Show filters
70 Total Results
Displaying 1-10 of 70
Sort by:
Attacker Value
Moderate

OpenSSL TLS Server Crash (NULL pointer dereference) — CVE-2021-3449

Disclosure Date: March 25, 2021 (last updated November 08, 2023)
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
1
Attacker Value
Unknown

CVE-2024-43052

Disclosure Date: December 02, 2024 (last updated December 21, 2024)
Memory corruption while processing API calls to NPU with invalid input.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-38423

Disclosure Date: November 04, 2024 (last updated November 08, 2024)
Memory corruption while processing GPU page table switch.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-38422

Disclosure Date: November 04, 2024 (last updated November 08, 2024)
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-38415

Disclosure Date: November 04, 2024 (last updated November 08, 2024)
Memory corruption while handling session errors from firmware.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-33060

Disclosure Date: September 02, 2024 (last updated September 05, 2024)
Memory corruption when two threads try to map and unmap a single node simultaneously.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-33052

Disclosure Date: September 02, 2024 (last updated September 05, 2024)
Memory corruption when user provides data for FM HCI command control operations.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-33043

Disclosure Date: September 02, 2024 (last updated December 21, 2024)
Transient DOS while handling PS event when Program Service name length offset value is set to 255.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-33042

Disclosure Date: September 02, 2024 (last updated September 05, 2024)
Memory corruption when Alternative Frequency offset value is set to 255.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-33027

Disclosure Date: August 05, 2024 (last updated November 21, 2024)
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >