Aggregator

Submit #505009 / VDB-298111

Submit #505008 / VDB-298110

Shawn C 写道: ARM TrustZone 的设计初衷是将内存划分为两个世界：非安全世界（运行丰富执行环境，如 Linux/Android）和安全世界（运行受信任的执行环境，即 TEE OS）。它已在汽车、移动设备和硬件钱包等行业广泛部署。关键点如下：
* Linux 内核运行在非安全 EL1（NS.EL1）。
* TEE OS 运行在安全 EL1（S.EL1）。
* 安全监控器（例如 ARM Trusted Firmware，ATF）运行在安全 EL3（S.EL3）。
* Linux 内核通过发出 SMC（安全监控调用）指令给安全监控器，后者再将请求路由至 TEE OS。
* 默认情况下，ARM 核心架构没有为 MMU 提供安全扩展。这意味着，如果 SoC 供应商没有集成专用的 TZASC（TrustZone 地址空间控制器）IP，则两个世界之间的内存隔离将无法有效实现。
* 任何需要安全处理的外设必须由安全世界管理。因此，SoC 必须集成额外的 IP 用于 TZPC（TrustZone 防护控制器）。这一方法与 x86_64 生态系统中使用的 MMU、IOMMU、EPC、SGX 或 TDX 有显著不同。
* ARM 参考模型允许安全世界和非安全世界使用相同的物理地址（例如，非安全物理地址 np:0x1000 与安全物理地址 sp:0x1000）对应内存系统中不同的位置。然而，大多数 SoC 供应商倾向于避免这种复杂性（即 np:0x1000 和 sp:0x1000 指的是相同位置）。
* 与 x86 相比，ARM 的 TEE 更类似于系统管理模式（SMM）。

A vulnerability classified as problematic was found in FITSTATS Technologies AthleteMonitoring up to 20250302. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username leads to cross site scripting. This vulnerability was named CVE-2025-1842. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #504958 / VDB-298109

A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. This vulnerability is uniquely identified as CVE-2025-1841. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. This vulnerability is handled as CVE-2025-1840. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #504603 / VDB-298108

Submit #504385 / VDB-298107

Submit #504384 / VDB-298106

A vulnerability, which was classified as critical, was found in Apple tvOS. This affects an unknown part of the component Web Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-44244. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple watchOS and classified as critical. This vulnerability affects unknown code of the component Web Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-44244. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS and classified as critical. This issue affects some unknown processing of the component Web Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-44244. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. [...]

2025年3月，让我们更多地投入世界怀抱

2025年3月，让我们更多地投入世界怀抱

A vulnerability was found in Linux Kernel up to 5.4.214/5.10.147/5.15.67/5.19.8. It has been declared as critical. Affected by this vulnerability is the function snd_pcm_oss_sync of the component ALSA. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2022-49733. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Netsweeper 4.0.8. Affected is an unknown function of the file webupgrade.php. The manipulation of the argument login with the input step=&login='&password='&show_advanced_output= leads to improper authentication. This vulnerability is traded as CVE-2014-9605. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. This vulnerability is uniquely identified as CVE-2025-1816. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.