CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface...

Cloud Foundry Cloud Controller API Information Disclosure Vulnerability

Cloud Foundry is a set of open source Platform as a Service PaaS cloud computing platforms from the Cloud Foundry Foundation in the United States. The product provides container scheduling, continuous delivery and automated service deployment, etc. Cloud Controller API is one of the cloud...

2019 Pwn2Own for compromised VMware virtual machine escape vulnerability analysis-vulnerability warning-the black bar safety net

At this year's Vancouver Pwn2Own contest during Fluoroacetate team shows them through the use of VMware Workstation from the client virtual machine to escape to the physical machine. They use the virtual USB 1.1 UHCI postage host controller interface in the cross-border read/write vulnerabilities...

Google Android Bluetooth hci_len Heap Buffer Overflow Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A heap buffer overflow vulnerability exists in the parsing of Bluetooth packet lengths in Google Android. The vulnerability stems from a failure to properly validat...

CVE-2018-12147

Insufficient input validation in HECI subsystem in IntelR CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access...

CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command...

UBUNTU-CVE-2019-0161

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access...

USN-3619-1: Linux kernel vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...

Google Android Qualcomm Wconnect Unauthorized Operation Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm Wconnect is one of Qualcomm's tools for connecting PCs to cell phones. A security vulnerability exists in Qualcomm Wconnect for Android, which stems from a failure of...

Qemu: usb: xhci infinite recursive call via xhci_kick_ep

QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite recursive call via vectors involving control transfer descriptors sequencing...

Qemu: usb: xhci infinite recursive call via xhci_kick_ep

QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite recursive call via vectors involving control transfer descriptors sequencing...

DEBIAN-CVE-2017-9374

Memory leak in QEMU aka Quick Emulator, when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service memory consumption by repeatedly hot-unplugging the device...

UBUNTU-CVE-2016-2391

The ohcibusstart function in the USB OHCI emulation support hw/usb/hcd-ohci.c in QEMU allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via vectors related to multiple eoftimers...

FreeBSD : qemu -- denial of service vulnerability in USB EHCI emulation support (60cb2055-b1b8-11e5-9728-002590263bf5)

Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interfaceEHCI and a respective device driver. These two communicate via a isochronous...

qemu -- denial of service vulnerability in USB EHCI emulation support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interfaceEHCI and a respective device driver. These two communicate via a isochronous...

Apple MAC OS X Bluetooth HCI Interface Memory Corruption Vulnerability

Apple Mac OS X is a commercial operating system. A memory corruption vulnerability exists in Apple Mac OS X's handling of the Bluetooth HCI interface, which could allow an attacker to run a malicious application to execute arbitrary code...

(Mobile Pwn2Own) Google Android Bluetooth Forced Pairing Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Android. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth application stack allowing for arbitrary Host Controller Interface comman...

UBUNTU-CVE-2014-3185

Multiple buffer overflows in the commandportreadcallback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service memory corruption and system crash v...

Kernel: Bluetooth: HCI & L2CAP information leaks

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...

Kernel: Bluetooth: HCI & L2CAP information leaks

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...