EUVD-2021-9073

Malicious code in bioql PyPI...

CVE-2021-21902

An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this...

CVE-2021-21904

A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability...

CVE-2021-21905

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

PT-2021-14828 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma

Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA version 5.0 Description: An authentication bypass issue exists in the CMA run server 6877 functionality. A properly-timed network connection can lead to authentication bypass via session hijacking. An...

Garrett Metal Detectors iC Module CMA CLI readfile stack-based buffer overflow vulnerabilities

Summary Two stack-based buffer overflow vulnerabilities exist in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. Convincing the system to call readfile on a specially-crafted file can lead to stack-based buffer overflows. An attacke...

kernel: panic in ib_cm:cm_work_handler

Race condition in the cmworkhandler function in the InfiniBand driver drivers/infiniband/core/cma.c in Linux kernel 2.6.x allows remote attackers to cause a denial of service panic by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer...