Monthly Archive: April 2020

In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed....

In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges...

In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed....

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User...

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User...

In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User...

In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User...

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed...

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not...

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user’s .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu Date published : 2020-04-16 https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7306

IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. IBM X-Force ID: 173625. Date published : 2020-04-16 https://www.ibm.com/support/pages/node/4832931 https://exchange.xforce.ibmcloud.com/vulnerabilities/173625

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Date published : 2020-04-16 https://kb.netgear.com/000060633/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-R7800-PSV-2018-0135

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Date published : 2020-04-16 https://kb.netgear.com/000060634/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-R7800-PSV-2018-0136

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Date published : 2020-04-16 https://kb.netgear.com/000060635/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-R7800-PSV-2018-0137