:: Deepquest ::

Blink1Control2 version 2.2.7 suffers from a weak password encryption vulnerability.

Backdoor.Win32.Hellza.120 malware suffers from an authentication bypass vulnerability.

Backdoor.Win32.Hellza.120 malware suffers from a remote command execution vulnerability.

On Mali devices without the new CSF interface, IMPORTED_USER_BUF is released without flushing host-side VMAs, leading to a page use-after-free vulnerability.

Arm Mali has an issue where a driver exposes physical addresses to unprivileged userspace.

The Mali driver frees GPU page tables before removing the higher-level PTEs pointing to those page tables (and, therefore, also before issuing the required flushes). This means a racing memory write instruction on the GPU can write to an attacker-controlled physical address.

In the Linux Mali driver, when building with MALI_USE_CSF, the VFS read handler of the main Mali file descriptor (kbase_read()) never looks at its “count” parameter. This means that a simple userspace program that sets up a Mali file descriptor, then calls read(mali_fd, buf, 1), will see read() returning a higher length than requested, and […]

Wifi HD Wireless Disk Drive 11 – Local File Inclusion

WiFiMouse 1.8.3.4 – Remote Code Execution (RCE)

Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scripting vulnerability.