CVE-2014-4859

Integer overflow in the Drive Execution Environment DXE phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data...

CVE-2019-11097

Improper directory permissions in the installer for IntelR Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of...

Intel TXE and Intel Converged Security and Management Engine Input Validation Error Vulnerability (CNVD-2020-18614)

Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation.Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware validation capabilities for use in CPUs Central Processing...

Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices

Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities. According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal...

Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices

Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities. According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal...

Buffer Overflow Vulnerability in Multiple Qualcomm Products (CNVD-2020-16068)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.The MDM9206 is a central processing unit CPU product.The MDM9607 is a central processing unit CPU product.The SDX24 is a modem.The MDM9206 is a central processing unit CPU product.The MDM9607 is a central processing unit CPU...

CVE-2019-9360

In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663...

CVE-2019-9253

In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...

Update for Windows Server 2008 SP2: August 16, 2019

Update for Windows Server 2008 SP2: August 16, 2019 Summary This non-security update for Windows Server 2008 SP2 includes the quality improvements from KB4512491 released August 16, 2019, in addition to these key changes: Addresses an issue in which the following may stop responding and you may...

August 17, 2019—KB4512499 (Preview of Monthly Rollup)

August 17, 2019—KB4512499 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4512476 released August 13, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an...

Honeywell Experion C300 Controller

Binary data 764916.prm...

Honeywell Experion C300 Controller

Binary data 764917.prm...

August 13, 2019—KB4512489 (Security-only update)

August 13, 2019—KB4512489 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Wireless Networking, Windows Virtualization, Windows...

Honeywell C300 Controller Module

Binary data 764871.prm...

Honeywell C200 Controller Module

Binary data 764872.prm...

Linaro OP-TEE Input Validation Error Vulnerability

Linaro OP-TEE is an open source trusted execution environment from Linaro UK. A security vulnerability exists in opteeos in Linaro OP-TEE 3.3.0 and earlier versions. An attacker could exploit this vulnerability to cause TEE memory corruption...

Linaro OP-TEE Digit Error Vulnerability

Linaro OP-TEE is an open source trusted execution environment from Linaro UK. A security vulnerability exists in opteeos in Linaro OP-TEE 3.3.0 and earlier versions. An attacker could exploit this vulnerability to disclose passwords and/or data from a previous Trusted Application...

Linaro OP-TEE Buffer Overflow Vulnerability

Linaro OP-TEE is an open source trusted execution environment from Linaro UK. A buffer overflow vulnerability exists in opteeos in Linaro OP-TEE 3.3.0 and earlier versions. The vulnerability stems from a networked system or product performing operations on memory without properly validating data...

PT-2019-11549

Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE versions prior to 3.4.0 Description: The issue is a buffer overflow in the optee os component, allowing execution of code in the TEE core kernel context. Recommendations: For versions prior to 3.4.0, update to version 3.4.0 or...

The vulnerability of the SMC-processor GLOBAL_CMD_ID_NEED_LOAD_APP in the TEE OS Trusted Core of the Huawei Mate 9 Pro mobile phone operating system allows a perpetrator to trigger a service failure, modify program algorithms (by changing the flags from TRUE/FALSE), or compromise critical data stored in physical memory.

The vulnerability of the SMC-processor GLOBALCMDIDNEEDLOADAPP in the TEE OS Trusted Core of the Huawei Mate 9 Pro mobile phone operating system is related to the lack of validation for input data. Exploiting this vulnerability can allow an attacker to cause service failures, modify program...