Lucene search
K

57 matches found

OSV
OSV
added 2022/05/10 7:15 p.m.5 views

CVE-2021-26353

Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity...

7.8CVSS5.8AI score0.00258EPSS
Exploits0References1
Prion
Prion
added 2022/05/10 7:15 p.m.20 views

Input validation

Insufficient validation of addresses in AMD Secure Processor ASP firmware system call may potentially lead to arbitrary code execution by a compromised user application...

7.2CVSS7.8AI score0.00284EPSS
Exploits0References1Affected Software23
ATTACKERKB
ATTACKERKB
added 2022/05/06 8:0 p.m.6 views

CVE-2021-46771

Insufficient validation of addresses in AMD Secure Processor ASP firmware system call may potentially lead to arbitrary code execution by a compromised user application...

7.8CVSS7.9AI score0.00284EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/09/02 5:8 p.m.40 views

Weak Password Recovery Mechanism for Forgotten Password

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...

8.8CVSS4.2AI score0.01058EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2021/06/21 12:0 a.m.2 views

Microsoft 3D Viewer 3MF Code Execution Vulnerability

Microsoft 3D Viewer is a 3D modeling tool developed by Microsoft. A use-after-release vulnerability exists in Microsoft 3D Viewer 3MF processing, which can be exploited by an attacker to submit a special file request that can be tricked into being parsed by the user, which can cause the applicati...

7.7AI score
Exploits0References1
Prion
Prion
added 2021/06/09 5:15 a.m.24 views

Memory corruption

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

7.2CVSS8AI score0.01772EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/06/09 5:0 a.m.14 views

CVE-2020-11261

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

8.2AI score0.01772EPSS
Exploits0References1
Talos
Talos
added 2020/08/24 12:0 a.m.52 views

Microsoft Azure Sphere uid_map UID uniqueness privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the uidmap functionality of Microsoft Azure Sphere 20.06. A specially crafted uidmap file can cause multiple applications to get the same UID assigned, thus broadening the attack surface. An attacker can modify the uidmap file to trigger this...

6.8CVSS6.1AI score0.00826EPSS
Exploits0
Cvelist
Cvelist
added 2020/06/22 7:10 a.m.34 views

CVE-2020-3676

Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar,...

7.9AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2020/06/22 7:10 a.m.57 views

CVE-2020-3676

CVE-2020-3676 affects Qualcomm Snapdragon components, specifically memory corruption in perfservice caused by improper validation of an array length taken from user applications. The issue impacts a wide range of Snapdragon mobile/IoT platforms (e.g., APQ8096AU, APQ8098, Kamorta, MSM89xx, SDM4xx/...

7.8CVSS7.8AI score0.00198EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/07/25 5:15 p.m.32 views

CVE-2019-2308

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,...

7.8CVSS7.6AI score0.00211EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/12/24 6:2 p.m.38 views

Keybase: macOS privilege escalation via keybase install

Environment OS: macOS Mojave 10.14.1 Kernel: Darwin Kernel Version 18.2.0 keybase version 2.12.2-20181218171841+29273f4110 Steps to reproduce Note: All steps are executed as an unprivileged user unless otherwise noted. For this PoC the unprivileged user is defined as below $ id test2 uid=508test2...

0.8AI score
Exploits0
Prion
Prion
added 2018/09/18 6:29 p.m.13 views

Integer overflow

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to pagesize...

7.2CVSS7.5AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2018/06/26 9:29 p.m.18 views

CVE-2018-3841

A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 0x69. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT...

7.5CVSS6AI score0.01633EPSS
Exploits1References1
OSV
OSV
added 2018/03/02 8:29 p.m.2 views

CVE-2017-9279

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users...

7.2CVSS5.9AI score0.00885EPSS
Exploits0References2
Prion
Prion
added 2018/03/02 8:29 p.m.15 views

Design/Logic Flaw

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users...

9CVSS7.5AI score0.00885EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/03/02 8:29 p.m.20 views

CVE-2017-9279

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users...

9CVSS5AI score0.00885EPSS
Exploits0References2
CVE
CVE
added 2018/03/02 8:0 p.m.45 views

CVE-2017-9279

CVE-2017-9279 affects NetIQ Identity Manager prior to 4.5.6.1. In the Themes handling of the User Application Administration, it allows uploading files with double extensions or non-image content, enabling a malicious administrator to potentially execute code or mislead users. Root cause: insuffi...

9CVSS5.5AI score0.00885EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/03/02 8:0 p.m.21 views

CVE-2017-9280 Novell Identity Manager User Application get request url contains the session token.

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar...

4.3CVSS7.5AI score0.01138EPSS
Exploits0References2
Veracode
Veracode
added 2017/05/04 2:47 a.m.9 views

Unauthorized Modification Of Data

github.com/gogits/gogs is vulnerable to unauthorized deletion of user application tokens. A malicious user can modify the HTTP post requests to delete another user's application token...

6.7AI score
Exploits0
Rows per page
Query Builder