw arises when cloning from GitHub and installing manually, where the update/version logic calls runGit via subprocess.Popen with shell=True. The checkout_git_branch path stores un s...
CVE-2025-1727
The protocol used for remote linking over RF for End-of-Train and Head-of-Train also known as a FRED relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting...
Qualcomm Chipsets 资源管理错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in Qualcomm Chipsets, which stems from the possibility of memory corruption due to accessing the write-back mode buffer after release when processing IOCTL commands...
CVE-2021-47634
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrlcdevioctl and ubicdevioctl Hulk Robot reported a KASAN report about use-after-free: ================================================================== BUG: KASAN: use-after-free in...
CVE-2024-38417
Information disclosure while processing IO control commands...
CVE-2022-47311
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successfu...
CVE-2024-38417
Information disclosure while processing IO control commands...
CVE-2024-38417
CVE-2024-38417 concerns information disclosure during IOCTL processing in Qualcomm embedded platform microcode used in Qualcomm chipsets (notably automotive multimedia). The root cause is a memory issue (buffer over-read) when handling IO control commands, enabling potential leakage of protected ...
CVE-2024-38417 Buffer Over-read in Automotive Multimedia
Information disclosure while processing IO control commands...
CVE-2024-38417 Buffer Over-read in Automotive Multimedia
Information disclosure while processing IO control commands...
Security Bulletin: IBM Storage Ceph is vulnerable to CWE in the RHEL UBI (CVE-2023-28487)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-28487. Vulnerability Details CVEID:CVE-2023-28487 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain...
Exploit for CVE-2022-30190
AmzWord an automated attack chain based on CVE-2022-30190, 16...
CVE-2022-47311 CVE-2022-47311
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successfu...
CVE-2022-47311 CVE-2022-47311
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successfu...
CVE-2023-28486
A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands,...
SUSE CVE-2020-25656
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality...