3976 matches found
Unbreakable Enterprise kernel-container security update
4.14.35-2047.504.2.el7 - md/raid1: properly indicate failure when ending a failed write request Paul Clements Orabug: 32887159 - video: hypervfb: Add ratelimit on error message Michael Kelley Orabug: 32856879 - Drivers: hv: vmbus: Initialize unloadevent statically Andrea Parri Microsoft Orabug:...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2008. Notes: none...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Huawei eCNS280_TD 资源管理错误漏洞
Huawei eCNS280TD is the core network equipment of Huawei's wireless broadband trunking system in China. Based on Network Functions Virtualization NFV and cloud-based architecture design, it provides network functions of traditional core networks, but also provides capacity configurations for each...
Cross site request forgery (csrf)
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at...
CVE-2021-25931
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at...
PT-2024-11288 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc1-00144-g25a1298726e 13 Description: A vulnerability in the Linux kernel has been resolved, specifically in the isdn: mISDN: netjet module. The issue arises when 'nj setup' in netjet.c fails with -EIO,...
Exploit for Code Injection in Samba
EternalBlue for macOS&Linux An exploit for CVE-2017-7494 in...
GHSA-8P36-Q63G-68QH Autobinding vulnerability in MITREid Connect
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...
Autobinding vulnerability in MITREid Connect
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Mass Assignment aka Autobinding vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the OAuth authorization flow, in...
Schneider Electric C-Bus Toolkit Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, relates to errors during permission saving, allowing a malicious actor to mistakenly assign a security certificate to an HTTP page.
The vulnerability of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to errors during the saving of permissions. Exploiting this vulnerability could allow a remote attacker to erroneously assign a security certificate to an HTTP page...
The vulnerability of the GateManager communication server, related to pointer assignment errors, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the GateManager communication server is related to errors in pointer assignment. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
GPAC Integer Overflow Vulnerability (CNVD-2022-04965)
GPAC is an open source multimedia framework. GPAC 1.0.1 is vulnerable to integer overflow, which can be exploited by attackers to cause assignment failures...
Trend Micro HouseCall for Home Networks Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2021-21981
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...