Monthly Archive: May 2022

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed....

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction...

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest’s integrity or confidentiality. Date published : 2022-05-10 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. Date published : 2022-05-10 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity...

Due to a mishandled error, it is possible to leave the DRTM UApp in a partially initialized state, which can result in unchecked memory writes when the UApp handles subsequent mailbox commands. Date published...

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. Date published : 2022-05-10 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027

Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability. Date published : 2022-05-10 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. Date published : 2022-05-10 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021

A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to...

.NET Framework Denial of Service Vulnerability. Date published : 2022-05-10 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30130

Visual Studio Code Remote Code Execution Vulnerability. Date published : 2022-05-10 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30129

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. Date published : 2022-05-10 https://github.com/d1tto/IoT-vuln/tree/main/Totolink/9.setUrlFilterRules