Category: Exploits

WolfSSL 4.1.0 CVE-2019-18840 Heap Based Buffer Overflow

Description WolfSSL in versions 4.1.0 and 4.2.0 incorrectly handles X.509 certificates leading to a heap-buffer overflow inside the DecodedCert structure, overwriting a NULL pointer and as a result crash during memory deallocation.This vulnerability affects both client and server in two supported protocols: TLS and DTLS. During processing of a crafted certificate, WolfSSL incorrectly handles the […]

Read More

NVIDIA Windows GPU CVE-2019-5691 Escalation of Privileges

Description NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges. Security Updates for NVIDIA GPU Display Driver The following table lists the NVIDIA software products affected, versions affected, and the updated […]

Read More

NVIDIA Windows GPU CVE-2019-5690 Escalation of Privileges

Description NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escalation of privileges. Security Updates for NVIDIA GPU Display Driver The following table lists the NVIDIA software products affected, versions […]

Read More

NVIDIA GeForce Experience CVE‑2019‑5689 – Code Execution

Description NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vulnerability in the Downloader component in which a user with local system access can craft input that may allow malicious files to be downloaded and saved. This behavior may lead to code execution, denial of service, or information disclosure. Security Updates The following table […]

Read More

Samsung Galaxy S8 plus CVE-2019-16401 Information disclosure

Description Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection […]

Read More