kernel: mm/uffd: fix pte marker when fork() without fork event

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

AZL-34460 CVE-2024-21892 affecting package nodejs18 for versions less than 18.20.2-1

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

UBUNTU-CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

CVE-2024-24747

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

CVE-2024-24747

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

minio -- privilege escalation via permissions inheritance

Minio security advisory GHSA-xx8w-mq23-29g4 ports: When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be...

The vulnerability of the Intel HID Event Filter driver in Intel NUC laptops’ microprogramming software allows a hacker to gain increased privileges.

The vulnerability of the Intel HID Event Filter driver in Intel NUC laptops is related to inherited permission errors. Exploiting this vulnerability can allow attackers to gain increased privileges...

PT-2024-1573 · Minio +2 · Minio +2

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2024-01-31T20-20-33Z Description: The issue is related to the inheritance of permissions by access keys in MinIO, a high-performance object storage system. When an access key is created, it inherits the...

Design/Logic Flaw

The C:\Program Files x86\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Tempnsu.tmp and copies itself to it as Au.exe. The C:\Windows\Tempnsu.tmp\Au.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI...

CURRENT OWNER OF THE Market.sol CONTRACT CAN RENOUNCE THE OWNERSHIP AND DoS THE onlyOwner MODIFIER CONTROLLED FUNCTIONS IN THE Market.sol CONTRACT

Lines of code Vulnerability details Impact Market.sol contract inherits from the openzeppelin Ownable2Step.sol contract. The Ownable2Step.sol contract inherits from the openzeppelin Ownable.sol contract. There is Ownable.renounceOwnership function which can be called by the current owner to...

CVE-2023-34314

Insecure inherited permissions in some IntelR Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

Rocky Linux 8 : firefox (RLSA-2022:6175)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6175 advisory. - An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar...

CVE-2023-5575

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent...

Improper access control

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent...

CVE-2023-5575

Devolutions Server CVE-2023-5575 affects versions 2022.3.13.0 and earlier. The issue is improper access control in permission inheritance, enabling a low-privileged, compromised user to access entries via a specific combination of permissions on the entry and its parent. Remediation is to update ...

CVE-2023-5575

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent...

PT-2023-32187 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2022.3.13.0 and earlier Description: The issue is related to improper access control in permission inheritance, allowing an attacker who has compromised a low-privileged user to access entries through a specific...

OpenZeppelin 's recent v5.0.0 release includes many changes to libraries/contracts that can directly affect ERC20MultiDelegate functionality

Lines of code Vulnerability details Impact OpenZeppelin just released v5.0.0, and there happen to be several significant changes that directly affect the ERC20MultiDelegate implementation, directly and indirectly, via packages used and inherited from. Here’s a link to the release: Below is a...

The prime Initializer function in prime.sol is marked “virtual”

Lines of code Vulnerability details Impact The prime initializer is responsible for setting the state variables in the prime.sol contract. The deal breaker here is; Use of virtual - If the function in the parent contract is expected to be overridden in its child contracts, it should be declared a...

Incorrect initialization of rUSDY.sol

Lines of code Vulnerability details Impact rUSDY.sol contract inherits PausableUpgradeable contract but does not invoke its initialzers during its own initialization. Due to which the state of PausableUpgradeable contract remain uninitialized. File: contracts/usdy/rUSDY.sol contract rUSDY is...