282 matches found
Design/Logic Flaw
A vulnerability in the enhanced Preboot eXecution Environment PXE boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...
CVE-2020-3284 Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
A vulnerability in the enhanced Preboot eXecution Environment PXE boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...
CVE-2020-3284 Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
A vulnerability in the enhanced Preboot eXecution Environment PXE boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...
Cisco IOS XR RCE (cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2)
According to its self-reported version, IOS-XR is affected by a remote code execution vulnerability in the enhanced Preboot eXecution Environment PXE boot loader due to a failure to verify commands issued during a network boot. An unauthenticated, remote attacker can exploit this to execute...
Vulnerability fixed in Cisco IOS XR
A vulnerability in the Preboot eXecution Environment PXE bootloader for Cisco IOS XR 64-bit software could allow an unauthenticated, remote malicious agent to execute execute unsigned code during the PXE boot process on an affected device. The PXE bootloader is part of the BIOS and is executed...
Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
A vulnerability in the enhanced Preboot eXecution Environment PXE boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...
Microsoft Azure Sphere Normal World application /proc/thread-self/mem unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that modifies the program at runtime v...
Microsoft Azure Sphere Normal World application READ_IMPLIES_EXEC personality unsigned code execution vulnerability
Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.06. A specially crafted shellcode can cause a process’ heap to become executable. An attacker can execute a shellcode that sets the READIMPLIESEXEC personality to...
CVE-2020-15009
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...
CVE-2020-15009
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...
CVE-2020-15009
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...
CVE-2020-15009
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2UpgradeTool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 UX450FDX, UX550GDX and UX550GEX could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with ...
icedtea security update
CentOS Errata and Security Advisory CESA-2019:2003 An update for icedtea-web is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
ASUS Device Activation Code Execution Vulnerability
ASUS Device Activation is a device activation software from Asus ASUS of Taiwan, China. A security vulnerability exists in the DevActSvc.exe file in ASUS Device Activation versions prior to 1.0.7.0 for Windows 10 laptops and desktops. An attacker could exploit the vulnerability to fail to...
CVE-2020-10649
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name...
CVE-2020-10649
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name...
Code injection
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name...
CVE-2020-10649
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name...
Unspecified Vulnerability in ASUS ATK Package
ASUS ATK Package is a software package from Asus Taiwan, China for installing drivers and software in ASUS computers. A security vulnerability exists in the AsLdrSrv.exe file in versions prior to ASUS ATK Package V1.0.0061 for Windows 10 notebook PCs. An attacker can exploit the vulnerability to...
CVE-2019-19235
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...