3976 matches found
Gokart - A Static Analysis Tool For Securing Go Code
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA single static assignment form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compar...
Denial Of Service (DoS)
Xen is vulnerable to denial of service. Upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore...
Explaining and Troubleshooting WriteCache Disk Drive Letter Assignment
This article explains the process involved on drive letter assignments for target devices and how to troubleshoot writecache drive letter changes. Background Mount Manager is the component responsible for managing volume names and drive letter assignments on windows. It has a database that is...
CVE-2021-22684
CVE-2021-22684 affects Samsung Tizen RT RTOS 3.0.GBB. It is caused by integer wrap-around in memory allocation helpers calloc and mm_zalloc, leading to improper memory assignment and potential arbitrary memory allocation or a crash. Connected sources confirm the vulnerability and CVE assignment; ...
CVE-2021-28696
IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...
GHSA-566X-HHRF-QF8M ordered_float:NotNan may contain NaN after panic in assignment operators
After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...
ordered_float:NotNan may contain NaN after panic in assignment operators
After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...
Mass Assignment❗️ — What you need to know
Mass Assignment❗️ — What you need to know Introduction API6:2019 Mass Assignment What is Mass Assignment? Applications these days often rely an objects For example user, product, … and these objects have properties for example product.stock. As a user, we have the authorization to edit and view...
Dell EMC PowerScale OneFS Privilege Assignment Incorrect Vulnerability
Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to incorrect privilege assignment. An attacker could exploit this vulnerability to elevate privileges...
Dell EMC PowerScale OneFS has an unspecified vulnerability (CNVD-2021-73944)
Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to incorrect critical resource privilege assignment. An attacker could use this vulnerability to gain unauthorized access to cluster-related information...
CVE-2021-36280
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...
CVE-2021-36281
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges...
CVE-2021-36279
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...
Code injection
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...
Code injection
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...
Code injection
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges...
CVE-2021-36280
Dell EMC PowerScale OneFS (versions 8.2.x–9.2.x) contains an incorrect permission assignment for a critical resource, potentially allowing a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged cluster information. Public sources describe the affected component as the API-d...
CVE-2021-36280
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...
CVE-2021-36279
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...
CVE-2021-36279
Dell EMC PowerScale OneFS versions 8.2.x–9.2.x are affected by an Incorrect Permission Assignment for a Critical Resource vulnerability. The root cause is misconfigured permissions that can allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged cluster information. Im...