138 matches found
ABB M2M Gateway Arbitrary Code Execution in embedded OpenSSH (CVE-2016-10009)
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. This plugin only works with Tenable.ot. Please visit...
ABB M2M Gateway Uncontrolled Resource Consumption in embedded Bind (CVE-2023-2828)
Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it...
ABB M2M Gateway Use-After-Free in embedded Linux Kernel (CVE-2022-3564)
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...
ABB M2M Gateway Uncontrolled Resource Consumption in embedded Bind (CVE-2022-2795)
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. This plugin only works with Tenable.ot. Please visit...
ABB M2M Gateway Stack Overflow in embedded Linux Kernel (CVE-2022-4378)
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visit...
ABB M2M Gateway Information Disclosure in embedded Python (CVE-2023-24329)
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...
ABB M2M Gateway Arbitrary Code Execution in embedded Linux Kernel for some AMD CPUs (CVE-2021-26401)
LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503249;...
ABB M2M Gateway Heap Overflow in embedded Zlib (CVE-2022-37434)
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...
ABB M2M Gateway Out-Of-Bound Memory Read/Write in embedded Libssh2 (CVE-2020-22218)
An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; i...
ABB M2M Gateway Out-Of-Bound Write in embedded Apr-util (CVE-2022-25147)
Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util 1.6.1 and prior versions. This plugin only works with Tenable.ot. Plea...
ABB M2M Gateway Use-After-Free in embedded Libexpat (CVE-2022-40674)
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503230;...
ABB M2M Gateway Memory Leak in embedded Bind (CVE-2022-38177)
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. This plugin only works with Tenable.ot. Please visit...
CVE-2023-23575
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...
SUSE CVE-2022-49502
In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rgaprobe rga-m2mdev needs to be freed when rgaprobe fails...
DEBIAN-CVE-2022-49502
In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rgaprobe rga-m2mdev needs to be freed when rgaprobe fails...
UBUNTU-CVE-2022-49502
In the Linux kernel, the following vulnerability has been resolved: media: rga: fix possible memory leak in rgaprobe rga-m2mdev needs to be freed when rgaprobe fails...
CVE-2024-44068
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation...
PT-2024-7506 · Samsung · Samsung Exynos
Name of the Vulnerable Software and Affected Versions: Samsung Exynos versions 9820 through 9825 Samsung Exynos versions 980 through 990 Samsung Exynos version 850 Samsung Exynos version W920 Description: The issue is related to a use-after-free vulnerability in the m2m scaler driver of Samsung...
VulnCheck KEV: CVE-2024-44068
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation...
CVE-2024-44068
The CVE-2024-44068 issue affects Samsung Exynos devices (M2M scaler driver in Mobile Processor and Wearable Processor families: Exynos 9820/9825/980/990/850/W920). Root cause: use-after-free in the m2m scaler driver leading to privilege escalation. Impact: arbitrary code execution with high confi...