Monthly Archive: June 2021

For Eclipse Jetty versions

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. Date published : 2021-06-22 https://nvidia.custhelp.com/app/answers/detail/a_id/5205

Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service. Date published : 2021-06-22 https://nvidia.custhelp.com/app/answers/detail/a_id/5205

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a...

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user...

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact...

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service. Date published : 2021-06-22 https://nvidia.custhelp.com/app/answers/detail/a_id/5205

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which...

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which...

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a...

A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users’ passwords. Date published : 2021-06-22 https://github.com/xoffense/POC/blob/main/Account%20takeover%20using%20CSRF%20in%20ICE%20Hrm%20Version%2029.0.0.OS.md

A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The...

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires...

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against...