35 matches found
CVE-2020-9110
Taurus-AN00B versions earlier than 10.1.0.156C00E155R7P2 have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit...
CVE-2025-23136 thermal: int340x: Add NULL check for adev
In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 "platform/x86: int3472: Check for adev == NULL". Add a check for adev not...
CVE-2024-45582
Memory corruption while validating number of devices in Camera kernel...
CVE-2024-45582
Memory corruption while validating number of devices in Camera kernel...
SUSE CVE-2022-48746
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix handling of wrong devices during bond netevent Current implementation of bond netevent handler only check if the handled netdev is VF representor and it missing a check if the VF representor is on the same phys...
CVE-2024-26791 btrfs: dev-replace: properly validate device names
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...
The Gap in Your Zero Trust Implementation
Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust...
CVE-2020-9109
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful...
kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver
A vulnerability was found in hiddevopen in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddevlist cleanup occurs at failure, as this may lead to a use-after-free...
Deepfakes and AI: Fighting Cybersecurity Fire with Fire
Today, the most successful and damaging cyberattacks are executed by highly professional criminal networks rather than “lone-wolf” hackers. These criminal organizations have also become highly adept at leveraging artificial intelligence AI and machine learning ML tools, making it extremely hard f...
Zero Trust part 1: Identity and access management
Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, Ill define Zero Trust and then discuss the first step to enabling a Zero Trust modelstrong identity and access management. In subsequent blogs, well cove...
Google Android Qualcomm WLAN Information Disclosure Vulnerability (CNVD-2018-05990)
Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA, with Qualcomm WLAN being one of the components used. Qualcomm WLAN is a wireless LAN component developed by Qualco...
Low: Red Hat Security Advisory: sudo security, bug fix and enhancement update
An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give...
CVE-2013-1776
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...
GLSA-200508-09 : bluez-utils: Bluetooth device name validation vulnerability
The remote host is affected by the vulnerability described in GLSA-200508-09 bluez-utils: Bluetooth device name validation vulnerability The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact : An attacker...