Monthly Archive: July 2021

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. This affects vGPU version 12.x (prior...

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to...

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to...

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an...

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn’t release some resources during driver unload requests from guests. This flaw allows a malicious guest to perform operations...

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to send...

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). Date published : 2021-07-20 https://www.debian.org/security/2021/dsa-4948 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H7E4EI7F6TVN7K6XWU6HSANMCOKKEREE/

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). Date published : 2021-07-20 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156

When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation Date published : 2021-07-20 http://support.tobesoft.co.kr/Support/index.html https://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=36082

Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. Date published : 2021-07-20 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20245 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unicorn/OSV-2020-837.yaml

libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. Date published : 2021-07-20 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth. Date published : 2021-07-20 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20578 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/open62541/OSV-2020-153.yaml

matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). Date published : 2021-07-20 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml

SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. Date published : 2021-07-20 https://phpgurukul.com/ https://www.exploit-db.com/exploits/49165