Default credentials

An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...

CVE-2021-3473

An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...

Lenovo XClarity Controller 安全漏洞

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. A security vulnerability exists in Lenovo XClarity Controller that stems from. An internal product security audit of Lenovo XCC Lenovo...

CVE-2020-11198

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

Code injection

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

CVE-2020-11198

CVE-2020-11198 affects Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure/Networking). Root cause: improper usage of memset leaves key material and TZ diag/log buffer data un-wiped. Documented impact includes high...

CVE-2020-11198

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-33717)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile device buffer overflow vulnerability can be exploited by an attacker to read data outside the rkp log buffer, resulting in an information leak...

CVE-2017-18662

An issue was discovered on Samsung mobile devices with M6.0 and N7.x software. Data outside of the rkp log buffer boundary is read, causing an information leak. The Samsung ID is SVE-2017-9109 July 2017...

Code injection

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

CVE-2019-2321

Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...