Page 121 of 995 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. Múltiples desbordamientos de entero en el controlador MDSS para el kernel 3.x de Linux, tal como se utiliza en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor de gran tamaño, relacionado con mdss_compat_utils.c, mdss_fb.c y mdss_rotator.c. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92695 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7 https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. Desbordamiento de búfer basado en memoria dinámica en la función wcnss_wlan_write en drivers/net/wireless/wcnss/wcnss_wlan.c en el controlador de dispositivo wcnss_wlan para el kernel 3.x de Linux, según se utiliza en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado escribiendo a /dev/wcnss_wlan con una cantidad de datos inesperada. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92693 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=579e796cb089324c55e0e689a180575ba81b23d9 https://www.codeaurora.org/buffer-overflow-vulnerability-wcnsswlanwrite-cve-2016-5342 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350. packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java en Android 5.x permite a atacantes eludir un requerimiento de permiso DEVICE_POWER a través de un intento de difusión con la acción PNW.stopSaver, también conocido como error interno 20918350. • http://seclists.org/fulldisclosure/2016/May/71 http://seclists.org/fulldisclosure/2016/May/72 https://android.googlesource.com/platform/frameworks/base/+/05e0705177d2078fa9f940ce6df723312cfab976 • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. La función is_ashmem_file en drivers/staging/android/ashmem.c en un cierto parche Qualcomm Innovation Center (QuIC) Android para el kernel de Linux 3.x no maneja adecuadamente validación de puntero dentro de KGSL Linux Graphics Module, lo que permite a atacantes eludir restricciones de acceso intencionadas usando la cadena /ashmem como el nombre dentry. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92374 http://www.securitytracker.com/id/1036763 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6 https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340 • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 1

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758 http://rhn.redhat.com/errata/RHSA-2016-1631.html http://rhn.redhat.com/errata/RHSA-2016-1632.html http://rhn.redhat.com/errata/RHSA-2016-1633.html http://rhn.redhat.com/errata/RHSA-2016-1657.html http://rhn.redhat.com/errata/RHSA-2016-1664.html http://rhn.redhat.com/errata/RHSA-2016-1814.html http://rhn.redhat.com/errata/RHSA-2016-1815.html http://rhn. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •