83 matches found
CVE-2021-47255
In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APIC register may cause undefined behavior and must not be executed." Worse, such an access in...
CVE-2023-41092
Unchecked return value in SDM firmware for IntelR Stratix 10 and IntelR Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access...
CVE-2023-41092
The CVE concerns the Secure Device Manager (SDM) firmware for Intel Stratix 10 and Intel Agilex 7 FPGA products. The root cause is an unchecked return value in SDM firmware, affecting firmware versions prior to 23.3. The vulnerability could let an authenticated user trigger a denial-of-service vi...
CVE-2023-41092
Unchecked return value in SDM firmware for IntelR Stratix 10 and IntelR Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access...
CVE-2023-41092
Unchecked return value in SDM firmware for IntelR Stratix 10 and IntelR Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access...
OESA-2024-1482 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a...
CVE-2023-52514
The connected Red Hat CVE entry documents a flaw in the Linux kernel (x86/reboot) where VMCLEAR may affect active VMCSes before an emergency reboot. The description does not provide affected versions, exploit details, or a patch/version to remediate. Other sources note the CVE ID has been withdra...
CVE-2023-52514
Removed by vendor...
Malicious code in sdm.vendor.lds (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03c620ac09095c5072c6ab5e4eaa6aa7ce1e40d94517f0b2b5924d39e5ec6fa8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sdm.checkout (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20d9a885e2581a4421abbcd41b43215ea4215e29e0dc440b75224cd0eee85866 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
sdm-bearing.ru Cross Site Scripting vulnerability OBB-2467439
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
isActive doesn't prevent owner from sweeping token from AaveV2Strategy, SDM and SPM
Handle wuwe1 Vulnerability details Proof of Concept isActive appear in these places: owner can bypass isActive check by setting a different address in sherlockCore Recommended Mitigation Steps Add Timelock on setting sherlockCore. --- The text was updated successfully, but these errors were...
SUSE: Security Advisory (SUSE-SU-2018:1520-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1509-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-25020
CVE-2019-25020 affects Scytl sVote 2.1. The root cause is an unauthenticated sdm-ws-rest API that allows retrieving administrative configuration by sending a POST to /sdm-ws-rest/preconfiguration. The impact is exposure of admin configuration (confidentiality impact noted as HIGH in CVSS 3.1). Ex...
Scytl sVote 访问控制错误漏洞
Scytl sVote is a Spanish Scytl open source application. Provides voters to vote online. A security vulnerability exists in Scytl sVote 2.1, which can be exploited by an attacker to retrieve the administrative configuration by sending a POST request to the sdm-ws-rest pre-configured URI...
CVE-2019-14026
CVE-2019-14026 describes a possible buffer overflow in the WLAN WMI handler caused by missing SSID length checks during data copy on Qualcomm Snapdragon platforms (e.g., APQ80xx, SDM/SM series, QCA devices, and others listed). Root cause: insufficient length validation for SSID data before copyin...
RancherOS < 1.4.0 Information Disclosure
The remote host is running a version of RancherOS prior to 1.4.0, hence is exposted to a side-channel vulnerabilities: - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a...
CVE-2019-2335
CVE-2019-2335 concerns a logic issue in Qualcomm Snapdragon firmware where, while processing an Attach Reject message, the valid exit condition is not met, causing an infinite loop. Affected are numerous Snapdragon platforms (e.g., APQ8009/8017/8053/8096AU/8098, MDM9xxx, SDX20, SDX55, SM6x50 seri...
CVE-2019-2254
CVE-2019-2254 affects Qualcomm Snapdragon platforms (multiple Snapdragon Auto/Compute/IoT/Mobile lines, including various SD/SDM/RH-series) where position-determination accuracy can be degraded due to wrongly decoded information. The root cause is not explicitly detailed beyond the decoding error...