DEBIAN-CVE-2022-0216

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsidomsgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU...

Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP)

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss when certain older Linux kernels are used by leveraging Docker container access to write a "scsi remove-single-device" line to...

QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

kernel: SCSI target (LIO) write to any block on ILO backstore

A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on t...

QEMU: scsi-generic: possible OOB access while handling inquiry request

In QEMU 3.1, scsihandleinquiryreply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations...

The vulnerability of the Windows operating system, which allows a malicious individual to trigger a service failure

The Windows operating system contains a vulnerability related to errors in handling iSCSI connections. Exploiting this vulnerability can lead to service failures...

kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

DEBIAN-CVE-2012-6060

Integer overflow in the dissectiscsipdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service infinite loop via a malformed packet...

Sensitive data in human brain successfully extract by Hackers

It is now possible to hack the human brain ? YES ! This was explained researchers at the Usenix Conference on Security, held from 8 to 10 August in Washington State. Using a commercial off-the-shelf brain-computer interface, the researchers have shown that it's possible to hack your brain, forcin...

kernel: bio: integer overflow page count when mapping/copying user data

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service system crash via a crafted device ioctl to a SCSI device...