212 matches found
SUSE CVE-2011-1771
The cifsclose function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service NULL pointer dereference and BUG or possibly have unspecified other impact by setting the ODIRECT flag during an attempt to open a file on a CIFS filesystem...
SUSE CVE-2017-18208
The madvisewillneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service infinite loop by triggering use of MADVISEWILLNEED for a DAX mapping...
SUSE CVE-2021-3748
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...
SUSE CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to...
How to add all VDA logon user accounts in "Direct Access Users" group automatically
Add all user accounts in "Direct Access Users" group automatically...
GHSA-6HG4-VP5Q-47MW CakePHP allows direct access of prefixed controller actions
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters...
CakePHP allows direct access of prefixed controller actions
Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters...
December 13, 2022—KB5021255 (OS Build 22621.963)
December 13, 2022—KB5021255 OS Build 22621.963 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...
December 13, 2022—KB5021234 (OS Build 22000.1335)
December 13, 2022—KB5021234 OS Build 22000.1335 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...
Authentication flaw
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linu...
AlmaLinux 9 : podman (ALSA-2022:8431)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8431 advisory. - An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data...
PT-2022-4211 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows versions affected versions not specified Description: The issue is related to insufficient access restrictions in the Storage Spaces Direct feature of the Windows operating system. It allows an attacker to potentially elevate their...
PT-2022-16410 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.7.0 and earlier Description: The issue allows team members to access some sensitive information by directly accessing the APIs. This is an unrestricted information disclosure issue that affects all users. Recommendations...
QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...
CVE-2021-42029
A vulnerability has been identified in SIMATIC STEP 7 TIA Portal V15 All versions, SIMATIC STEP 7 TIA Portal V16 All versions V16 Update 5, SIMATIC STEP 7 TIA Portal V17 All versions V17 Update 2. An attacker could achieve privilege escalation on the web server of certain devices due to improper...
CVE-2021-42029
A vulnerability has been identified in SIMATIC STEP 7 TIA Portal V15 All versions, SIMATIC STEP 7 TIA Portal V16 All versions V16 Update 5, SIMATIC STEP 7 TIA Portal V17 All versions V17 Update 2. An attacker could achieve privilege escalation on the web server of certain devices due to improper...
DEBIAN-CVE-2021-3748
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...
CVE-2021-3748
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...
CVE-2021-3748
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...
CVE-2021-44235
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This...