57 matches found
CVE-2021-26353
Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity...
Input validation
Insufficient validation of addresses in AMD Secure Processor ASP firmware system call may potentially lead to arbitrary code execution by a compromised user application...
CVE-2021-46771
Insufficient validation of addresses in AMD Secure Processor ASP firmware system call may potentially lead to arbitrary code execution by a compromised user application...
Weak Password Recovery Mechanism for Forgotten Password
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...
Microsoft 3D Viewer 3MF Code Execution Vulnerability
Microsoft 3D Viewer is a 3D modeling tool developed by Microsoft. A use-after-release vulnerability exists in Microsoft 3D Viewer 3MF processing, which can be exploited by an attacker to submit a special file request that can be tricked into being parsed by the user, which can cause the applicati...
Memory corruption
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
CVE-2020-11261
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
Microsoft Azure Sphere uid_map UID uniqueness privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the uidmap functionality of Microsoft Azure Sphere 20.06. A specially crafted uidmap file can cause multiple applications to get the same UID assigned, thus broadening the attack surface. An attacker can modify the uidmap file to trigger this...
CVE-2020-3676
Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar,...
CVE-2020-3676
CVE-2020-3676 affects Qualcomm Snapdragon components, specifically memory corruption in perfservice caused by improper validation of an array length taken from user applications. The issue impacts a wide range of Snapdragon mobile/IoT platforms (e.g., APQ8096AU, APQ8098, Kamorta, MSM89xx, SDM4xx/...
CVE-2019-2308
User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,...
Keybase: macOS privilege escalation via keybase install
Environment OS: macOS Mojave 10.14.1 Kernel: Darwin Kernel Version 18.2.0 keybase version 2.12.2-20181218171841+29273f4110 Steps to reproduce Note: All steps are executed as an unprivileged user unless otherwise noted. For this PoC the unprivileged user is defined as below $ id test2 uid=508test2...
Integer overflow
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to pagesize...
CVE-2018-3841
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 0x69. The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT...
CVE-2017-9279
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users...
Design/Logic Flaw
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users...
CVE-2017-9279
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users...
CVE-2017-9279
CVE-2017-9279 affects NetIQ Identity Manager prior to 4.5.6.1. In the Themes handling of the User Application Administration, it allows uploading files with double extensions or non-image content, enabling a malicious administrator to potentially execute code or mislead users. Root cause: insuffi...
CVE-2017-9280 Novell Identity Manager User Application get request url contains the session token.
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar...
Unauthorized Modification Of Data
github.com/gogits/gogs is vulnerable to unauthorized deletion of user application tokens. A malicious user can modify the HTTP post requests to delete another user's application token...