91 matches found
Buffer Overflow Vulnerability in Multiple Qualcomm Products (CNVD-2020-20202)
Qualcomm MDM9607 and others are products of Qualcomm Incorporated.The MDM9607 is a central processing unit CPU product.The SDX24 is a modem.The SDM630 is a central processing unit CPU product. A buffer overflow vulnerability exists in Audio in multiple Qualcomm products. The vulnerability...
A large number of third-party Android ROM is not configured correctly resulting in information leakage warning-vulnerability warning-the black bar safety net
11 November 22, Magisk author topjohnwu published articles that mentioned him in the study of Fate/Grand Order mobile game root detection mechanism when found present in millions of android devices on the vulnerability, exploit the vulnerability will leak on the system to process information. In...
CVE-2016-6554
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:blank and admin:blank . A remote network attacker can gain privileged access to a vulnerable device...
Debian DSA-4201-1 : xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor : - CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. - CVE-2018-10471 An error was discovered in the mitigations against Meltdown which...
CVE-2017-17254
This CVE-2017-17254 is a Huawei H323 protocol null pointer dereference vulnerability affecting a broad range of Huawei devices (e.g., AR120S/AR1200/AR150/AR200 families and related platforms). An unauthenticated, remote attacker can craft malformed H323 packets and send them to affected devices, ...
CVE-2017-2710
BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 version...
CVE-2017-10856
SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially crafted packet...
CVE-2017-9856
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device...
CVE-2017-8841
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmwareprocess.cgi via the upfile.path parameter...
Vulnerabilities in HVM MSI injection
ISSUE DESCRIPTION The implementation of the HVM control operation HVMOPinjectmsi, while checking whether a particular IRQ was already set up in the necessary way, fails to properly check all respective conditions. In particular it doesn't check the returned pointer for being non-NULL before de-...
Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities
Overview Supermicro Intelligent Platform Management Interface IPMI implementations based on ATEN firmware contain multiple vulnerabilities in their web management interface. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-3607The Supermicro IPMI web interface contains multiple buffer...