CVE-2022-21773

In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641388; Issue ID: ALPS06641388...

The vulnerability of the monitoring program between the container manager and the execution environment is related to uncontrolled resource consumption, allowing a perpetrator to cause service interruptions.

The vulnerability of the communication monitoring program between the container manager and the execution environment is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service interruptions by sending a...

Malicious Package

Overview iframe-execution-environment is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

MAL-2022-3788 Malicious code in iframe-execution-environment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 878f55d0b4e72532f2d5aea14715b24e3806715e018b96a235230768b24a79d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in iframe-execution-environment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 878f55d0b4e72532f2d5aea14715b24e3806715e018b96a235230768b24a79d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: use-after-free in the TEE subsystem

A use-after-free flaw in the Linux kernel TEE Trusted Execution Environment subsystem was found in the way user calls ioctl TEEIOCOPENSESSION or TEEIOCINVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. If the Linux system non configured with t...

kernel: use-after-free in the TEE subsystem

A use-after-free flaw in the Linux kernel TEE Trusted Execution Environment subsystem was found in the way user calls ioctl TEEIOCOPENSESSION or TEEIOCINVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. If the Linux system non configured with t...

CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

Samsung Galaxy S3 代码问题漏洞

Samsung Galaxy S22 is a smartphone product released on February 9, 2022 by Samsung. The Samsung Galaxy S22 StrongBox suffers from a State Maintenance Error vulnerability that stems from incorrect StrongBox state maintenance. An attacker can exploit the vulnerability to change the Android ROT duri...

Ubuntu: Security Advisory (USN-5377-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-22254

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2022-22254

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality...

PT-2022-15302 · Huawei · Emui +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A permission bypass issue exists, potentially affecting data confidentiality when the NFC CAs access the TEE. Recommendations: At the moment, there is no information about a newer...

USN-5368-1: Linux kernel vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-23222 It was discovered that the network traffic contro...

CVE-2022-20762

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

CVE-2022-20762

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

CVE-2022-20762 Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

CVE-2022-20762 Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...

PT-2022-1962 · Cisco · Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure

Name of the Vulnerable Software and Affected Versions: Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI affected versions not specified Description: The issue is related to insufficient access control in the Common Execution Environment CEE ConfD CLI, which could allow an...