CVE-2021-1052

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and...

CVE-2021-1053

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service...

CVE-2021-1056

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer nvidia.ko in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure...

CVE-2021-1052

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and...

PT-2021-13452 · Nvidia +2 · Nvidia Gpu Display Driver +2

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Linux, all versions Description: The issue arises from the kernel mode layer nvidia.ko not completely honoring operating system file system permissions, which is intended to provide GPU device-level isolation. Th...

CVE-2021-1053

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service...

CVE-2021-1056

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer nvidia.ko in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure...

Security Bulletin: NVIDIA GPU Display Driver - January 2021

NVIDIA has released a software security update for NVIDIA® GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, data tampering, or information disclosure. To protect your system, download and install this software update from the NVIDIA...

UBUNTU-CVE-2021-1056

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer nvidia.ko in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure...

ALPINE-CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations

The National Security Agency NSA has released a Cybersecurity Information CSI sheet on eliminating obsolete Transport Layer Security TLS configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS...

Inside Secure MatrixSSL 缓冲区错误漏洞

MatrixSSL is an embedded, open source SSLv3 stack designed for small applications and devices. An invalid pointer release vulnerability exists in the DTLS server in versions prior to MatrixSSL 4.2.2 Open. An attacker could exploit this vulnerability via specially crafted incoming network messages...

The Advantages and Risks of Serverless Computing

Organizations are increasingly embracing serverless computing for its convenience and cost-effectiveness. But many IT teams are blindly embracing this innovation in cloud technology without consulting their security peers. As a result, we can expect to see a growing number of cyber-attacks in thi...

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...

OSV-2020-2285 Bad-cast to pcpp::Layer from invalid vptr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28945 Crash type: Bad-cast Crash state: Bad-cast to pcpp::Layer from invalid vptr pcpp::IDnsResource::getRawData pcpp::DnsResource::getDataLength...

ALPINE-CVE-2020-35680

smtpd/lkafilter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between th...

UBUNTU-CVE-2020-35680

smtpd/lkafilter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between th...

CVE-2020-35680

smtpd/lkafilter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between th...

PT-2021-3608 · Sdl +5 · Sdl +5

Name of the Vulnerable Software and Affected Versions: SDL Simple DirectMedia Layer versions 2.0.12 and earlier Description: The issue is related to an integer overflow in the SDL BlitCopy function in the video/SDL blit copy.c component of the Simple DirectMedia Layer library. This can lead to SD...

lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c

A buffer overflow was found in the lldpdecode function in daemon/protocols/lldp.c in lldpd. This flaw allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. This threatens the...