Security Advisory - Arbitrary Memory Write Vulnerability in Huawei Smart Phone

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2020-04031 This vulnerability has been assigned a Common...

CVE-2021-20277

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability...

EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2021-1668)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - EFI Development Kit II AARCH64 UEFI FirmwareSecurity Fixes:AuthenticodeVerify calls OpenSSLs d2iPKCS7 API to parse asn encoded signe...

EulerOS Virtualization 2.9.1 : edk2 (EulerOS-SA-2021-1633)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - EFI Development Kit II AARCH64 UEFI FirmwareSecurity Fixes:AuthenticodeVerify calls OpenSSLs d2iPKCS7 API to parse asn encoded signe...

Netgear NETGEAR JGS516PE 安全漏洞

The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An arbitrary data write vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP firmware update mechanism not properly implementing firmware validation. A remote...

grub2: Heap out-of-bounds write in short form option parser

A flaw was found in grub2. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

CVE-2020-11253

Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11253

Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2020-11253

CVE-2020-11253 describes an Arbitrary memory write in the video driver when setting internal buffers across Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile. The root cause is memory corruption within the video driver’s buffer setup, leading to potential impact on confident...

CVE-2020-17419

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CentOS 8 : kernel (CESA-2019:3871)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3871 advisory. - hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write CVE-2019-0155 Note that Nessus has not tested for this issue but has instead...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9002)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9002 advisory. - mwifiex: fix possible heap overflow in mwifiexprocesscountryie Ganapathi Bhat Orabug: 30781859 CVE-2019-14895 CVE-2019-14895 - ext4: fix...

CVE-2020-35133

irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at iview32+0xdb60...

CVE-2020-8944

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecallrestore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within...

CVE-2020-8944

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecallrestore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within...

Memory corruption

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecallrestore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within...

CVE-2020-8944 Unchecked buffer overrun in ecall_restore

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecallrestore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within...

CVE-2020-8944

The CVE-2020-8944 issue affects Asylo up to version 0.6.0 where an unchecked pointer range in the ecall_restore path allows an attacker to write arbitrary memory, including within a secure enclave. The root cause is the failure to validate the pointer range in the attribute output, enabling a loc...

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in Asylo up to 0.6.0, which allows an...