142 matches found
CVE-2017-18648
An issue was discovered on Samsung mobile devices with KK4.4.x, L5.x, M6.x, and N7.x software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 November 2017...
CVE-2017-18648
CVE-2017-18648 affects Samsung mobile devices running KK(4.4.x) to N(7.x). The vulnerability allows arbitrary file read/write while the device is in a locked state via a crafted MTP command, indicating a flaw in how MTP is processed on this platform. The issue, reported across multiple Android ve...
Debian: Security Advisory (DLA-2169-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2169-1] libmtp security update
Package : libmtp Version : 1.1.8-1+deb8u1 CVE ID : CVE-2017-9831 CVE-2017-9832 libmtp is a library for communicating with MTP aware devices. The Media Transfer Protocol commonly referred to as MTP is a devised set of custom extensions to support the transfer of music files on USB digital audio...
CVE-2020-10845
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 February 2020...
CVE-2020-10845
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 February 2020...
Race condition
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 February 2020...
CVE-2020-10845
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 February 2020...
Samsung SEND_FILE_WITH_HEADER Use-After-Free
Samsung: UAF via missing locking in SENDFILEWITHHEADER handler in fmtpsamsung.c Tested on a Samsung A50 SM-A505FN, running build "samsung/a50xx/a50:9/PPR1.180610.011/A505FNXXS3ASK9:user/release-keys", security patch level 2019-11-01. Samsung's kernel tree contains two implementations of...
Samsung SEND_FILE_WITH_HEADER Use-After-Free Exploit
Samsung suffers from a use-after-free vulnerability due to a missing lock in the SENDFILEWITHHEADER handler in fmtpsamsung.c. Samsung: UAF via missing locking in SENDFILEWITHHEADER handler in fmtpsamsung.c Tested on a Samsung A50 SM-A505FN, running build...
CVE-2019-3636
McAfee Total Protection Windows client (versions up to 16.0.R21) is affected by CVE-2019-3636, a local File Masquerade vulnerability that lets an attacker read the plaintext list of AV-Scan exclusion files from the Windows registry and potentially replace excluded files with malware without detec...
qemu security update
15:3.1.0-3.el7 - x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as fixed Mark Kanda Orabug: 29744956 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 15:3.1.0-2.el7 - x86: Add mds feature Karl Heubaum - e1000: Never increment the RX undersize count register...
Fedora 30 : 2:qemu (2019-0664c7724d)
fix crash with virgl enabled bz 1692323 - linux-user: make pwrite64/pread64fd, NULL, 0, offset return 0 bz 1174267 - Fix build with latest gluster bz 1684298 - CVE-2018-20123: pvrdma: memory leakage in device hotplug bz 1658964 - CVE-2018-16872: usb-mtp: path traversal issue bz 1659150 -...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : QEMU vulnerabilities (USN-3923-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3923-1 advisory. Michael Hanselmann discovered that QEMU incorrectly handled the Media Transfer Protocol MTP. An attacker inside the guest could u...
openSUSE Security Update : qemu (openSUSE-2019-254)
This update for qemu fixes the following issues : Security issues fixed : - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation bsc1123156. - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp bsc1119493. -...
SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0489-1)
This update for qemu fixes the following issues : Security issues fixed : CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation bsc1123156. CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp bsc1119493. CVE-2018-19489:...
Security update for qemu (important)
openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2019:0254-1 Rating: important References: 1063993 1079730 1100408 1101982 1112646 1114957 1116717 1117275 1119493 1121600 1123156 1123179 Cross-References: CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489...
qemu security update
15:3.0.0-4.el7 - usb-mtp: use ONOFOLLOW and OCLOEXEC. Gerd Hoffmann Orabug: 29056673 CVE-2018-16872 - pvrdma: add uarread routine Prasad J Pandit CVE-2018-20191 - pvrdma: release ring object in case of an error Prasad J Pandit Orabug: 29171822 CVE-2018-20126 - pvrdma: check number of pages when...
qemu security update
15:3.0.0-3.el7 - monitor: guard iothread access by mon-useiothread Wolfgang Bumiller Orabug: 29046045 - monitor: delay monitor iothread creation Wolfgang Bumiller Orabug: 29010480 - Revert 'qmp: isolate responses into io thread' Marc-Andre Lureau Orabug: 29010480 - usb-mtp: outlaw slashes in...
qemu security update
15:3.0.0-3.el7 - monitor: guard iothread access by mon-useiothread Wolfgang Bumiller Orabug: 29046045 - monitor: delay monitor iothread creation Wolfgang Bumiller Orabug: 29010480 - Revert 'qmp: isolate responses into io thread' Marc-Andre Lureau Orabug: 29010480 - usb-mtp: outlaw slashes in...