19 matches found
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handles datavault when the value is ZEROSIZEPTR. In some cases, GDDV returns a packet with a buffer of zero length. This causes kmemdup to return ZEROSIZEPTR 0x10. As a result, datavaultread encounters a...
CVE-2026-0240
Mode C: CVE-2026-0240 affects Trust Protection Foundation. It describes an information disclosure vulnerability where an authenticated attacker can access sensitive data from the server vault, potentially impersonate any user and arbitrarily modify configuration settings. The available references...
CVE-2021-36750
ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, making it easier for attackers to determine the passwords of all DataVault users across USB drives sold under multiple brand names...
CVE-2015-7731
SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830...
kernel: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
A flaw was found in the Linux kernel in the thermal/int340xthermal driver. This issue occurs when the Global Device Data Vault GDDV returns a zero-length buffer, causing the kmemdup function to return a ZEROSIZEPTR 0x10, leading to a NULL pointer dereference in datavaultread, potentially causing ...
OESA-2024-1942 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and the...
OESA-2024-1941 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and the...
SUSE CVE-2022-48703
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
DEBIAN-CVE-2022-48703
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
AZL-57755 CVE-2022-48703 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
UBUNTU-CVE-2022-48703
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
CVE-2022-48703
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...
PT-2022-34615 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.9 Description: The issue is related to handling data vault when the value is ZERO SIZE PTR in the thermal/int340x thermal component. The actual impact and attack plausibility have not yet been proven...
CVE-2021-36751
ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation without knowledge of the key. This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation...
PT-2022-10543 · Unknown · Enc Datavault Oem +1
Name of the Vulnerable Software and Affected Versions: ENC DataVault versions 7.2.3 and before ENC DataVault OEM versions Description: The issue concerns the use of an encryption algorithm that is vulnerable to data manipulation, known as ciphertext malleability, without requiring knowledge of th...
Enc Security Enc DataVault 数据伪造问题漏洞
Enc Security Enc DataVault is a solution from the Dutch company Enc Security. Turn any Usb drive into a secure removable disk for important files. ENC DataVault suffers from an encryption issue vulnerability that stems from ENC DataVault 7.1.1W using an incorrect encryption algorithm, which can b...
Enc Security Enc DataVault 信息泄露漏洞
Enc Security Enc DataVault is a solution from the Dutch company Enc Security. Turns any Usb drive into a secure removable disk for important files. An information disclosure vulnerability exists in Enc Security ENC DataVault 7.1.1W, which stems from VaultAPI v67 incorrectly handling key derivatio...
Mac Users Targeted by Spyware Spreading via Xcode Projects
A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...
SAP Sybase Unwired Platform Online Data Proxy Information Disclosure Vulnerability
SAP Sybase Unwired Platform is a suite of enterprise-grade mobile application platforms.Online Data Proxy is one of the online data proxy modules. A security vulnerability in SAP Sybase Unwired Platform Online Data Proxy allows a local attacker to exploit the DataVault library to obtain username...